example, if a job I had running on `n1` wanted to talk to my X server
(e.g. via [[MPE]]), it would need to connect to `n0`:
- home <--(ssh -Y)----> n0 <--(???)----> n
+ home <--(ssh -Y)----> n0 <--(???)----> n*
`mxconns` fills the gap by providing a proxy between the local socket
provided by `ssh -Y` and a new publicly exposed X socket available to
n0$ cat ~/.mxconns
192.168.2.* allow
-After you've set that up, a full connection will look like
+After you've set that up, a full connection will look like:
- home$ ssh -Y n0
- n0$ export DISPLAY=`mxconns -config ~/.mxconns -fork -hunt -verbose`
- n0$ echo $DISPLAY
- n0.*.edu:5
+ home$ ssh -Y n0
+ n0$ export DISPLAY=`mxconns -config ~/.mxconns -fork -hunt -verbose`
+ n0$ echo $DISPLAY
+ n0.*.edu:5
-after which you can do things like
+after which you can do things like:
- n0$ ssh n1
- n1$ export DISPLAY=n0:5 xeyes
+ n0$ ssh n1
+ n1$ export DISPLAY=n0:5 xeyes
You can explicitly kill `mxconns` when you're done:
- n0$ killall mxconns
+ n0$ killall mxconns
or just wait and it will die naturally when you close your initial X
connection to `n0`.
[OpenSSH][]'s `sshd` on `n0`, you can set `X11UseLocalhost no` in your
`sshd_config`. However, this binds the `ssh -Y` X connection to the
wildcard address, exposing it to the world through eth1 (which is bad)
-as well as to the cluster through eth0 (which is good).
+as well as to the cluster through eth0 (which is good). With
+`mxconns` you can explicitly specify the interfaces you want to bind.
X authentication is handled with cookies, and getting cookie detection
working in `mxconns` turned out to be a key part of patching `mxconns`