[CentOS] An odd X question

Thu Jun 25 20:51:49 UTC 2015
Stuart Barkley <stuartb at 4gh.net>

On Thu, 25 Jun 2015 at 15:55 -0000, m.roth at 5-cent.us wrote:

> I've got a headless server running CentOS 7. I've got a user who
> wants to run some graphical software on it, and view using x
> forwarding. What I don't have clear is how to set this up. I've just
> installed xorg-x11-server-[Xorg, common]. I assume I need to run X,
> but I don't see running this in runlevel 5.

For (ssh based) X forwarding no X server needs to run on the server.
I usually install the xorg-x11-xauth (necessary) and xterm (optional)
rpms on all my servers in case X forwarding becomes necessary.

Then from your desktop (assuming Linux already running X) in a local
xterm do something like:

    ssh -Y remote-system

Once logged into the remote system you should now have a DISPLAY
environment variable set which will tell any client applications how
to connect back to the X server on your desktop.

For example, just run xterm on the remote server and a xterm window
will pop up on your display.  This is just an example.  You could run
xload or any other basic X application.

You can also run more complex applications.  Many will run fine.
Other applications may perform poorly (due to the X protocol
chattiness: Firefox, etc).  Other applications will have other issues
(some gnome/kde/gtk applications make other assumptions about being on
the same system as the window manager and try to use dbus and local
system things).

Note about -X versus -Y with ssh:

-X enables basic X forwarding, It disables some X functionality making
it "safer" to allow.  -X also stops working after about 20 minutes
(this is by design but not well documented).  I only recently learned
why it would stop working after pulling out the last of my hair.

-Y allows the full X protocol which might be a security risk.  Some
applications will only work with -Y.  With this, remote X applications
can grab keyboard interactions, grab passwords, put windows on top of
other windows (obscuring security messages), etc.

For my own choice I use -Y (although I only enable it occasionally to
specific systems).

I've never been lost; I was once bewildered for three days, but never lost!
                                        --  Daniel Boone