CERN Accelerating science

This website is no longer maintained. Its content may be obsolete. Please visit for current CERN information.

next up previous
Next: The UCO Command Up: Desktop Computing Previous: Desktop Computing

Connecting between UNIX Machines


A UMTF subgroup has been setup to address the issue of connectivity between computers. Our first aim is to find a recommended way for people to work between Unix machines both inside and outside of CERN. In the longer term, our aim is to find or provide a few convenient and secure tools to facilitate this access.

Interactive remote session without X

Unix provides two tools to start interactive remote sessions (`login') on another machine:

We currently recommend the use of telnet.

Interactive remote session with X

If you have an X-terminal or workstation, telnet may not be sufficient as you will probably want to run X programs on the remote machine. Before addressing this issue, it is important to understand the different ways you can permit such programs to access your X display:

X authorisation

There are three recommended ways you can authorise clients to connect to your X display:

mxconns has an additional advantage: it is secure and thus not blocked by the CERN firewall. Thus, it allows you to work on machines outside CERN using X-terminals inside CERN. We thus recommend that you use mxconns in conjunction with telnet.

For more information on X security please read the CERN security handbook:

Steps to start an interactive remote session with X

  1. If mxconns is not running, start it:

    mxconns -hunt -verbose &

    Your virtual display name will be written on the screen and on the title bar of the small mxconns window which opens up. The body of the window will list nodes that are accessing your display through mxconns.

    If you are using a window manager with several virtual desktops (such as fvwm or HP-VUE) you should make sure that mxconns always appears on your current desktop. This is the CERN default for fvwm (where mxconns has been defined as `sticky') but users of ctwm or HP-VUE will have to click the top left hand corner of the mxconns window and select the `occupy all desktops' menu option.

  2. telnet to the remote machine.
  3. Set the display on that machine to the name given in the mxconns window (but changing the form from machine:n to if you are connecting to a remote site). To set the display you

Parts of this procedure will soon be simplified or automated but the above steps should work reliably now.

Starting a remote client without X

Instead of starting an interactive session on a machine, you may just want to issue a simple command on that machine. Most Unix vendors provide a command that allows this facility called either rsh or remsh. For example to find out who is using a machine you can type

rsh machine who

However, this command suffers from similar problems to rlogin (see above) and in addition, cannot accept a password. As a result it does not work in many cases.

Starting a remote X client

An extension of rsh called xrsh can be used to start programs which use X. It automatically sets the correct DISPLAY variable and handles the X authentication. For instance to start a remote xclock from another machine try:

xrsh machine xclock &

N.B. If xrsh works it also provides a powerful way of starting an interactive session. Just type:

xrsh machine xterm &


xrsh machine

for short and you have started an interactive session with both the security and the DISPLAY variable set correctly! Unfortunately, since xrsh relies on rsh, it often will not work.


We realise that the current situation is not satisfactory but it is all that is available with current tools. We are now working on more satisfactory solutions. Ideally we would like to find or construct a set of simple commands that do not involve the user having to type his display name, that work from CERN and to CERN, and that work for dumb terminals and X terminals. As a secondary goal we would like to improve security by, for example, finding a tool which avoids the need for people to type their password across the Internet.

Although achieving these goals will not be easy we should certainly be able to improve on the current situation. Currently, solutions using ssh and arc are being considered and improvements will be announced as they become available.

If you wish to contribute or comment on this work please feel free to contact

next up previous
Next: The UCO Command Up: Desktop Computing Previous: Desktop Computing

Michel Goossens
CN Division
Tel. 3363
Wed Mar 13 07:42:40 MET 1996