[gentoo-user] Remotely working on Gentoo systems

[gentoo-user] Remotely working on Gentoo systems

[Jake Moe]

I've got two Gentoo boxes, and would like to run X apps from both on one
display.  From reading up on it, it appears that while this is possible,
it's also not recommended from a security standpoint, and the few HOWTOs
I've found for it seem to be 4-6 years old.  Can anyone tell me:

a) if this is a good idea in the first place,
b) should I be looking at VNC instead of remote X,
c) is there another option I should be looking at, and
d) if there is a good HOWTO on setting up whichever is the best to use
on a recent Gentoo system?

John Moe

Re: [gentoo-user] Remotely working on Gentoo systems

[J. Roeleveld]

On Tuesday 08 June 2010 02:14:55 Jake Moe wrote:
> I've got two Gentoo boxes, and would like to run X apps from both on one
> display.  From reading up on it, it appears that while this is possible,
> it's also not recommended from a security standpoint, and the few HOWTOs
> I've found for it seem to be 4-6 years old.  Can anyone tell me:

Security: Yes, it is not recommended, however, if you trust everyone who can 
connect to your network, then it is safe enough.

> a) if this is a good idea in the first place,

Depends on what you want to achieve. If you have only one screen and/or one 
machine with a decent graphics card then it does make sense.
However, X is a very inefficient protocol. Eg. it can clog the network.

> b) should I be looking at VNC instead of remote X,

Maybe, but VNC puts the remote screen in a window.

> c) is there another option I should be looking at, and

Yes :)

> d) if there is a good HOWTO on setting up whichever is the best to use
> on a recent Gentoo system?

I use X-tunneling with ssh.
To get this to work, start with trying the following:

(machineA has screen, machineB is screenless)
on machineA # ssh -Y machineB
then, on machineB, start the program you want displaying on machineA, for 
instance firefox.

This is both easier to implement and also removes the security issues as ssh 
is encrypted.

HTH,

Joost Roeleveld

Re: [gentoo-user] Remotely working on Gentoo systems

[Jake Moe]

On 08/06/10 16:48, J. Roeleveld wrote:
> On Tuesday 08 June 2010 02:14:55 Jake Moe wrote:
>   
>> I've got two Gentoo boxes, and would like to run X apps from both on one
>> display.  From reading up on it, it appears that while this is possible,
>> it's also not recommended from a security standpoint, and the few HOWTOs
>> I've found for it seem to be 4-6 years old.  Can anyone tell me:
>>     
> Security: Yes, it is not recommended, however, if you trust everyone who can 
> connect to your network, then it is safe enough.
>
>   
>> a) if this is a good idea in the first place,
>>     
> Depends on what you want to achieve. If you have only one screen and/or one 
> machine with a decent graphics card then it does make sense.
> However, X is a very inefficient protocol. Eg. it can clog the network.
>
>   
>> b) should I be looking at VNC instead of remote X,
>>     
> Maybe, but VNC puts the remote screen in a window.
>
>   
>> c) is there another option I should be looking at, and
>>     
> Yes :)
>
>   
>> d) if there is a good HOWTO on setting up whichever is the best to use
>> on a recent Gentoo system?
>>     
> I use X-tunneling with ssh.
> To get this to work, start with trying the following:
>
> (machineA has screen, machineB is screenless)
> on machineA # ssh -Y machineB
> then, on machineB, start the program you want displaying on machineA, for 
> instance firefox.
>
> This is both easier to implement and also removes the security issues as ssh 
> is encrypted.
>
> HTH,
>
> Joost Roeleveld
>
>   
jmoe@aus10224 ~ $ ssh -Y jhb5970
Password:
Last login: Wed Jun  9 08:05:09 EST 2010 from 192.168.0.114 on pts/0
jmoe@jhb5970 ~ $ firefox
Error: no display specified
jmoe@jhb5970 ~ $ konqueror
konqueror: cannot connect to X server
jmoe@jhb5970 ~ $

Did I not do it right?  jhb5970 is not "screenless", it's a laptop, but
it's easier to use only one pane of glass.  I'll probably only want to
do this when machineA is, say, emerging updates, but I want to do
something CPU-intensive on that computer, so I can utilize the idle
machineB.  Make sense?

