### Some kind of introduction should go here.
One very powerful aspect of the X11 system is network transparency. With X11, it is very easy to run a program on one computer (say, kronos, in the math division), yet have the graphical output of the program be displayed on another computer (say, your personal workstation). You might do this to run a very resource-intensive program like Mathematica on a powerful computer from your wimpy little home machine.
One simple (but insecure) way to run graphical programs over a network
connection is to start X with the -query
option.
This starts an X server on the workstation and tells it to contact kronos for output. When it works correctly, a kronos login screen is displayed. If your system is already running a copy of X, it may be necessary to specify a different display number; perhaps :1 or :2.
If you login and begin working, every program you run will execute on kronos, but its interface will display on the machine in front of you. Part of the magic that makes this work is the DISPLAY environment variable. It contains the host (optional), display, and screen number of the current X server.
This can be a very convenient way to work with graphical programs on another system, and it highlights the part of the power of the X11 system. However, it is also insecure. None of the data sent between the systems is encrypted. That means that anyone who can see the traffic on the network knows what you type (including your login password) and can see what you see. There are more secure ways of remotely using graphical programs.
The secure shell program, SSH, can be used to forward X11 data. All of
the data travels through an encrypted tunnel, which means that your
keystrokes and visual data cannot be intercepted. Setting up the tunnel is
as easy as using ssh's -X option.
Example 10-3. Forwarding X11 via SSH
$ ssh -X dbindner@kronos dbindner@kronos's password: kronos$ echo $DISPLAY localhost:11.0 kronos$ xlogo
Although the DISPLAY variable shows the display as localhost (meaning kronos, because that is the machine we ran the command on) display number 11 screen 0, it is actually sent back through the SSH connection. That means the xlogo program displays (securely) on my workstation as would any other graphical program I invoke.