X Forwarding with the Librem 5

Just for fun, here’s my Pi-Hole admin page X-forwarded from my RaspberryPi to the L5:

With ssh already set up, enter the command:

ssh -X pi@(RaspberryPi'sIPaddress)

followed by the password (or chosen authentication method).

Then with the “no hangup” command, I can start any application resident on the Pi:

nohup firefox-esr

Above, you see my RaspberryPi’s Firefox-ESR application remotely displayed on the L5 over my wifi network. I can now log in and and check the detailed list of blocked or allowed connections, change/update settings, etc.

Entering Control+c in the terminal closes the forwarded application.

How cool is that?

6 Likes

Xforwarding is pretty heavy on cpu (client and server) and network. Would it not make more sense to just forward the pi’s https port to the librem 5:
ssh -f -qq -N -L 443:localhost:443 pi@raspberry-ip

and browse to https://localhost/ at your librem 5?

That way you can also connect to your pi over a metered connection without breaking the bank.

3 Likes

For that particular example, yes.

Or even forget about ssh and just connect directly from a browser on the Librem 5 to the HTTP server on the Pi. (Using https over ssh means that encryption happens twice.)

However there are plenty of other X applications where you won’t be able to be more efficient.

Let’s say perse wants to check a password that is stored on a keyring on the Pi and hence wants to run seahorse on the Pi but remotely, doing it from the Librem 5. (Is that a good example? I don’t know whether the keyring offers a client-server API. I am supposing that it does not.)

1 Like

Beware of security implications: https://security.stackexchange.com/questions/14815/security-concerns-with-x11-forwarding.

3 Likes

Or I could just walk across the room to the RaspberryPi and its connected video display. :stuck_out_tongue:

1 Like

The problem is that if your RaspberryPi is somehow compromised, then it can compromise your Librem 5 as well through the X Forwarding.

If you don’t trust binary blobs (which is a good reason to buy Librem 5), then consider that RaspberryPi cannot function without them.

2 Likes

I’m pretty sure all my current devices have binary blobs anyway.

Librem 5 doesn’t (running on the CPU).

1 Like

how cool to play with that @amarok!

for fun I did use remmina to connect to a windows rdp, much less progressive :sweat_smile:
By the way, how is the pi-hole?

1 Like

I also tried Remmina in an attempt to send the RPi screen to my computer, but couldn’t figure it out. I didn’t try very hard, though, and I’m not experienced with this kind of stuff. I should actually study how to use it.

I like Pi-Hole a lot. It reveals so much about what’s going on behind the scenes…much of it “ugly”! I had issues trying to set it up, due to my router injecting itself as DNS server even after I designated the RPi for DNS. Installing 3rd-party firmware on the router fixed that. Then it turned out that I also needed to add some firewall rules. Now it all works like a charm.

1 Like

Would there be an advantage to running PureOS on your home PC for compatibility with your Librem 5? Or does that even matter? Which distro is best for remote communications to and from your Librem 5?

I can’t imagine it would matter which distro you use. I’m running Linux Mint, and there are no obstacles to remote comms with the phone. Or with RaspberryPi OS, for that matter. It should normally be possible with even another OS, if I’m not mistaken.

Maybe with convergence (which I have not tried yet), there would be an advantage in running the same OS, just for the sake of simplicity, but I’m not sure.

Edit: In fact, I just sshed into the RaspberryPi from my Mint machine, and still in the same terminal, sshed from the Pi to the L5, and executed a sudo apt update. :slightly_smiling_face:

1 Like

I use remmina a fair bit. It’s not that difficult to use or get working.

However I haven’t used it in a Wayland environment. And I wasn’t able to get VNC working (in the other direction) with the Librem 5. I didn’t try incredibly hard but I gave it a fair crack.

So, if it works, your basic approach would be to install a VNC server on the Pi and remmina (the client) on the Librem 5. Run remmina on the Librem 5. Configure up a destination server (protocol, host, port). remmina supports VNC and RDP as protocols. I’ve used both (to different servers) and they both work. You would choose VNC (as RDP is too Microsofty). Open a connection to the server. All done.

