1. Basic introduction
X Window is the X Window graphical user interface. It is a software window system displayed in bitmap mode. It was originally the research result of the Massachusetts Institute of Technology in 1984, and later became consistent with UNIX, UNIX-like, and OpenVMS operating systems. A standardized software toolkit and operating protocols for the display architecture.
X Window establishes the graphical user interface used by the operating system through software tools and framework protocols, and then gradually expands and applies to various other operating systems. Almost all operating systems can support and use X Window, GNOME and KDE also They are all built on the basis of X Window.
Since X is only a toolkit and an architecture specification, it does not have an entity that actually participates in the operation, so someone must develop and write according to this standard. Only in this way can there be a real usable and executable entity, which can be called an implementation body. Among the current implementations developed and written based on the X specification framework, X.Org is the most common and popular. The version of the protocol used by X.Org, X11, was released in September 1987.
Two, the composition of X Window
Based on the Server/Client architecture, X Window consists of three parts: X Server, X Client and the communication channel between them.
1、X Server
X Server is the program that controls the display and input devices (keyboard and mouse). It receives the information from the input device (mouse click, keyboard input, etc.), and transmits it to the X Client; it outputs the information from the X Client to the screen. X Server is a process that manages display and must run on a host computer capable of displaying graphics.
X Server is only responsible for creating windows, writing text or drawing in them, controlling input devices, etc., without standardizing the detailed design of the application program on the user interface, which includes buttons, menus, and window title bars, etc., which are determined by the window. Provided by user software such as window manager, GUI component toolkit, desktop environment or application-specified GUI (such as POS). Based on this feature, on the basis of X, users can use different window managers, supporting application software, and desktop environments to experience different styles of window shapes, desktop settings, and menus.
Each set of display devices only corresponds to a unique X Server, and the X Server is generally provided by the system supplier, and usually cannot be modified by the user. For the operating system, X Server is just an ordinary user program, so it is easy to replace it with a new version, or even replace it with an original program provided by a third party, such as Xorg and XFree86 commonly used under Linux. Moreover, X Server is not limited to the Linux system. There are also software supporting X Server for download and use on Windows and Mac OS, such as MobaXterm, Xming, Xmanager under Windows, and XQuartz under Mac Os.
2、X Client
X Client is the core part of the application program, it has nothing to do with hardware, each application program is an X Client. X Client can be a terminal emulator (Xterm) or a graphical interface program. It does not directly draw or manipulate graphics on the display, but communicates with X Server, and X Server controls the display. Multiple X Clients can connect to the same X Server at the same time.
Clients cannot directly affect window behavior or display effects, they can only send a request (request) to the Server, and the Server will complete these requests. Typical requests are usually "write the string 'Hello World' in a window", or draw a line from A to B.
3, communication channel
The medium for transmitting information between X Client and X Server. The main body of the X communication channel is xlib (X function library). Through the xlib library, X Client and X Server can communicate. There are roughly two types of communication methods between Server and Client, corresponding to the two basic operating modes of the X system:
- In the first category, Server and Client are executed on the same machine, and they can use any communication method available on the machine for interactive information processing. In this mode, X can work as efficiently as other traditional windowing systems.
- In the second category, the Client runs on one machine, while the monitor and Server run on another machine. Therefore, the information exchange between the two must be carried out through a network protocol that both parties abide by, and the most commonly used protocol is TCP/IP. This method of communication is generally called network transparency, and it is almost the only feature of X.
Interactive example:
Three, the use of X Window
1. DISPLAY environment variable
On Linux/Unix-like operating systems, DISPLAY is used to set where to display graphics. When you directly log in to the graphical interface, or use startx to start the graphical interface after logging in to the command line interface, the DISPLAY environment variable will be automatically set to :0:0, and you can use the echo $DISPLAY or printenv DISPLAY command to output the value of the DISPLAY environment variable. Use the xdpyinfo command to view more specific information currently displayed.