Jake Moe

Re: [gentoo-user] Remotely working on Gentoo systems

[Alex Schuster]

Jake Moe writes:

> jmoe@aus10224 ~ $ ssh -Y jhb5970
> Password:
> Last login: Wed Jun  9 08:05:09 EST 2010 from 192.168.0.114 on pts/0
> jmoe@jhb5970 ~ $ firefox
> Error: no display specified
> jmoe@jhb5970 ~ $ konqueror
> konqueror: cannot connect to X server
> jmoe@jhb5970 ~ $

Try "echo $DISPLAY", this should give something like localhost:10.0. If it 
is empty, the forwarding did not work. I guess you have to set 
X11Forwarding to yes in /etc/ssh/sshd_config on jhb5970, and restart ssh 
with /etc/init.d/sshd restart. /etc/init.d/sshd reload should also work.

	Wonko

Re: [gentoo-user] Remotely working on Gentoo systems

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 499 bytes --]

On Wed, 09 Jun 2010 09:36:33 +1000, Jake Moe wrote:

> jmoe@aus10224 ~ $ ssh -Y jhb5970
> Password:
> Last login: Wed Jun  9 08:05:09 EST 2010 from 192.168.0.114 on pts/0
> jmoe@jhb5970 ~ $ firefox
> Error: no display specified
> jmoe@jhb5970 ~ $ konqueror
> konqueror: cannot connect to X server
> jmoe@jhb5970 ~ $

Have you enabled X forwarding in sshd_config, it's disabled by default.


-- 
Neil Bothwick

[unwieldy legal disclaimer would go here - feel free to type your own]

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Remotely working on Gentoo systems

[Jake Moe]

On 09/06/10 09:58, Alex Schuster wrote:
> Jake Moe writes:
>
>   
>> jmoe@aus10224 ~ $ ssh -Y jhb5970
>> Password:
>> Last login: Wed Jun  9 08:05:09 EST 2010 from 192.168.0.114 on pts/0
>> jmoe@jhb5970 ~ $ firefox
>> Error: no display specified
>> jmoe@jhb5970 ~ $ konqueror
>> konqueror: cannot connect to X server
>> jmoe@jhb5970 ~ $
>>     
> Try "echo $DISPLAY", this should give something like localhost:10.0. If it 
> is empty, the forwarding did not work. I guess you have to set 
> X11Forwarding to yes in /etc/ssh/sshd_config on jhb5970, and restart ssh 
> with /etc/init.d/sshd restart. /etc/init.d/sshd reload should also work.
>
> 	Wonko
>
>   
Excellent, thanks for that.  I had read about that config option, but it
sounded like it only needed to be set if you wanted all ssh connections
globally to have X11Forwarding turned on, or you use ssh -Y for a single
connection.

Jake Moe

Re: [gentoo-user] Remotely working on Gentoo systems

[J. Roeleveld]

On Wednesday 09 June 2010 02:04:28 Jake Moe wrote:
> On 09/06/10 09:58, Alex Schuster wrote:
> > Jake Moe writes:
> >> jmoe@aus10224 ~ $ ssh -Y jhb5970
> >> Password:
> >> Last login: Wed Jun  9 08:05:09 EST 2010 from 192.168.0.114 on pts/0
> >> jmoe@jhb5970 ~ $ firefox
> >> Error: no display specified
> >> jmoe@jhb5970 ~ $ konqueror
> >> konqueror: cannot connect to X server
> >> jmoe@jhb5970 ~ $
> >
> > Try "echo $DISPLAY", this should give something like localhost:10.0. If
> > it is empty, the forwarding did not work. I guess you have to set
> > X11Forwarding to yes in /etc/ssh/sshd_config on jhb5970, and restart ssh
> > with /etc/init.d/sshd restart. /etc/init.d/sshd reload should also work.
> >
> > 	Wonko
> 
> Excellent, thanks for that.  I had read about that config option, but it
> sounded like it only needed to be set if you wanted all ssh connections
> globally to have X11Forwarding turned on, or you use ssh -Y for a single
> connection.
> 
> Jake Moe
> 

The SSH-server needs to support it.
If the SSH-server does not have this option enabled (in the sshd_config), the 
"-Y" flag does not work when connecting to that server.

If you set the flag in the client-configuration (ssh_config, note, no 'D') then 
it will add the '-Y' option by default to all outgoing ssh-connection 
attempts.

Hope this makes sense?

