X Tunnelling between macs...

[MuGeN]

I have asked a similar question in the Networks section but I think it may be a bit more mac specific than I first thought...

if I wanted to run, say Chess.app on my iMac but show it on my Macbook, I connect like so:

ssh -X [email protected]ess

then what I would have thought would work would be:

cd /Applications
Chess.app

however it gives this output:

-bash: Chess.app: command not found

So is there a command other than "open" which needs to go in front of it to open a remote app? or have I got my wires crossed and is this not actually doable?

 

[NickK]

It could be the paths for the ssh shell aren't the same as the standard shell - although it's a guess as I've not used SSH.

Terminal, and hence bash see an application for what it really is - a directory "bundle". So you can't do /Applications/Chess.app because it's a directory. You need to run the app inside. So to run from the command line you need to run the actual binary:

bash% /Applications/Chess.app/Contents/MacOS/Chess

This works for starting the binary on the same machine..

In the old days of X you could run an X screen on a different IP address. So run the binary on the iMac but point the DISPLAY=xxx.xxx.xxx.xxx:0.0 to the MacBook. Not sure if this is possible on OSX.

So on the iMac:
bash% setenv DISPLAY=<macbook IP>:0.0
bash% /Applications/Chess.app/Contents/MacOS/Chess &

Now you may have to open the hosts file to allow the iMac to access the MacBook's X window manager.

To explain what is happening, or I'm attempting todo here is:

The Chess application uses the Cocoa foundation (shared code library) so all it's GUI actions will be via Cocoa. Now in the old days of X an application interacted with the Xlib library and then the Xlib library used the DISPLAY system variable to target an X window manager (X11R4, FreeX86Org, twm etc).
The X window manager is basically what controls and displays the screen and handles mouse/key I/O etc. So anything you see on the screen, the key presses and the mouse clicks etc all are actually the X window manager (or "WindowServer" in OSX's naming in ActivityMonitor).
So my targeting a different X window manager, say on your MB, it's possible to run the binaries on a high power machine and then display the GUI on a different machine. You'll need to sort out the IP/X WM security settings to allow your iMac to access the MBs X WM.

I did this in uni with SunOS where my backend process ran on servers in the server room - machines with plenty of CPU power - and then had the GUI on the SUN SLC workstation in the normal student lab area.

Unfortunately I don't have another mac to try this (although I'm really considering a Mac Mini soon).

 

[iraiguana]

The above sounds right, I only used it for my ubuntu server from my MBP and it worked well. Sadly not too sure how that translates into actually using it on OSX -> OSX

 

[NickK]

Well you learn something everyday..

from the ssh man page:
-X Enables X11 forwarding. This can also be specified on a per-host
basis in a configuration file.

X11 forwarding should be enabled with caution. Users with the
ability to bypass file permissions on the remote host (for the
user's X authorization database) can access the local X11 display
through the forwarded connection. An attacker may then be able
to perform activities such as keystroke monitoring.

For this reason, X11 forwarding is subjected to X11 SECURITY
extension restrictions by default. Please refer to the ssh -Y
option and the ForwardX11Trusted directive in ssh_config(5) for
more information.

So that does the X forwarding for you but you need to look at ssh_config for setting up the security. Although if you're attempting to use ssh then I suspect you already know the X window manager explaination.. although it may be interesting to others.

 

[MuGeN]

hmm... here is what happened when I tried to do what you recommended (i.e. going inside the Chess package):

Thu Jan 7 10:25:13 Mugens-iMac.local Chess[730] <Error>: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
_RegisterApplication(), FAILED TO establish the default connection to the WindowServer, _CGSDefaultConnection() is NULL.
2010-01-07 10:25:13.642 Chess[730:903] invalid pixel format attribute
2010-01-07 10:25:13.643 Chess[730:903] invalid pixel format attribute
2010-01-07 10:25:13.643 Chess[730:903] invalid pixel format attribute
2010-01-07 10:25:13.643 Chess[730:903] invalid pixel format
2010-01-07 10:25:13.643 Chess[730:903] invalid context
Segmentation fault

I have read some stuff about X Forwarding, is this related?

oh and can you run any app like this? I have read its only "X" applications that can use this although I don't really know what that means...

 

[NickK]

Just found the developer page with an example of running ActivityMonitor via SSH... reading...

 

[NickK]

Have you enabled remote login?

You need to run the application in the same "namespace" (each user has their own namespace).

For a demonstration of this, you can SSH to your own machine and try to run Activity Monitor from your shell. Listing 6 shows an example of doing this from Terminal. The first attempt to run Activity Monitor command works because it's running as the same user as Terminal. The second attempt fails because the test user (mrgumby) does not match the console user, and thus cannot access the global window server service.

Listing 6: Accessing the window server from console and non-console users

$ ssh ${USER}@localhost
Password:********
Last login: Wed Jun 20 11:49:23 2007
$ id
uid=502(quinn) gid=20(staff) groups=20(staff),81(_appserveradm),
104(com.apple.sharepoint.group.1),79(_appserverusr),80(admin),
101(com.apple.access_remote_ae),103(com.apple.access_ssh-disabled)
$ ls -l /dev/console
crw------- 1 quinn  staff    0,   0 Jun 20 11:50 /dev/console
$ # Launch Activity Monitor and then quit it.
$ /Applications/Utilities/Activity\ Monitor.app/Contents/MacOS/\
Activity\ Monitor 
$ logout
Connection to localhost closed.
$ ssh mrgumby@localhost
Password:********
Last login: Wed Jun 20 11:49:23 2007
$ id
uid=503(mrgumby) gid=20(staff) groups=20(staff),105(com.apple.sharepoint.group.2),
104(com.apple.sharepoint.group.1)
$ ls -l /dev/console 
crw------- 1 quinn  quinn    0,   0 Oct  3 21:31 /dev/console
$ # Activity Monitor fails to launch at all.
$ /Applications/Utilities/ctivity\ Monitor.app/Contents/MacOS/Act
_RegisterApplication(), FAILED TO establish the default connection to \
the WindowServer, _CGSDefaultConnection() is NULL.
2007-06-20 11:54:31.798 Activity Monitor[863:10b] An uncaught exception 
was raised
[...]
Trace/BPT trap
$ logout
Connection to localhost closed.

Looks like the issue you have... so we're on the right track.. however this also has a note about Apple removing the global window server namespace in future..

You'll need to ensure the same group and user id are the same between your iMac and MB I think.. this means the same window server "namespace" is used by the app and the window manager.

If I long in on my MBP then use ssh -X I can start Chess:

Last login: Thu Jan  7 09:52:58 on ttys001
MrFlibble:~ Nick$ ssh -X localhost
ssh: connect to host localhost port 22: Connection refused
MrFlibble:~ Nick$ ssh -X localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is <...>
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
Password:
Last login: Thu Jan  7 12:24:48 2010
MrFlibble:~ Nick$ /Applications/Chess.app/Contents/MacOS/Chess
MrFlibble:~ Nick$

 

[NickK]

Other alternative is to use Apple Remote Desktop (Remote Management) or VNC (Screen Sharing).

 

[ilikedthecore]

I thought you could only do this with X11 forwarding, not straight from OSX, or has this changed?

 

[NickK]

I thought you could only do this with X11 forwarding, not straight from OSX, or has this changed?

OSX uses the same window server / application split.

What will happen when OSX natively does this is that the application will appear on the dock set back and darker than the normal icon..