The format of the DISPLAY environment variable is hostname:display_number.screen_number. hostname refers to the host name or ip address of the host where the X Server is located, and the graphics will be displayed on this machine. If the hostname is empty, it means that the X Server is running on the local machine, and the X Client connects to the X server through unix socket instead of TCP. When using TCP connection, display_number is the value of the connected port minus 6000. If display_number is 0, it means connecting to port 6000; when using unix socket connection, it means the path of the connected unix socket. If it is 0, it means Connect to /tmp/.X11-unix/X0. screen_number is almost always 0.
It can be understood in this way: a computer can have multiple displays, and a display can have multiple screens. Therefore, display is equivalent to a set of input and output devices equipped with a computer. Under normal circumstances, a computer is only equipped with a set of keyboard and mouse and a monitor. In special cases, it can be equipped with multiple monitors.
2. Display the GUI program in the local X Server
(1) View the currently running X Server
You can use the ps -e | grep X command to view the X Server currently running on the system.
As can be seen from the figure above, the X Server of the current system uses Xorg and runs on tty1.
(2) Start a new X Server
Linux supports virtual consoles. You only need to press Ctrl+Alt+F1, Ctrl+Alt+F2, ..., Ctrl+Alt+F7 at the same time to switch between different virtual consoles. As can be seen from the figure above, the graphical interface of the current system is running in virtual console 1, so when we want to switch back to the graphical interface of the current system, we need to press Ctrl+Alt+F1 at the same time.
We can use the X Server program to start the X Server. When starting the X Server, you can specify the display parameter, because you can omit the hostname and screen_number, so you can use the format of :0, :1 to specify the display, because :0 is already occupied, so you can use :1. The command is as follows:
sudo X :1 -retro
The startup effect is as follows. The -retro option is to make the background of the X Server appear as slashes for easy distinction. At this time, you can press Ctrl+Alt+F1 to switch back to the original console.
Using the ps -e | grep X command, you can see that Xorg is also started on virtual console 7 at this time, and you can switch to tty7 by pressing Ctrl+Alt+F7.
(3) Display the program in the specified display
We can add the –display parameter when executing the program to specify which X Server the program is displayed on. The following uses the gedit program as an example to display the gedit interface on the newly created X Server interface. The command is as follows:
gedit --display :1
Note: During the test, it was found that for some programs, such as xarclock, xclock, xterm, etc., you need to use -display to specify instead of –display.
(4) Another way to display the program in the specified display
We can also specify the display of the display program by setting the DISPLAY environment variable. After the system starts to enter the graphical interface, DISPLAY will be set to :0 by default, which means that the display of :0 is used for display by default. We can change the DISPLAY value to other values, so that when the program is started in the terminal, the specified display will be used for display.
//临时设置DISPLAY环境变量,重启恢复
export DISPLAY=:1
3. Display the GUI program in the remote X Server
Based on the network transparency of X Window, X Client can communicate with remote X Server through TCP/IP protocol. We can use two Linux terminals as the server and client. The client connects to the server through ssh, and displays the program on the server on the client's graphical interface. In the above process, the client is used as X Server, and the server is used as X Client. This is because the client needs to display the program of the server on its own interface, and needs to be responsible for the drawing operation of the remote server startup program, so as X Server, while the server needs to send the display data to the client for display, so it acts as an X Client.
Note 1: The use of ssh is mainly for the convenience of operation, and it can also be operated directly on the service terminal instead of remote access through ssh.
Note 2: The server IP is 192.168.12.60, which corresponds to X-Client; the client IP is 192.168.12.66, which corresponds to X-Server.
(1) Start X Server to listen to tcp
LightDM, namely: Light Display Manager, is a new, lightweight Linux desktop desktop display manager, LightDM is responsible for starting X Server and other X programs. When LightDM starts the X Server, it adds the -nolisten tcp parameter to the X Server by default, which will make it impossible to access the remote X Server through tcp.
At this time, you need to use vim to modify the /etc/lightdm/lightdm.conf file, remove the comment in front of the line xserver-allow-tcp=false, and change it to xserver-allow-tcp=true.
