HOWTO Xnest, secure Xnest

Antoine Ginies (


Revision History
Revision 0.2August 2005ag
Mooby re-read

1. HOWTO Xnest server

Goal of this document is to learn how to launch a Xnest server on another box.

Figure 1. network arch

network arch

2. Step by Step

2.1. Server side xauth

Our server is called: guibpiv, and his IP address is: To launch multiple X, we need to choose an unused one: ":3" could be a good one. We use xauth to define wich host is authorized to access this Xnest server. mcookie generate magic cookie for xauth:


Now we need to authorize node10 to connect our Xnest server on display:3. We use xauth:

xauth add node10/unix:3 . bc85bb773ae8897d9569ddbe69684411

we can list all xauth in X authority file utility:

xauth list  MIT-MAGIC-COOKIE-1  64e3e9fead5031070d4bfe8527d056a9
node10/unix:3  MIT-MAGIC-COOKIE-1  bc85bb773ae8897d9569ddbe69684411

2.2. Client side, grant access from Xnest server

Our client is called: node10, and his IP address is: We just need to authorize Xnest server to connect on our X ( Todo that we use xhost, the server access control program for X:

xhost +

If you are working on your client (node10), and connected to your Xnest server through ssh (with ssh -x user@, you don't need to do that, ssh will do it automatically.

2.3. Launch the Xnest server

Now on server just launch the Xnest server:

Xnest -display -geometry 800x600 -depth 24 :3 &

  • -display specify the IP address of the client (use it only if you launch it directly from server)

  • -geometry define geometry of the Xnest window

  • -depth define the color depth, could be: 8, 16, 24 (please use the same as your X client)

  • :3 the display of your Xnest server

Figure 2. Xnest ex

Xnest ex

3. Secure Xnest

Use the script below, and just launch it through ssh

ssh -X guibo@ xnest

4. xnest script (don't forget to chmod 755)

# quick way to launch Xnest to another display


# define mcookie for xauth
# add xauth 
xauth add localhost/unix$display . $MCOOKIE

# launch Xnest to IPCLIENT
Xnest -geometry 800x600 -depth 24 $display &

sleep 1
#export display to Xnest server
export DISPLAY=$display

kill $!
#remove all xauth key
xauth remove localhost/unix$display
exit 0

Valid XHTML 1.0! Valid CSS!