On 01/28/2016 11:10 AM, Jonathan Billings wrote: > On Thu, Jan 28, 2016 at 10:30:03AM -0500, ken wrote: >> When someone is sitting at their linux machine which is running >> gnome, and if that machine is running at 'init 5', and if they >> aren't yet logged in, they'll have something on their screen called >> the Greeter. If they successfully log in they'll have displayed on >> their monitor a 'gnome desktop'. If they've logged in before, >> normally gnome (or more properly 'gdm') will display those apps >> which were open that last time (at the time they logged out from >> gnome). By 'remote display' I mean that all of that, beginning >> with the Greeter, can be seen and used, it functions, not on the >> machine which one is sitting at, at that moment called the local >> machine, but another machine, a remote machine. > > just add an [xdmcp] section to /etc/gdm/custom.conf. And that would be what exactly and on which machine? > > However, the real question is how do you want to have clients > contact gdm via XDMCP? X11 isn't a secure protocol, so just running > 'X -query remotehost' isn't really the best idea. You'd have to open > up the port on the server in the firewall too. Let's recall from my original post: > two CentOS boxes, one headless running v.5.9 and the other a new > laptop running v.7.2. Since the one machine is headless, it should > be obvious which is to display the desktop of the other. and use the terms "headless machine" and "laptop". It is a little counter-intuitive which of the two machines is the client and which is the server and many people mix it up, a critical mix-up when doing configurations and running commands. I'd go with (and am accustomed to following) the traditional X/XDMCP model, but would prefer not to explain (or argue)it to everyone who might participate in this thread, so let's talk (unambiguously) in terms of the "headless machine" and the "laptop". > > I wouldn't suggest using this. It'd probably be better to use VNC > and forward all traffic over SSH. > Both of these machines are on a private network-- it's just two hops from one to the other--, they're both in the same room and no physical intrusion is feasible, connected only by cable, and both are behind firewalls. Encryption, then, isn't necessary. My experience with remote displays in the past is that they are quite sluggish in response. Encryption would add to overhead, making responsiveness even worse. So, in that it's also unnecessary, I'd also prefer not to use it. A sloppy or inaccurate configuration (which I'm sure we've all seen enough of) is a security risk as well, one which passwords don't always fix. Simplicity mitigates against that. For this reason, again, I'd prefer not to complicate things with an encryption system. If it's the only way you know how to do it, and if no one else here knows either, then I'd consider it. But it would be better without it. Which port are you saying should be opened up?