After the modification is completed, save and exit, then restart the system, or use the service lightdm restart command to restart the lightdm service to make the configuration take effect, and then use the ps command to view the execution options of Xorg, and it is found that the execution option has changed to -listen tcp option at this time.
(2) X Server adds the security authentication of the specified X Client
When accessing the X Server remotely, security authentication is required to prevent unauthenticated X Clients from accessing the remote X Server at will. The X-Server side can be configured with IP-based authentication and shared key-based authentication, that is, two methods of xhost and xauth are used to implement security authentication.
xhost (based on IP authentication)
A Displayer (X-Server) will correspond to an xhost list. When X-Client requests access, X-Server verifies whether the IP of X-Client is in the xhost list, and if not, rejects the access. You need to use the xhost command to add the corresponding IP to the xhost list on the X-Server side.
The xhost command is an access control tool for the X server, which is used to control which X clients can be displayed on the X server. This command must be run from a machine with a display connection. Use the xhost command to add and remove hostnames or usernames to allow connections to the X server.
xhost [[+-]hostname ...]
Example usage:
//允许任何x client连接
xhost +
//只允许IP在xhost列表中的x client连接
xhost -
//将192.168.12.12添加到可访问列表
xhost [+] 192.168.12.12
//从可访问列表中删除该IP
xhost - 192.168.12.12
Note: After setting in the above way, restarting will fail.
xauth (based on pre-shared key authentication)
One X-Server is associated with one .Xauthority file, and one .Xauthority file can contain pre-shared keys of multiple Displayers. X-Server only uses the key record of its own Displayer in its associated .Xauthority file. When X-Client accesses, it will bring the key of the target Displayer, and X-Server verifies whether the key is consistent with the configuration in the local .Xauthority file, and rejects it if it is inconsistent. Therefore, it is necessary to configure the same key on the X-Server and X-Client. You can use the xauth command to edit and display the authorization information for connecting to the X server.
Common commands:
//列举出当前授权文件保存的授权信息条目,条目信息格式为 displayname protocolname hexkey
//其中 displayname 为DISPLAY名称,protocolname 为使用的授权协议,hexkey为对应的KEY值。
xauth list
//显示授权文件.Xauthority相关信息
xauth info
//添加指定条目到授权文件
xauth add displayname protocolname hexkey
//使用X服务器生成指定条目,此命令类似于add命令。 主要区别在于它不要求用户提供密钥数据,而是连接到 displayname 中指定的X服务器并使用 SECURITY 扩展来获取密钥数据以存储在授权文件中。
//如果无法联系到服务器或者它不支持 SECURITY 扩展,则命令失败。 否则,使用给定协议的指定显示器的授权条目将添加到授权文件中。
//仅由一个句点组成的协议名称被视为 MIT-MAGIC-COOKIE-1 的缩写。
/* 包含以下几个常用选项:
* [trusted|untrusted]:客户端是否可信。使用此授权连接的客户端将像往常一样完全运行显示。
* 如果使用 untrusted,则使用此授权连接的客户端将被视为不受信任,并防止窃取或篡改属于受信任客户端的数据。
* [timeout seconds]:指定此授权的有效时间(以秒为单位)。 如果授权未使用(没有客户端与其连接)的时间超过此时间段,服务器将清除授权,并且以后使用它进行连接的尝试将失败。若将时间设置为0,表示永不过期。
* 请注意,服务器完成的清除不会从授权文件中删除授权条目。 默认超时为 60 秒。
* [group group-id]:指定使用此授权连接的客户端应属于的应用程序组。
* [data hexdata]:指定服务器应该用来生成授权的数据。 请注意,这与写入授权文件的数据不同。 此数据的解释取决于授权协议。
*/
xauth generate displayname protocolname [trusted|untrusted] [timeout seconds] [group group-id] [data hexdata]
//以下命令表示,连接到:2对应的X Server来获取密钥数据,生成的授权条目使用MIT-MAGIC-COOKIE-1协议,永久有效且是受信任的。
xauth generate :2 . trusted timeout 0
(3) Use xauth authentication to access the remote X Server
Use the following command to generate corresponding authorization entry information on the client (corresponding to X Server), where 192.168.12.66 is the local IP. If No protocol specified is prompted, it means that there is no permission to access. Use the xhost + 192.168.12.66 command to grant permission .
