X-Win32 FAQ
Last update: 25 Aug 1999
NB: The screen shots in this FAQ are from version 4.1.2 of X-Win32 and 1.1 of SSH.
Q: Will X-Win32 still work after 1 Sep 1999?
Yes, but many users will have to make changes in how they use it.The security restrictions scheduled to go into effect at SLAC on 1 Sep 1999 will not interfere with X-Win32's ability to display X Windows from applications running on UNIX (or VMS) hosts. However, the removal of the rexec and rsh commands from UNIX will prevent the launching of certain kinds of "sessions" from the Sessions menu. Users may still be able to do their initial login to a UNIX or VMS host via this menu, but once logged in they will have to launch additional applications from the UNIX or VMS command line.
The remainder of this FAQ will assume you are connecting to a UNIX, rather than a VMS, host.
There are two options: XDMCP and SSH.
XDMCP ("X Display Manager Control Protocol") is a special login protocol designed to be used in the X Windows environment (rexec and rsh, in contrast, are general purpose protocols designed for running any type of command, not just a login, on a remote computer, with or without the X environment). When an XDMCP login session is launched, a special login dialog box will be displayed to permit login on a specific host computer (this login box will be familiar to anyone who has used an NCD X terminal at SLAC).
With XDMCP, you must initially login to a host running the xdm daemon; at SLAC, we run this server on the flora and vesta pools of public login servers. Once logged into one of these machines, however, you can login to other SLAC hosts and run X applications from them also.
Once successfully logged in, a special startup script is run to launch one or more X applications on with their X windows directed back to your Windows NT/9x screen. The default version of this script launches an xterm, xload (a monitor of the load on the unix host), xbiff (a mailbox icon to show when email arrives) and an xclock. The last application launched (xclock by default) is the "controlling" application for the session: when it ends, the entire session ends, closing any remaining X windows and logging you out of UNIX.
SSH ("Secure SHell") is the most secure way to login and is strongly recommended for anyone logging in from off site (outside the SLAC firewall, that is, not those with SLAC PPP/dialup or ISDN accounts) since it provides complete, end-to-end encryption of your session. However, it requires that you install SSH client software on your Windows NT (or 9x) computer and configure it to work in cooperation with X-Win32.
To use SSH in conjunction with X-Win32, you first start X-Win32 running on your Windows NT/9x machine, but you don't launch a session from it directly. Instead, you leave it running in the background, launch the SSH client software, and use the latter to login to a UNIX host. The SSH client will open a simple terminal emulator window (not an xterm) on the UNIX host and, if configured correctly, will direct any X application launched from that window to display the X windows back on your Windows NT/9x screen via the encrypted SSH tunnel.
Start -> Programs -> X-Win32 -> X-Util32 -> Sessions -> New session
You may want to check the Show Messages box to cause a window to automatically pop-up with messages if there are during the login process (you can also open the Messages window by hand from the X-Win32 menu in the taskbar).
Click Save to save this session in the X-Win32 Sessions menu.
Now go to Options -> Window Settings and make sure Multiple is selected (this will let your X windows mix freely with other Windows NT/9x windows; the alternative, Single, will confine all your X windows inside a single Windows NT/9x window).
Next, open the Options -> XHost... dialogue and make sure there is at least one entry in the list.
Important: For security reasons, the X-host list should never be completely empty since that turns off all access control for your X display.
Any process running on the hosts in the Host list (or on any host at all if the list is empty) is permitted to connect to your X display, whether or not the process belongs to you. With rexec and rsh, the X-host list was the only way of controlling connections to your X display. Both XDMCP and SSH, however, also use xauth, another access control protocol which is tied to your UNIX username instead of to specific host names (strictly speaking, xauth is based on access to your UNIX home directory). Thus, when using either XDMCP or SSH, the only additional names you should need in your X-host list are those of non UNIX or non SLAC hosts. A completely safe place holder to keep the list from being empty is the special keyword "localhost", which refers to your Window NT/9x machine itself. This also happens to be required for use with SSH, so we recommend that most users set up their X-host lists with just this one entry.
To add an entry to the X-host list, type it into the Add a host name field, then click the Add button:
After adding one or more entries to the X-host list, don't forget to click OK to save the list:
Finally, go to the Options menu and make sure Access Control is checked:,
With Access Control selected, you will be prompted to accept or refuse any new X window connections that are not already authorized via the X-host list or xauth:
The first discussion assumes you are using the F-Secure SSH client software from Datafellows. If you are using another SSH client for Windows NT/9x, the overall strategy will be the same (configure the SSH client to forward X11 connections, login via SSH, then launch X applications from the SSH command line) but the details may be quite different.
Make sure X-Win32 is already running and that its X-host list includes the special host name, "localhost" (see the previous question for information about the X-host list). If necessary, you should be able to launch X-Win32 from the Start button: Start-> Programs-> X-Win32-> X-Win32. Do not open a session from the X-Win32 Sessions menu, however.
Next launch SSH: Start-> Programs-> F-Secure SSH -> F-Secure SSH. After a few moments you should get an empty terminal screen and, possibly, a dialog box for opening a connection (if you don't automatically get the dialog box, you should be able to bring it up simply by pressing the Enter key):
Click on the Properties... button in the dialog box and select the Connection tab (you can also get to the Properties window from the Edit menu in the terminal emulator window).
Check the Forward X11 box to tell X-Win32 to automatically establish the encrypted tunnel for passing all X11 traffic between your Windows NT/9x machine and the remote host you will be logging into. If you have a slow network connection, e.g., if you are connecting to SLAC via a modem from home, checking the Compression box may improve performance; if you are on site, the extra computation needed by this option will probably be counter-productive. You can also enter your user name and host name (usually flora or vesta) in the top part of this panel.
