Re: ssh -X xinit failure
On 07/05/14 04:33, Yasha Karant wrote: Thanks for the information. At my institution, we were told by the university network security group that after ssh -X, one still needed to activate X for the session by xinit or the like for security reasons. Evidently, the persons were thinking of some other environment (MS Windows perhaps?). Indeed, xeyes and firefox both work fine from the remote host to the local client workstation. A question: as a regular X window manager desktop from the remote machine is not displayed (that is, the pull down menu Applications under Gnome or the equivalent from KDE), is there any mechanism to get such a menu, etc., displayed? What is the default GUI file manager (that allows an end user to point and click on an executable file to execute the application) that can be invoked from a remote terminal? Running this over ssh will most likely not work well at all. If you want a remote desktop experience, look into nomachine or freenx: https://www.nomachine.com/ http://wiki.centos.org/HowTos/FreeNX Another alternative is to start Xvnc and tunnel the VNC port Xvnc establishes from your remote server via SSH. Then use a local VNC client to connect to the same port. This may work, but may also be worse than nomachine. Using anything else, will most likely just cause grief and frustration. The X11 protocol isn't easily tunnelled, and requires quite some stable bandwidth to work decent. -- kind regards, David Sommerseth
RE: ssh -X xinit failure
We're actually using X2Go - an OSS continuation of FreeNX as far as I can tell. No more going to nomachine.com at all - they have their own clients you can download etc. It works pretty well once you install the fonts manually into the embedded xserver or point to a local xserver with the fonts installed (this is on Windows. I think the other platforms already have the fonts)... I tried XRDP here, and had nothing but weirdness, which is too bad as RDP wouldn't be a bad solution. But X2Go client is really slick - you can have it run a whole desktop, you can have it run a specific app, and you can have it use rdesktop to proxy an rdp connection to a Windows computer if you don't want to set up VPN or an RDP gateway server for that... I'm really impressed with the flexibility. Also, once you get the client set up on Windows - you can easily zip the entire program files folder and then pass it around to run anywhere without installing, which is also nice! -- James Pulver CLASSE Computer Group Cornell University -Original Message- From: owner-scientific-linux-us...@listserv.fnal.gov [mailto:owner-scientific-linux-us...@listserv.fnal.gov] On Behalf Of David Sommerseth Sent: Wednesday, May 07, 2014 7:29 AM To: Yasha Karant; Scientific Linux Users Subject: Re: ssh -X xinit failure On 07/05/14 04:33, Yasha Karant wrote: Thanks for the information. At my institution, we were told by the university network security group that after ssh -X, one still needed to activate X for the session by xinit or the like for security reasons. Evidently, the persons were thinking of some other environment (MS Windows perhaps?). Indeed, xeyes and firefox both work fine from the remote host to the local client workstation. A question: as a regular X window manager desktop from the remote machine is not displayed (that is, the pull down menu Applications under Gnome or the equivalent from KDE), is there any mechanism to get such a menu, etc., displayed? What is the default GUI file manager (that allows an end user to point and click on an executable file to execute the application) that can be invoked from a remote terminal? Running this over ssh will most likely not work well at all. If you want a remote desktop experience, look into nomachine or freenx: https://www.nomachine.com/ http://wiki.centos.org/HowTos/FreeNX Another alternative is to start Xvnc and tunnel the VNC port Xvnc establishes from your remote server via SSH. Then use a local VNC client to connect to the same port. This may work, but may also be worse than nomachine. Using anything else, will most likely just cause grief and frustration. The X11 protocol isn't easily tunnelled, and requires quite some stable bandwidth to work decent. -- kind regards, David Sommerseth
Re: ssh -X xinit failure
On Wed, May 7, 2014 at 5:14 AM, James M. Pulver jmp...@cornell.edu wrote: We're actually using X2Go - an OSS continuation of FreeNX as far as I can tell. No more going to nomachine.com at all - they have their own clients you can download etc. It works pretty well once you install the fonts manually into the embedded xserver or point to a local xserver with the fonts installed (this is on Windows. I think the other platforms already have the fonts)... I also recommend x2go. It's available from EPEL. Akemi
Re: ssh -X xinit failure
On 05/06/2014 10:33 PM, Yasha Karant wrote: ... What is the default GUI file manager (that allows an end user to point and click on an executable file to execute the application) that can be invoked from a remote terminal? You can invoke nautilus remotely in either 'spatial' mode or 'file manager mode.' To invoke in spatial mode, issue the command 'nautilus ' at the remote's shell prompt. The of course puts it into the background, although many GUI programs take liberties with stderr that can be annoying. The also keeps your remote shell usable for other commands as needed. To invoke 'file manager mode' use 'nautilus --browser ' instead. To see other command line options (there aren't that many) read the man page for nautilus. While your mileage may vary, I find that, if I'm just running one or two remote programs, ssh X tunnelling works better than a full remote desktop like NX or x2go, especially on really slow WAN links (I do this all the time for remote support of CentOS workstations on DSL circuits with autossh-maintained reverse tunnels. a tunnelled X app comes up quicker and is usable more rapidly than a full remote desktop is; I can have, for instance, system-config-firewall up, running, and changes made (but maybe not applied yet) before the initial remote desktop redraw is complete with NX, for the most part. Further, I can move that system-config-firewall anywhere on my local X server display with little to no redraw lag; try that with NX. (NX and the others have their places; remotely running one or two X clients is not one of them, IMO). You may also want to look at the ssh documentation and read up on the difference between the '-X' command line switch and the '-Y' command line switch.
