I've got a headless server running CentOS 7. I've got a user who wants to run some graphical software on it, and view using x forwarding. What I don't have clear is how to set this up. I've just installed xorg-x11-server-[Xorg, common]. I assume I need to run X, but I don't see running this in runlevel 5. Thoughts? mark "and why is it called xorg-x11-server, when in X terminology, it's the client?"* * Which I always thought was bass-ackward, but...
On Thu, 25 Jun 2015 at 15:55 -0000, m.roth at 5-cent.us wrote:> I've got a headless server running CentOS 7. I've got a user who > wants to run some graphical software on it, and view using x > forwarding. What I don't have clear is how to set this up. I've just > installed xorg-x11-server-[Xorg, common]. I assume I need to run X, > but I don't see running this in runlevel 5.For (ssh based) X forwarding no X server needs to run on the server. I usually install the xorg-x11-xauth (necessary) and xterm (optional) rpms on all my servers in case X forwarding becomes necessary. Then from your desktop (assuming Linux already running X) in a local xterm do something like: ssh -Y remote-system Once logged into the remote system you should now have a DISPLAY environment variable set which will tell any client applications how to connect back to the X server on your desktop. For example, just run xterm on the remote server and a xterm window will pop up on your display. This is just an example. You could run xload or any other basic X application. You can also run more complex applications. Many will run fine. Other applications may perform poorly (due to the X protocol chattiness: Firefox, etc). Other applications will have other issues (some gnome/kde/gtk applications make other assumptions about being on the same system as the window manager and try to use dbus and local system things). Note about -X versus -Y with ssh: -X enables basic X forwarding, It disables some X functionality making it "safer" to allow. -X also stops working after about 20 minutes (this is by design but not well documented). I only recently learned why it would stop working after pulling out the last of my hair. -Y allows the full X protocol which might be a security risk. Some applications will only work with -Y. With this, remote X applications can grab keyboard interactions, grab passwords, put windows on top of other windows (obscuring security messages), etc. For my own choice I use -Y (although I only enable it occasionally to specific systems). Stuart -- I've never been lost; I was once bewildered for three days, but never lost! -- Daniel Boone
On 06/25/15 15:55, m.roth at 5-cent.us wrote:> I've got a headless server running CentOS 7. I've got a user who wants to > run some graphical software on it, and view using x forwarding. What I > don't have clear is how to set this up. I've just installed > xorg-x11-server-[Xorg, common]. I assume I need to run X, but I don't see > running this in runlevel 5. > > Thoughts? > > mark "and why is it called xorg-x11-server, when in X terminology, > it's the client?"* > > * Which I always thought was bass-ackward, but... >The easiest way to think of this is that the host on which you are going to watch the output needs a running X server, the source just needs the client application. Of course this also presumes that network and permissions are all in place. The test that I've always used is to run a simple xclient on the remote host, xclock, xeyes, xterminal and see if it show up, if it does you are good to go. Pete -- If money can fix it, it's not a problem. -- Click and Clack the Tappet brothers
On Thu, 25 Jun 2015 15:55:41 -0400 m.roth at 5-cent.us wrote:> > mark "and why is it called xorg-x11-server, when in X > terminology, it's the client?"* > > * Which I always thought was bass-ackward, but...You should think of it this way: the program that wants something drawn on the screen is a client; the program that does the drawing is the server. The client asks the server to draw stuff on the screen, and server is, well... servicing those requests, from various clients. So the server is always the local Xorg process that draws your display, while any remote or local program that wants things drawn on it is the client. The fact that one of them is remote and the other local is of course completely irrelevant for the client/server terminology, contrary to common opinion. This last thing is what confuses people --- they usually think of the word "server" as "the remote machine", while "client" is "the local machine". That is the wrong way to understand the words server and client. HTH, :-) Marko
Hello Stuart, On 06/25/2015 11:51 PM, Stuart Barkley wrote:> For (ssh based) X forwarding no X server needs to run on the server. > I usually install the xorg-x11-xauth (necessary) and xterm (optional) > rpms on all my servers in case X forwarding becomes necessary. > > Then from your desktop (assuming Linux already running X) in a local > xterm do something like: > > ssh -Y remote-systemDo not use that because any user logged on the server can connect to your X server display and snoop what you are doing, open windows etc. -Y disables all the X server authentication mechanisms (http://www.x.org/wiki/Development/Documentation/Security/)> Note about -X versus -Y with ssh: > > -X enables basic X forwarding, It disables some X functionality making > it "safer" to allow. -X also stops working after about 20 minutes > (this is by design but not well documented). I only recently learned > why it would stop working after pulling out the last of my hair.I have been using ssh X forwarding for current work use (local betwork) for more than 15 years and never got into this kind of problem from RH 7 to Centos 7, AIX and Solaris. Maybe it is some other issue that is closing your ssh connection (maybe you should use the KeepAlive options on the ssh server/client); just guessing.> -Y allows the full X protocol which might be a security risk. Some > applications will only work with -Y. With this, remote X applications > can grab keyboard interactions, grab passwords, put windows on top of > other windows (obscuring security messages), etc. > > For my own choice I use -Y (although I only enable it occasionally to > specific systems).It is a security risk as I said above any user logged on the server can connect to your display X server without you knowing. Lec
On 06/25/15 18:02, Marko Vojinovic wrote:> On Thu, 25 Jun 2015 15:55:41 -0400 > m.roth at 5-cent.us wrote: >> >> mark "and why is it called xorg-x11-server, when in X >> terminology, it's the client?"* >> >> * Which I always thought was bass-ackward, but... > > You should think of it this way: the program that wants something drawn > on the screen is a client; the program that does the drawing is the > server. The client asks the server to draw stuff on the screen, and > server is, well... servicing those requests, from various clients.<snip> You misunderstand me: I understand the terminology, and why they chose it. I simply disagree with their choice, and have always found it confusing, esp. to anyone coming into it since, um, the mid/late 80's, when *everything* else in the world used the terminology the other way, from d/b to three-tiered architecture. mark