VNC doesn’t offer even half decent network security. That’s OK for use on the local LAN (at least at home and assuming that you don’t have the highest security requirements). For use outside of that, you would want to run it forwarded over SSH, or any alternative network security mechanism.

Like you, I have a Pi in use in an always-on role (actually multiple roles). However I choose to have the display switched off when not actively in use - and rely on being able to connect to the web server on the Pi in order to monitor it.

So I don’t really understand why you want to access the Pi’s display remotely via any protocol (X, VNC, RDP, …). Can’t you just access the PiHole web server from another computer?

Not if your home PC is not a Purism computer. If your home PC is not a Purism computer then it probably won’t run PureOS out of the box, and would need manually-added blobs in order to run (at best).

From the perspective of interoperability with the Librem 5, I don’t think it matters. It wouldn’t really be in the spirit of Linux and openness if it mattered greatly. The Librem 5 should only be running open protocols, for which corresponding software should exist for most Linux distros (and could exist for any operating system).

There may be a small convenience in having the same applications running the same way, even if you don’t use convergence on the Librem 5.

VNC is actually pre-installed in RaspberryPi OS. I had installed Remmina on my laptop and tried unsuccessfully to connect the other day, but didn’t spend a lot of time with it. I need to read up on it and see what I was doing wrong.

I bought a small 7" monitor for the Pi, which is fine, but sometimes I like to take an in-depth look at the Pi-hole admin dashboard via my laptop’s larger screen, especially when I’m already sitting at the laptop. I’ve been using X, because it’s easy (and I know how to do it).

Yeah, I suppose so.

P.S.

:wink:

(yes, server and client)

The server is not running though by default, it looks to me. You would also need to have configured the VNC server password.

Makes sense - but why you would want to do that from the Librem 5 is unclear. Replacing a small 7" Pi monitor with an even smaller 5.7" Librem 5 screen was a bit puzzling.

But then there’s “just for fun” / “just because you can”. :wink:

For Debian
How it works for me (I don’t use Remmina).

  1. Create SSH-tunnel in terminal
    ssh -L 5900:127.0.0.1:5901 remote_user_name@remote_host_IPaddress
  2. On remote computer, run VNC server
    screen
    vncserver :1
  3. In other terminal run VNC viewer
    xvncviewer localhost :0
  4. On remote computer run the desired desktop environment.
  5. To stop, close xvncviewer window, stop vncserver:
    vncserver -kill :1
    Stop the screen and SSH:
    exit
    exit
2 Likes

I wouldn’t normally. I just wanted to demonstrate the capability. I thought it might be interesting for some people here to see it on the L5.

1 Like

This does work well for interacting with the Pi-hole admin panel (which is accessed via the browser on the Pi, for those who don’t know), and it’s not jerky or slow like X.

Of course, with X, you can remotely launch any app on the remote device, right?

Yes, exactly.

In particular any app that does not offer a network-accessible client-server interface because if it does offer that then that would almost always be more performant, particularly when accessed from a much higher spec device.

That’s where I would use it. Things that have neither a command line interface nor a client-server interface. So the only way to do it (without X) is on the Librem 5 itself, locally launching the GUI application. (Occasionally it can be that the command line interface does exist but is so baroque that I have to use the GUI.)

It might be interesting to see if it’s possible to log in to a ‘Windows Subsystem for Linux’ instance and see if any of the Windows stuff is accessible from a Librem 5. I got as far as bringing Nautilus gnome-clock, and several x programs up (xclock, xeyes’ xcalc) on Ubuntu 18.04 running on WSL on Windows 10 on a PC. WSL still requires a lot of building and installing components on the Linux side to run anything more than a bash prompt and text based programs. Security is questionable. I forgot my root password and was able to use SU in a Windows Powershell to run “passwd” without knowing the root password.