Re: ssh -X xinit failure
Also consider using the -C option as well: compresses the stream. Raw X packets compress nicely. On a limited bandwidth connection this makes a huge difference: on a high bandwidth connection, the extra compress/decompress latency might be more annoying. -- Alec Habig, University of Minnesota Duluth Physics Dept. ha...@neutrino.d.umn.edu http://neutrino.d.umn.edu/~habig/
Re: ssh -X xinit failure
On 05/07/2014 10:06 AM, Alec Habig wrote: Also consider using the -C option as well Yes, very good information, and it is something I do.
Re: aufs rpm
In that list there is no rpm which supports for the required kernel ( 2.6.32-358.11.1.e16.x86_64) On Wed, May 7, 2014 at 4:53 PM, David Sommerseth sl+us...@lists.topphemmelig.net wrote: On 07/05/14 13:12, n.chandra sekhar wrote: Hi I am using scientific Linux 6 of kernel version is 2.6.32-358.11.1.e16.x86_64 , so can body suggest where i can i get the aufs rpm for this kernel version or if anyone knows please provide the downlaod link Please see the response you already got here: http://listserv.fnal.gov/scripts/wa.exe?A2=ind1405L=scientific-linux-usersT=0P=1444 -- kind regards, David Sommerseth
Re: Bombono DVD load/install
On Tue, 6 May 2014, Taylor Woods wrote: --089e0122ebb029382c04f8c61842 Content-Type: text/plain; charset=UTF-8 Ok I don't think I am insane, but I am trying to load Bombono DVD on SL 6.5, I found it on the website, tried to download it for 64 bit no go, What did you try? Details please. tried from RPM list site way too many to choose from but I tried one no Way too many what to choose from. Details please. good any suggestions on how to load this? I have done this before but this is on another system and I don't remember. Any suggestions? More detail is needed about what you have tried already. -Connie Sieh Taylor Woods 3J Computer Associates Plc From the desk of Taylor Woods: Just one man and his computer Success is not measured by the amount of failures but by the amount of attempts to accept failure as NOT an option Taylor Woods jtwoods0...@gmail.com (404)536-7773 This electronic mail (including any attachments) may contain information that is privileged, confidential, and/or otherwise protected from disclosure to anyone other than its intended recipient(s). Any dissemination or use of this electronic mail or its contents (including any attachments) by persons other than the intended recipient(s) is strictly prohibited. If you have received this message in error, please notify us immediately by reply e-mail so that we may correct our internal records. Please then delete the original message (including any attachments) in its entirety. Thank you. --089e0122ebb029382c04f8c61842 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable div dir=3Dltrdiv class=3Dgmail_default style=3Dfont-family:comic sa= ns ms,sans-serifOk I don#39;t think I am insane, but I am trying to load= Bombono DVD on SL 6.5, I found it on the website, tried to download it for= 64 bit no go, tried from RPM list site way too many to choose from but I t= ried one no good any suggestions on how to load this? I have done this befo= re but this is on another system and I don#39;t remember. Any suggestions?= br /divdiv class=3Dgmail_default style=3Dfont-family:comic sans ms,sans-= serifbrbr/divdiv class=3Dgmail_default style=3Dfont-family:comi= c sans ms,sans-serifTaylor Woodsbr/divdiv class=3Dgmail_default st= yle=3Dfont-family:comic sans ms,sans-serif 3J Computer Associates Plcbr/divdiv class=3Dgmail_default style=3Df= ont-family:comic sans ms,sans-serifbrbr clear=3Dall/divdivdiv = dir=3Dltrdivspan style=3Dcolor:rgb(0,0,0);font-family:Arial;font-siz= e:mediumFrom the desk of Taylor Woods: Just one man and his computerbr /span/divdivspan style=3Dcolor:rgb(0,0,0);font-family:Arial;font-si= ze:mediumbr/span/divdivspan style=3Dcolor:rgb(0,0,0);font-famil= y:Arial;font-size:mediumquot;Success is not measured by the amount of fa= ilures but by the amount of attempts to accept failure as NOT an optionquo= t;=C2=A0/span/div divspan style=3Dcolor:rgb(0,0,0);font-family:Arial;font-size:mediumb= r/span/divdivspan style=3Dcolor:rgb(0,0,0);font-family:Arial;font-= size:mediumTaylor Woodsbr/span/divdivspan style=3Dcolor:rgb(0,0= ,0);font-family:Arial;font-size:mediuma href=3Dmailto:jtwoods0601@gmail= .com target=3D_blankjtwoods0...@gmail.com/abr (404)536-7773brbr/span/divdivspan style=3Dcolor:rgb(0,0,0);font= -family:Arial;font-size:mediumThis electronic mail (including any attachm= ents) may contain information that is privileged, confidential, and/or othe= rwise protected from disclosure to anyone other than its intended recipient= (s). Any dissemination or use of this electronic mail or its contents (incl= uding any attachments) by persons other than the intended recipient(s) is s= trictly prohibited. If you have received this message in error, please noti= fy us immediately by reply e-mail so that we may correct our internal recor= ds. Please then delete the original message (including any attachments) in = its entirety. Thank you./spanbr /divdivbr/divdivbr/divdivbr/divdivbr/divbr/div= /div /div --089e0122ebb029382c04f8c61842--