xauth generate 192.168.12.66:0 . timeout 0 trusted
Use the following command to connect to the remote server terminal through ssh, where 192.168.12.60 is the server IP address, and server is the server username to log in.
ssh [email protected]
Use the xauth add command to add the authorization entry information generated by the previous client (corresponding to X Server) to the .Xauthority authentication file on the server (corresponding to X Client). Among them, the displayname should be changed to the IP address, that is, 192.168.12.66:0.
Set the display environment variable on the remote server.
Running xarclock on the remote server can display the GUI interface normally.
Note:
X Client can be connected to other displays of remote IP, such as 192.168.12.66:2. The specific steps are similar to the above operation, but pay attention to the following points:
- If you use the X command to start a new X Server, you need to ensure that the tcp port can be monitored normally. The command should use sudo X :2 -retro -listen tcp .
- After starting the new X Server, you need to start a gui program on the X Server first, for example, use the xterm -display :2 command to start xterm on the X Server interface, otherwise the authorization entry generated by the subsequent copy will prompt "Invalid MIT-MAGIC - COOKIE keyError: can't open display" error.
- Use the xauth generate 192.168.12.66:2 . timeout 0 trusted command on the X Server side to generate the corresponding authorization entry, copy and add it to the authentication file of the X Client, where the displayname uses 192.168.12.66:2.
- After setting the DISPLAY environment variable to 192.168.12.66:2 on the X Client side, the running gui programs can be normally displayed on the screen corresponding to 192.168.12.66:2.
(4) Use xhost authentication to access the remote X Server
Use the xhost command on the client (corresponding to the X Server) to add the server IP to pass the IP security authentication.
xhost + 192.168.12.60
Use ssh to connect to the server and set the DISPLAY environment variable.
Run the xarclock program and it can be displayed normally.
Description:
Through the xhost method, the way to remotely run the GUI program in the newly started X Server is as follows:
- Start the X Server with the sudo X :2 -retro -listen tcp command, and you can use the ps command to view it after running.
- Use the xterm -display :2 command to start the xterm on the X Server interface, enter the xhost + 192.168.12.60 command in the xterm, and add the server IP to the xhost list corresponding to the X Server.
- Connect to the remote server (corresponding to X Client) through ssh, and set the DISPLAY environment variable.
- Run the xarclock program and it can be displayed normally.
4. Remotely start the GUI program through the X11 data forwarding function of ssh
When we use ssh to remotely access the server, we can enable the function of X11 data forwarding to realize the remote access of the client and display the function of the GUI program on the server. The specific operation steps are as follows:
(1) Server-side sshd enables X11 forwarding
The server side uses vim to modify the configuration of /etc/ssh/sshd_config to ensure X11Forwarding yes. If it is not found in the configuration file, just add it to the end of the file, and finally save and exit.
After the server-side modification is completed, you need to execute the command to restart the sshd service:
service sshd restart
(2) Client ssh enables X11 forwarding
The client can use the following two methods to enable the function of X11 data forwarding:
- Method 1: Use vim to modify the configuration of /etc/ssh/ssh_config, and make sure that ForwardX11 is yes. If it is not found in the configuration file, just add it to the end of the file, and finally save and exit.
After the client is modified, you need to execute the command to restart the ssh service:
service ssh restart
- Method 2: When using the ssh command for remote mode, add the -X option to enable X11 data forwarding.
(3) The client uses ssh to access the server-side GUI program
Use the following commands to remotely access the server. If you have already set it in step (2), you don’t need to add the -X option.
ssh -X [email protected]
Run the xarclock program and it can be displayed normally.
At this time, it can be found that the DISPLAY environment variable and the authentication entry information in the current authentication file are output. At this time, the DISPLAY environment variable has been automatically set to localhost:10.0, and the corresponding authorization information has also been automatically added to the local authorization file.
