In principle there are three methods for authorising a remote application to use your screen.

  • Using SSH
  • With the xhost command on your workstation (deprecated)
  • Using Magic Cookies; the .Xauthority file on the remote system

We recommend only the first method. The second method is not safe and the third method is somewhat complicated.

Using SSH

When you use ssh to connect to a host, all that is required to run X-applications is done automatically. We have some some information about the usage of ssh for you.

Magic Cookies

First we define a few terms by which your environment is defined:

''myscreen'' the name of your X-screen, e.g. Note, that you enter the full name, including the domain. ''saralogin'' your login name on the SURFsara system, e.g. h231tine

Using magic cookies you can allow remote applications to make use of your display.

This is how it works: When you start a X-session on your workstation, a file .Xauthority is created. This file contains a random chosen key (''cookie''). When you do not use the xhost-command, only X-applications who know that cookie can get access to your display. X-applications look in the file .Xauthority for the specific cookie belonging to the display.

In order to transport the Magic Cookie in your .Xauthority file on your workstation to the .Xauthority file in your home directory on SURFsara's system, do the following:

  • Enter the following commands to export the magic cookie to the SURFsara system:
export DISPLAY=myscreen
xauth extract - $DISPLAY | ssh saralogin@SARASYSTEM xauth merge -

You have to do this every time you start a new session on your workstation.