[CentOS] remote gnome setup

Thu Jan 28 18:08:24 UTC 2016
ken <gebser at mousecar.com>

On 01/28/2016 11:10 AM, Jonathan Billings wrote:
> On Thu, Jan 28, 2016 at 10:30:03AM -0500, ken wrote:
>> When someone is sitting at their linux machine which is running
>> gnome, and if that machine is running at 'init 5', and if they
>> aren't yet logged in, they'll have something on their screen called
>> the Greeter. If they successfully log in they'll have displayed on
>> their monitor a 'gnome desktop'.  If they've logged in before,
>> normally gnome (or more properly 'gdm') will display those apps
>> which were open that last time (at the time they logged out from
>> gnome).  By 'remote display' I mean that all of that, beginning
>> with the Greeter, can be seen and used, it functions, not on the
>> machine which one is sitting at, at that moment called the local
>> machine, but another machine, a remote machine.
>
> just add an [xdmcp] section to /etc/gdm/custom.conf.

And that would be what exactly and on which machine?


>
> However, the real question is how do you want to have clients
> contact gdm via XDMCP?  X11 isn't a secure protocol, so just running
> 'X -query remotehost' isn't really the best idea.  You'd have to open
> up the port on the server in the firewall too.

Let's recall from my original post:

> two CentOS boxes, one headless running v.5.9 and the other a new
> laptop running v.7.2.  Since the one machine is headless, it should
> be obvious which is to display the desktop of the other.

and use the terms "headless machine" and "laptop".  It is a little
counter-intuitive which of the two machines is the client and which is
the server and many people mix it up, a critical mix-up when doing
configurations and running commands.  I'd go with (and am accustomed to
following) the traditional X/XDMCP model, but would prefer not to 
explain (or argue)it to everyone who might participate in this thread, 
so let's talk (unambiguously) in terms of the "headless machine" and the
"laptop".

>
> I wouldn't suggest using this.  It'd probably be better to use VNC
> and forward all traffic over SSH.
>

Both of these machines are on a private network-- it's just two hops 
from one to the other--, they're both in the same room and no physical 
intrusion is feasible, connected only by cable, and both are behind 
firewalls.  Encryption, then, isn't necessary.

My experience with remote displays in the past is that they are quite 
sluggish in response.  Encryption would add to overhead, making 
responsiveness even worse.  So, in that it's also unnecessary, I'd also 
prefer not to use it.

A sloppy or inaccurate configuration (which I'm sure we've all seen 
enough of) is a security risk as well, one which passwords don't always 
fix.  Simplicity mitigates against that.  For this reason, again, I'd 
prefer not to complicate things with an encryption system.

If it's the only way you know how to do it, and if no one else here 
knows either, then I'd consider it.  But it would be better without it.


Which port are you saying should be opened up?