It's been surprisingly difficult to set up a remote display between two CentOS boxes, one headless running v.5.9 and the other a new laptop running v.7.2. Since the one machine is headless, it should be obvious which is to display the desktop of the other.
The two machines are on the same local network, yet there is iptables running on both of them. But it's not a big deal for me to add rules for them. There's already a solid ssh connection from the laptop to the headless machine.
I recently set up remote display of applications from a Raspian (Debian running on a Raspberry Pi) to my Android phone-- that took only about an hour-- and (quite a while ago) an X server displaying apps from another Linux box-- was also trivial to do-- which is why it's been a mystery why using gdm is so difficult. Since I've tried a lot of different settings over the past several days, it would take too long to describe them all. If perhaps someone could describe the steps from the beginning, that would be much simpler and would give others seeking the same on the internet a doc to work from.
So does anyone know how this is done?
On Thu, Jan 28, 2016 at 03:24:48AM -0500, ken wrote:
It's been surprisingly difficult to set up a remote display between two CentOS boxes, one headless running v.5.9 and the other a new laptop running v.7.2. Since the one machine is headless, it should be obvious which is to display the desktop of the other.
Maybe you should be more clear as to what you mean by 'remote display'?
Running 'ssh -X servername' will give you the ability to run remote X apps on your local system, so if that's all you want, you're done.
On 01/28/2016 09:40 AM, Jonathan Billings wrote:
On Thu, Jan 28, 2016 at 03:24:48AM -0500, ken wrote:
It's been surprisingly difficult to set up a remote display between two CentOS boxes, one headless running v.5.9 and the other a new laptop running v.7.2. Since the one machine is headless, it should be obvious which is to display the desktop of the other.
Maybe you should be more clear as to what you mean by 'remote display'?
When someone is sitting at their linux machine which is running gnome, and if that machine is running at 'init 5', and if they aren't yet logged in, they'll have something on their screen called the Greeter. If they successfully log in they'll have displayed on their monitor a 'gnome desktop'. If they've logged in before, normally gnome (or more properly 'gdm') will display those apps which were open that last time (at the time they logged out from gnome). By 'remote display' I mean that all of that, beginning with the Greeter, can be seen and used, it functions, not on the machine which one is sitting at, at that moment called the local machine, but another machine, a remote machine.
Running 'ssh -X servername' will give you the ability to run remote X apps on your local system, so if that's all you want, you're done.
Nope.
On Thu, Jan 28, 2016 at 10:30:03AM -0500, ken wrote:
When someone is sitting at their linux machine which is running gnome, and if that machine is running at 'init 5', and if they aren't yet logged in, they'll have something on their screen called the Greeter. If they successfully log in they'll have displayed on their monitor a 'gnome desktop'. If they've logged in before, normally gnome (or more properly 'gdm') will display those apps which were open that last time (at the time they logged out from gnome). By 'remote display' I mean that all of that, beginning with the Greeter, can be seen and used, it functions, not on the machine which one is sitting at, at that moment called the local machine, but another machine, a remote machine.
So, what you're asking for is to run XDMCP on the gdm on the centos5 system, which it does support, just add an [xdmcp] section to /etc/gdm/custom.conf.
However, the real question is how do you want to have clients contact gdm via XDMCP? X11 isn't a secure protocol, so just running 'X -query remotehost' isn't really the best idea. You'd have to open up the port on the server in the firewall too.
I wouldn't suggest using this. It'd probably be better to use VNC and forward all traffic over SSH.
On 01/28/2016 11:10 AM, Jonathan Billings wrote:
On Thu, Jan 28, 2016 at 10:30:03AM -0500, ken wrote:
When someone is sitting at their linux machine which is running gnome, and if that machine is running at 'init 5', and if they aren't yet logged in, they'll have something on their screen called the Greeter. If they successfully log in they'll have displayed on their monitor a 'gnome desktop'. If they've logged in before, normally gnome (or more properly 'gdm') will display those apps which were open that last time (at the time they logged out from gnome). By 'remote display' I mean that all of that, beginning with the Greeter, can be seen and used, it functions, not on the machine which one is sitting at, at that moment called the local machine, but another machine, a remote machine.
just add an [xdmcp] section to /etc/gdm/custom.conf.
And that would be what exactly and on which machine?
However, the real question is how do you want to have clients contact gdm via XDMCP? X11 isn't a secure protocol, so just running 'X -query remotehost' isn't really the best idea. You'd have to open up the port on the server in the firewall too.
Let's recall from my original post:
two CentOS boxes, one headless running v.5.9 and the other a new laptop running v.7.2. Since the one machine is headless, it should be obvious which is to display the desktop of the other.
and use the terms "headless machine" and "laptop". It is a little counter-intuitive which of the two machines is the client and which is the server and many people mix it up, a critical mix-up when doing configurations and running commands. I'd go with (and am accustomed to following) the traditional X/XDMCP model, but would prefer not to explain (or argue)it to everyone who might participate in this thread, so let's talk (unambiguously) in terms of the "headless machine" and the "laptop".
I wouldn't suggest using this. It'd probably be better to use VNC and forward all traffic over SSH.
Both of these machines are on a private network-- it's just two hops from one to the other--, they're both in the same room and no physical intrusion is feasible, connected only by cable, and both are behind firewalls. Encryption, then, isn't necessary.
My experience with remote displays in the past is that they are quite sluggish in response. Encryption would add to overhead, making responsiveness even worse. So, in that it's also unnecessary, I'd also prefer not to use it.
A sloppy or inaccurate configuration (which I'm sure we've all seen enough of) is a security risk as well, one which passwords don't always fix. Simplicity mitigates against that. For this reason, again, I'd prefer not to complicate things with an encryption system.
If it's the only way you know how to do it, and if no one else here knows either, then I'd consider it. But it would be better without it.
Which port are you saying should be opened up?
On Thu, Jan 28, 2016 at 01:08:24PM -0500, ken wrote:
On 01/28/2016 11:10 AM, Jonathan Billings wrote:
just add an [xdmcp] section to /etc/gdm/custom.conf.
And that would be what exactly and on which machine?
I believe all you need is:
[xdmcp] Enable=true
in the /etc/gdm/custom.conf of the host running gdm, which in your case would be the headless server. I believe you also need a
[servers] 0=inactive
...to disable gdm from starting up an X server on the headless system. No need for it to be wasting resources.
A sloppy or inaccurate configuration (which I'm sure we've all seen enough of) is a security risk as well, one which passwords don't always fix. Simplicity mitigates against that. For this reason, again, I'd prefer not to complicate things with an encryption system.
If it's the only way you know how to do it, and if no one else here knows either, then I'd consider it. But it would be better without it.
Ok, well, whatever, its up to you to evaluate risk. If sending plaintext usernames, passwords, and all keystrokes over the net in the clear is fine for you, then that's on your head.
Which port are you saying should be opened up?
xdmcp is port 177, udp.
You should be able to test it by running from your laptop:
Xephyr -query <headless-server> :1
That way you don't have to actually kill your existing X session.
By the way, CentOS7's gdm doesn't support XDMCP, so you have to switch to lightdm or xdm if you wanted it to be the XDMCP server. But CentOS5's gdm should work fine, so in this situation, you're in luck.
What I do:
Where I work, I provide a remote graphical service to our students and researchers, and it uses a VNC and SSH client on the desktop, and lightdm (for xdmcp), sshd and a systemd socket running Xvnc -inetd to provide the graphical login. Performance is fine, particularly over a local LAN. With TigerVNC on both the server and clients, it even supports glx client-side.
-
Jonathan Billings -
ken