--
Joost Roeleveld

Re: [gentoo-user] Remotely working on Gentoo systems

[SpaceCake]

[-- Attachment #1: Type: text/plain, Size: 1607 bytes --]

You may give a chance to this. I'm not using every day, but it is a very
promising remote access solution. I think this is based on VNC as well

[I] net-misc/nx
     Available versions:  3.3.0-r1 ~3.3.0-r4 ~3.3.0-r5 3.4.0 [M]~3.4.0-r1
{rdesktop vnc}
     Installed versions:  3.4.0(17.29.52 2010-05-12)
     Homepage:            http://www.nomachine.com/developers.php
     Description:         NX compression technology core libraries

[I] net-misc/nxcl
     Available versions:  0.9-r1 ~0.9-r2 {dbus doc nxclient}
     Installed versions:  0.9-r1(17.32.30 2010-05-12)(dbus -doc -nxclient)
     Homepage:            http://developer.berlios.de/projects/freenx/
     Description:         A library for building NX clients

[I] net-misc/nxclient
     Available versions:  3.3.0.6!s 3.4.0.5!s ~3.4.0.7!s
     Installed versions:  3.4.0.5!s(17.30.37 2010-05-12)
     Homepage:            http://www.nomachine.com/
     Description:         X11/VNC/NXServer client (remote desktops over
low-bandwidth links)

[I] net-misc/nxnode
     Available versions:  3.3.0.17!s 3.4.0.6!s ~3.4.0.6-r1!s [M]~3.4.0.11!s
{rdesktop vnc}
     Installed versions:  3.4.0.6!s(17.35.14 2010-05-12)(rdesktop vnc)
     Homepage:            http://www.nomachine.com/
     Description:         shared components between the different editions
of NoMachine's NX Servers

[I] net-misc/nxserver-freeedition
     Available versions:  3.3.0.14!s 3.4.0.8!s ~3.4.0.12!s
     Installed versions:  3.4.0.8!s(17.35.28 2010-05-12)
     Homepage:            http://www.nomachine.com/
     Description:         Free edition NX server from NoMachine

[-- Attachment #2: Type: text/html, Size: 1961 bytes --]

Re: [gentoo-user] Remotely working on Gentoo systems

[AG]

Il 11/06/2010 11:00, SpaceCake ha scritto:
> You may give a chance to this. I'm not using every day, but it is a 
> very promising remote access solution. I think this is based on VNC as 
> well
>
> [I] net-misc/nx
>      Available versions:  3.3.0-r1 ~3.3.0-r4 ~3.3.0-r5 3.4.0 
> [M]~3.4.0-r1 {rdesktop vnc}
>      Installed versions:  3.4.0(17.29.52 2010-05-12)
>      Homepage: http://www.nomachine.com/developers.php
>      Description:         NX compression technology core libraries

NX is very simple to install
free for few simultaneous connections
efficient in low bandwidth situations
scalable to enterprise level
secured by https
available clients for almost every platform

andrea

Re: [gentoo-user] Remotely working on Gentoo systems

[Kevin O'Gorman]

[-- Attachment #1: Type: text/plain, Size: 1075 bytes --]

On Fri, Jun 11, 2010 at 2:33 AM, AG <a.g@email.it> wrote:

> Il 11/06/2010 11:00, SpaceCake ha scritto:
>
>  You may give a chance to this. I'm not using every day, but it is a very
>> promising remote access solution. I think this is based on VNC as well
>>
>> [I] net-misc/nx
>>     Available versions:  3.3.0-r1 ~3.3.0-r4 ~3.3.0-r5 3.4.0 [M]~3.4.0-r1
>> {rdesktop vnc}
>>     Installed versions:  3.4.0(17.29.52 2010-05-12)
>>     Homepage: http://www.nomachine.com/developers.php
>>     Description:         NX compression technology core libraries
>>
>
> NX is very simple to install
> free for few simultaneous connections
> efficient in low bandwidth situations
> scalable to enterprise level
> secured by https
> available clients for almost every platform
>
> andrea
>
> Request for more information:
1) Exactly what client-side and server-side flags are you telling us to
set.  The names have me somewhat overwhelmed.

2) Is there a connection between NX and SSH?  Could you point me at some
setup docs (if they don't come automatically).


-- 
Kevin O'Gorman, PhD

[-- Attachment #2: Type: text/html, Size: 1659 bytes --]