SSH can be configured (via the RSA Identity tab) to permit you to login without the use of your SLAC password. However, if you login this way, you will not automatically get an AFS token but will need to use the klog command eventually to get one. We therefore recommend that you simply select the Password authentication method from the list.
Click on the Apply button to activate your changes for the current session, then click OK to close the Properties window. You can now type your password into the Connect dialog box and click OK to open a connection. After a few moments, you should see the beginning of a normal, line mode login in the terminal screen.
Note that your DISPLAY environment variable will already be defined, but that it will not point directly to the display of your Windows NT/9x machine; instead, it will point to a port on the UNIX host which is connected to the encrypted tunnel to your machine. You should not change the DISPLAY variable. You can now launch any X applications you want from the command line of your SSH terminal screen.
To end a session, you can logoff of all your X applications and then logoff in the SSH terminal screen. Occasionally, one of your X applications may be hung, in which case SSH will warn you that some of your forwarded connections are still open. You can force SSH to disconnect from the File menu:
You probably will want to save the settings for your SSH session so you don't have to reconfigure SSH each time you use it. To do so, go to the File menu in the terminal screen (after you've disconnected) and select Save As...:
Give the file a convenient name (e.g., flora_login.ssh) and save it. You can then launch SSH by opening this settings file rather than the SSH application itself. You may also want to create a shortcut for this file, either on the desktop or in your Programs menu.
How do I Two ways to get SSH enabled by default. One way is to connect once, select SSH by hand in the New Connection dialog, and then, once your connection is established go to the Setup menu and select "Save setup...".
The other possibility is to create a shortcut to start the program and add " /ssh" to the shortcut's command line.
For TeraTerm, to enable the SSH extension whenever you run Teraterm, make sure that the environment variable TERATERM_EXTENSIONS is set to 1. To set the environment variable in Windows NT/2000, go to Control Panel -> System . In Windows 95/98/ME, edit AUTOEXEC.BAT and add the line:
set TERATERM_EXTENSIONS=1
You'll have to reboot in order for the change to take effect. See other tips and tricks for using Tera Term SSH.
With both XDMCP and SSH, you open additional X applications from the UNIX command line. Usually, you should append an ampersand ("&") to the end of the command to put it in the background, i.e., to you can continue to use the original command line to run other commands (if you forget the ampersand, you can interrupt the foreground process by typing CTRL-Z, and then use the bg command to put that process into the background.
Here are some examples, using an SSH window as a "launch pad":
If you are using XDMCP rather than SSH, you would simply use the initial xterm opened when you first login as the launch pad for other X applications.
The second xterm command, above, shows a convenient way to open a window on another host: it simply opens a new xterm (which will actually run on your original login host, flora01 in this example) and then uses the ssh command to login to the new host within that xterm window.
The standard distribution of X fonts includes directories with similar bit map fonts at two different nominal resolutions, 75 dpi and 100 dpi. If most of the fonts in your X applications appear either too big or too small, you probably need to swap the order of these two directories in your font path.
For example, suppose you are using a large monitor in a high resolution mode (1600x1200, say). If your font path lists the 75 dpi directory before the 100 dpi directory, you may find that the text in your xterms is uncomfortably small. To fix this problem, open X-Util32 (either from the X-Win32 taskbar menu or via Start-> Programs-> X-Win32-> X-Util32) and select Path... from the Fonts menu:
This will bring up the Modify Font Path window, with a list showing your current font path:
To reorder your font path, select an item and move it up or down in the list by
clicking on the up or down arrowheads. When you have the path the way you want it,
click the OK button to to make it take effect. Subsequent font requests will use the
new path.
If you use the SCS script to install X-Win32, the special fonts required for running SCPs should be installed and added to your font path automatically. If for some reason these fonts are not in your font path, you should be able to find them on the public server (\\pub.slac.stanford.edu\pub, usually mounted as your X: drive) in,
X:\Applications\Supported\Xwin32\SCP-fonts
Copy this directory to the X-Win32 font directory on your C: drive; if you installed X-Win32 in the default location, this will be,
C:\Program Files\StarNet\X-Win32\Lib\Fonts
Open the Modify Font Path window in X-Util32 (see the previous question), and use the Add... button to find and add a font directory to your font path. Click the OK button to update the font path. You should then rebuild all the fonts.dir files within the directories in your font path, by selecting Make FONTS.DIR from the Fonts menu in X-Util32:
We have installed a number of more specialized fonts on font servers. If you can't find a particular font you need, you might try adding a font server to your path. Open the Modify Font Path window in X-Util32 (see above) and click on the Add Font Server... button. In the Font Server field enter fontserve and in the Port field enter either 7017 (if you have your 100 dpi fonts first) or 7071 (if you have your 75 dpi fonts first):
Click OK in the Add X Font Server dialog box, and then
OK in the Modify Font Path window.
Previous versions of X-Win32 (when used with the Window Settings
option set to Multiple, as recommended above) put a button in the taskbar for each
open X window, plus an additional button, with the same icon but a different function, for
the X server (i.e., the X-Win32 process itself). Starting in Version 4.1.2, there is
a check box (checked by default) in the Multple Settings...
dialog (also in the Window Settings menu) to replace the
latter button with a small X icon
in the system tray at the right side of the task bar. A right-mouse click on this
icon give the same menu as the old button; a left-mouse click gives quick access to the Sessions submenu.
Feedback: xwin32-l@slac.stanford.edu