Re: ssh -X xinit failure
On 05/07/2014 09:58 AM, Lamar Owen wrote: On 05/06/2014 10:33 PM, Yasha Karant wrote: ... What is the default GUI file manager (that allows an end user to point and click on an executable file to execute the application) that can be invoked from a remote terminal? You can invoke nautilus remotely in either 'spatial' mode or 'file manager mode.' ... You may also want to look at the ssh documentation and read up on the difference between the '-X' command line switch and the '-Y' command line switch. Also note that nautilus invoked in this way won't be able to access 'network' resources. However, there is a way, and that is to not directly launch nautilus, but use 'dbus-launch' to launch it. So, for 'file manager' mode with URI's like dav://, sftp://, etc working you would need: dbus-launch nautilus --browser This works; I'm using it right now with a remote server doing a copy of a 50GB or so tree of mp3 audio clips out of a Plone website to the straight filesystem using WebDAV. Not exactly fast, but it is working. Yes, this could be done in other ways, but since I was on this topic already today, I thought I'd try it out.
Re: ssh -X xinit failure
Another thing which can help performance of tunneled X11 is forcing your connection to use arcfour or blowfish as its cipher. While arcfour is the much-reviled RC4, it is usually the fastest choice; blowfish is a good alternative. A fast cipher combined with compression is a powerful combination for running single apps. Note that there isn't much which can help Firefox running over a WAN X11 though. ;) --Matt -- Matt Lewandowsky Big Geek Greenviolet m...@greenviolet.net http://www.greenviolet.net +1 415 578 5782 (US) +44 844 484 8254 (UK) Sent from my BlackBerry 10 smartphone. From: Alec Habig Sent: Wednesday, May 7, 2014 07:07 To: Lamar Owen Cc: Scientific Linux Users Subject: Re: ssh -X xinit failure Also consider using the -C option as well: compresses the stream. Raw X packets compress nicely. On a limited bandwidth connection this makes a huge difference: on a high bandwidth connection, the extra compress/decompress latency might be more annoying. -- Alec Habig, University of Minnesota Duluth Physics Dept. ha...@neutrino.d.umn.edu http://neutrino.d.umn.edu/~habig/
Re: ssh -X xinit failure
Thank you for the information on www.nomachine.com, etc. Two points: I was not confused about the mechanisms and terminology of X windows, but the university network security czar administrative (not academic) group evidently was -- I simply followed instructions that clearly are incorrect, and, silly me, did not experiment with simple tests. Second: does the package you recommend behave *IDENTICALLY* to ssh -X so far as any network security (ports, protocols, packet headers, etc.) can detect? Almost all network protocols are blocked by the same security group, including some internal packet examination that may be able to detect if ssh -X is not being used. Only ssh -X is permitted by this group for remote X windows, and none of the MS Windows (currently 7) university-wide-supplied classroom console workstations have any X windows servers -- thus I must bring my research laptop to class to demonstrate any GUI running on a Linux machine (such as a compute server with a graphical debugger). Of necessity, we have more control over the protocols, etc., used on the research networks, but these are not used by any direct instructional facility. Within our Department (technically, School), our instructional technicians run our own instructional network (separate from any research network), and this is more permissive of protocols than the university czar group allows -- although the czar group has attempted to gain control of, and thus effectively shut down, our instructional network (that mostly has SL6 workstations). However, the question I am pursuing is for use in classrooms outside those we control. Yasha Karant On 05/06/2014 08:43 PM, Nico Kadel-Garcia wrote: On Tue, May 6, 2014 at 10:33 PM, Yasha Karant ykar...