Using Exceed X Server with Xhost Security

This document explains how to set up the Hummingbird Exceed X Server with Xhost security on your Windows personal computer and how to use it to display X-Windows programs on the ACCC's general purpose Unix server tigger. While the instructions in this document are specific for tigger, you can use the same sequence to use Exceed with icarus or other Unix machines.

Please note that we very much do NOT recommend that you actually do this.

If you have been -- or are thinking about -- setting X Windows up with Xhost "security", please reconsider. After you add any remote host name to your xhost.txt file, any account on that machine will be able to open an X-Windows window on your personal computer, read all the windows managed by your X Server, including those where you typed passwords, regardless of whether you can read the password on your screen, or change the X Server settings that are read by other clients. This really should scare you.

Using Xhost security is questionable for tigger, and falls in the "why would you even consider doing such a thing?" category for icarus and the EECS machines.

And there is a really good alternative: using X Windows with SSH X11 tunneling. Setting up and using X Windows with SSH X11 tunneling is a lot easier to set up than Xhost security and and it is also completely secure. (Including two-way authentication and encryption.) Please consider using SSH X11 tunneling rather than following the instructions in this document.

Exceed is an X Server program that you run on your Microsoft Windows personal computer. It provides the graphical features of an X Server for use with remote Unix machines. Generally speaking, there are two classes of Unix programs that benefit from using a X Windows display: number crunching programs which produce graphical output, such as SAS, SPSS, Octave (a MATLAB clone), and Maple; and utility programs such as ghostview (a PostScript document viewer), xrn (a newsreader),and info (online IBM manuals on tigger).

Exceed is available at UIC on the Windows personal computers in the ACCC public labs, via ACCC Server Services, and may be purchased under a site license by UIC faculty and staff.

Use the program installation media to install Exceed on your PC.

Exceed's passive mode allows you to start the X Server on your personal computer without it making any initial attempt to connect to a specific remote host.

Set Exceed up to use Passive mode (Security).

1. Click the Start button, then select Programs->Hummingbird->Exceed->Xconfig.
2. A password dialog box will open, asking you to enter your Xconfig password, which you selected when you installed Exceed. Type it in the box provided and click OK.
3. Set Passive Communications:
   1. Double-click the Communication icon in the Xconfig window to open the Communications dialog box.
   2. Select Passive from the Mode field's drop-down list.
   3. Click OK to return to the Xconfig window.

A bit of explanation is needed. When you use Exceed, your PC is the server and tigger is the client. (In most ACCC documentation, tigger is referred to as a server. But, for the purpose of running Exceed, tigger is a client.) See "The X Protocol" from X.Org at http://www.x.org/about_x.htm for a short description of how the X Window system works, including easy to follow pictures.

What you are doing in this step is identifying which clients may display "stuff" on your server -- in other words, which clients may write to your screen. You will be configuring Exceed so that the tigger client may display information on your screen.

1. In the Xconfig window (see above), double-click the Security icon to open the Security dialog box.
2. If necessary, add tigger to the list of hosts that can use your X Server.
   1. In the Host Access Control List section of the Security window, click the radio button that is to the immediate left of the word File. As a result, the name of the file -- xhost.txt -- will darken.
   2. Click the Edit box to the right of the name xhost.txt. As a result, a NotePad editing session will be initiated, editing the xhost.txt file.
   3. Type: tigger.cc.uic.edu
      on a new line in the file. Keep in mind that after you add any host name to your xhost.txt file, any account on that machine will be able to open an X-Windows window on your personal computer.
   4. If you installed Hummingbird Exceed from ACCC Server Services, your xhost.txt file will already include icarus, tigger, and a few EECS machines. If you're not going to be using X Windows on one of those machines, delete those lines. There's no point in making your PC more widely open than it has to be.
   5. Save your changes by clicking File on the menu bar, then selecting Save.
   6. Leave NotePad by clicking File in the menu bar, then selecting Exit.
3. The Security dialog box reappears.
4. Click OK (on the right side of the Security dialog box) and you'll return to the Xconfig window.
5. Select File from the Xconfig menu bar; highlight and click Exit.

That completes the steps to install and configure Exceed.

Now, we move to configuring your tigger account to use your X Server (Exceed). This is done while logged into your tigger account. What you will do is tell tigger the location of the X Server, which is on your PC. You do this by setting the DISPLAY environmental variable to point to your X Server.

You may identify the your X Server by your PC's Internet domain name or by its IP address. To find out what your PC's domain name is, logon to tigger from your PC and alter and run the following command:

who -u | grep your_netid

Replace the your_netid with your netid, which is your login id on tigger. The output of the command includes the name of the PC that you're connecting from. For example:

who -u | grep adabyron
adabyron pts/3 May 15 12:41 . 25630 abl.cc.uic.edu 

The last item in the response is the name of the machine your connecting from, which is also the name of your X Server.

Don't know which shell you're using?

To see which shell you are using, enter the command on tigger:

echo $SHELL

If you see /usr/bin/ksh or /bin/ksh,

then you are using the Korn/Bourne shell.

If you see /usr/bin/csh or /bin/csh,

then you are using the C shell.

If necessary, find out the name of your personal computer as described above, then depending on whether you're using Korn or Bourn shell or C shell, enter one of the following commands. (In the following, abl.cc.uic.edu is used as an example. Substitute your own machine name for it.)

Korn/Bourne shell users enter:

export DISPLAY=abl.cc.uic.edu:0

C shell users enter:

setenv DISPLAY abl.cc.uic.edu:0

Make sure to include the colon zero combination :0 after your machine name or IP address.

X Windows requires a fast Internet connection, so most likely you'll be using it mostly from on campus. If you have one particular PC on campus that you'll usually use Exceed on, you can set your tigger account up to automatically contact the X Server on that machine. You do this by placing the above export or setenv command in your tigger startup file:

For Korn/Bourne shell users,

put the export command in your .profile file. For more information, see Unix 101: Customizing Korn Shell.

For C shell users,

put the setenv command in your .cshrc file.

Note that, even if you set a default X Server by putting an export or setenv command in your startup file, you can override your default by entering the appropriate command as shown in Set Your DISPLAY Variable Manually after you log into tigger.

1. Start the X Server on your PC -- Exceed, that is -- either each time you reboot your PC or whenever you want to use X Windows:
   1. Click the Start button,
   2. Then select Programs->Hummingbird->Exceed->Exceed
      (Not Exceed (XDMCP-Broadcast).)
   An Exceed button will appear on your taskbar; the icon looks like the letter X with a top hat and cane on it.
2. Login to tigger using telnet or ssh and set your $DISPLAY variable if necessary.

After you've (1) started your X Server and (2) run either the export or setenv command on tigger or another registered Unix machine (one in your xhost.txt file), an X-Windows window will automatically open whenever you start an X-Windows program on that machine.

A good X-Windows program to test with when you first set Exceed up is xclock.
On your tigger account, enter: xclock &
and a small X-Windows window containing a clock will open on your PC's screen. (It might open minimized; if you don't see it right away, check your taskbar.)