[CentOS] remote gnome setup

Thu Jan 28 19:14:50 UTC 2016
Jonathan Billings <billings at negate.org>

On Thu, Jan 28, 2016 at 01:08:24PM -0500, ken wrote:
> On 01/28/2016 11:10 AM, Jonathan Billings wrote:
> >just add an [xdmcp] section to /etc/gdm/custom.conf.
> And that would be what exactly and on which machine?

I believe all you need is:


in the /etc/gdm/custom.conf of the host running gdm, which in your
case would be the headless server.  I believe you also need a


...to disable gdm from starting up an X server on the headless system.
No need for it to be wasting resources.

> A sloppy or inaccurate configuration (which I'm sure we've all seen enough
> of) is a security risk as well, one which passwords don't always fix.
> Simplicity mitigates against that.  For this reason, again, I'd prefer not
> to complicate things with an encryption system.
> If it's the only way you know how to do it, and if no one else here knows
> either, then I'd consider it.  But it would be better without it.

Ok, well, whatever, its up to you to evaluate risk.  If sending
plaintext usernames, passwords, and all keystrokes over the net in the
clear is fine for you, then that's on your head.

> Which port are you saying should be opened up?

xdmcp is port 177, udp.

You should be able to test it by running from your laptop:

Xephyr -query <headless-server> :1

That way you don't have to actually kill your existing X session.

By the way, CentOS7's gdm doesn't support XDMCP, so you have to switch
to lightdm or xdm if you wanted it to be the XDMCP server.  But
CentOS5's gdm should work fine, so in this situation, you're in luck.

What I do:

Where I work, I provide a remote graphical service to our students and
researchers, and it uses a VNC and SSH client on the desktop, and
lightdm (for xdmcp), sshd and a systemd socket running Xvnc -inetd to
provide the graphical login.  Performance is fine, particularly over a
local LAN.  With TigerVNC on both the server and clients, it even
supports glx client-side. 

Jonathan Billings <billings at negate.org>