CentOS - Jan 2016 - remote gnome setup

On 01/28/2016 09:40 AM, Jonathan Billings wrote:
> On Thu, Jan 28, 2016 at 03:24:48AM -0500, ken wrote:
>> It's been surprisingly difficult to set up a remote display between
two
>> CentOS boxes, one headless running v.5.9 and the other a new laptop
running
>> v.7.2.  Since the one machine is headless, it should be obvious which
is to
>> display the desktop of the other.
>
> Maybe you should be more clear as to what you mean by 'remote
> display'?
When someone is sitting at their linux machine which is running gnome, 
and if that machine is running at 'init 5', and if they aren't yet 
logged in, they'll have something on their screen called the Greeter. 
If they successfully log in they'll have displayed on their monitor a 
'gnome desktop'.  If they've logged in before, normally gnome (or
more
properly 'gdm') will display those apps which were open that last time 
(at the time they logged out from gnome).  By 'remote display' I mean 
that all of that, beginning with the Greeter, can be seen and used, it 
functions, not on the machine which one is sitting at, at that moment 
called the local machine, but another machine, a remote machine.

>
> Running 'ssh -X servername' will give you the ability to run remote
X
> apps on your local system, so if that's all you want, you're done.
>
Nope.

On Thu, Jan 28, 2016 at 10:30:03AM -0500, ken wrote:
> When someone is sitting at their linux machine which is running gnome, and
> if that machine is running at 'init 5', and if they aren't yet
logged in,
> they'll have something on their screen called the Greeter. If they
> successfully log in they'll have displayed on their monitor a
'gnome
> desktop'.  If they've logged in before, normally gnome (or more
properly
> 'gdm') will display those apps which were open that last time (at
the time
> they logged out from gnome).  By 'remote display' I mean that all
of that,
> beginning with the Greeter, can be seen and used, it functions, not on the
> machine which one is sitting at, at that moment called the local machine,
> but another machine, a remote machine.
So, what you're asking for is to run XDMCP on the gdm on the centos5
system, which it does support, just add an [xdmcp] section to
/etc/gdm/custom.conf.  

However, the real question is how do you want to have clients contact
gdm via XDMCP?  X11 isn't a secure protocol, so just running 'X -query
remotehost' isn't really the best idea.  You'd have to open up the
port on the server in the firewall too.

I wouldn't suggest using this.  It'd probably be better to use VNC and
forward all traffic over SSH.

-- 
Jonathan Billings <billings at negate.org>

On 01/28/2016 11:10 AM, Jonathan Billings wrote:
> On Thu, Jan 28, 2016 at 10:30:03AM -0500, ken wrote:
>> When someone is sitting at their linux machine which is running
>> gnome, and if that machine is running at 'init 5', and if they
>> aren't yet logged in, they'll have something on their screen
called
>> the Greeter. If they successfully log in they'll have displayed on
>> their monitor a 'gnome desktop'.  If they've logged in
before,
>> normally gnome (or more properly 'gdm') will display those apps
>> which were open that last time (at the time they logged out from
>> gnome).  By 'remote display' I mean that all of that, beginning
>> with the Greeter, can be seen and used, it functions, not on the
>> machine which one is sitting at, at that moment called the local
>> machine, but another machine, a remote machine.
>
> just add an [xdmcp] section to /etc/gdm/custom.conf.
And that would be what exactly and on which machine?

>
> However, the real question is how do you want to have clients
> contact gdm via XDMCP?  X11 isn't a secure protocol, so just running
> 'X -query remotehost' isn't really the best idea.  You'd
have to open
> up the port on the server in the firewall too.
Let's recall from my original post:
> two CentOS boxes, one headless running v.5.9 and the other a new
> laptop running v.7.2.  Since the one machine is headless, it should
> be obvious which is to display the desktop of the other.
and use the terms "headless machine" and "laptop".  It is a
little
counter-intuitive which of the two machines is the client and which is
the server and many people mix it up, a critical mix-up when doing
configurations and running commands.  I'd go with (and am accustomed to
following) the traditional X/XDMCP model, but would prefer not to 
explain (or argue)it to everyone who might participate in this thread, 
so let's talk (unambiguously) in terms of the "headless machine"
and the
"laptop".
>
> I wouldn't suggest using this.  It'd probably be better to use VNC
> and forward all traffic over SSH.
>
Both of these machines are on a private network-- it's just two hops 
from one to the other--, they're both in the same room and no physical 
intrusion is feasible, connected only by cable, and both are behind 
firewalls.  Encryption, then, isn't necessary.

My experience with remote displays in the past is that they are quite 
sluggish in response.  Encryption would add to overhead, making 
responsiveness even worse.  So, in that it's also unnecessary, I'd also 
prefer not to use it.

A sloppy or inaccurate configuration (which I'm sure we've all seen 
enough of) is a security risk as well, one which passwords don't always 
fix.  Simplicity mitigates against that.  For this reason, again, I'd 
prefer not to complicate things with an encryption system.

If it's the only way you know how to do it, and if no one else here 
knows either, then I'd consider it.  But it would be better without it.


Which port are you saying should be opened up?