@csusb.edu wrote: Thanks for the information. At my institution, we were told by the university network security group that after ssh -X, one still needed to activate X for the session by xinit or the like for security reasons. Evidently, the persons were thinking of some other environment (MS Windows perhaps?). Indeed, xeyes and firefox both work fine from the remote host to the local client workstation. *Sigh*. OK, time for some lessons. X reverses the concept of server and client from how people think of them. xinit is used to start an X server on your local machine, so that X applications can work correctly. The graphical login presented as a default on most Linux environments is an X based login manager, with an X session already running, so for most Linux environments you don't need it. If you run a server that is at run level 3, where an X session isn't normally used for logins, then you'd need to run xinit on your local system to get things working. ssh -X would then run from a terminal session or SSH tool in that X session, running on your local X server On the SSH server you log into, if you start X applications, they are then clients of your local X server connected over SSH. The more common problem is when people neglect to install the necessary X libraries on the remote SSH server, and wonder why ssh -X won't work. The necessary tools include xauth and X library dependencies and fonts. Start by making sure the remote side has xauth installed, if you have trouble that way. Now, with all that said: bare X sessions tend to be bandwidth and resource greedy, and don't share sessions well or hve good tools for controlling how many or which clients are allowed. And the X servers for Windows clients often stink. If you need something more effective, and with a *much better* security model than tools like vnc for remote X sessions, strongly consider the www.nomachine.com toolkits. They'e extremely effective multi-platform X servers wired into their optimized X protocol, and they work very well to provide much better security control of X sessions. It's commercial software, free for personal use, and I do like it greatly over VNC. (I wrote the first SunOS ports of VNC: there's a lot wrong with it.) A question: as a regular X window manager desktop from the remote machine is not displayed (that is, the pull down menu Applications under Gnome or the equivalent from KDE), is there any mechanism to get such a menu, etc., displayed? What is the default GUI file manager (that allows an end user to point and click on an executable file to execute the application) that can be invoked from a remote terminal? See above tools from www.nomachine.com for graceful window manager environments. What you seem to really want is for the X session to be inside a window manager environment, rather than simply running X applications against your local X server. If you want window managers, as it stands, you need to run one *locally* as part of your X server session. The easy way to do this is to run your Linux box in run level 5, with a GUI based login, so the window manager is alrady running. Otherwise, to run it locally, you'll need to install a window manager and
Re: ssh -X xinit failure
Hi Yasha: The NX protocol, as used pre4.0 and served by freenx and others, is X11 that has been protocol-compressed so that no unnecessary X events go over the wire. As it is encapsulated inside ssh, and uses ssh as its only transport, it is indistinguishable from any ssh session. This is NOT true of the current NoMachine offerings, which can make getting clients a bit chancy, but the protocol will work wherever ssh will work. If you install the freenx server on your X11 host system, and connect with a 3.x NX client, it will appear to them that you used a key based login to access a ssh session. No -X is needed, as it uses the channel that it has to talk to its own X11 server on your host system, which it starts and stops on demand. The client software provides the X server on the windows end of things. Contact me directly for help with clients, as the 3.x clients are no longer available from NoMachine, but have been archived at many institutions. The FreeNX server is available on one of the repositories with all the dependencies, which makes installation a breeze. Sincerely Jim James Fait, Ph.D. Email: f...@anl.gov - Original Message - | From: Yasha Karant ykar...@csusb.edu | To: Scientific Linux Users SCIENTIFIC-LINUX-USERS@listserv.fnal.gov | Sent: Wednesday, May 7, 2014 3:02:05 PM | Subject: Re: ssh -X xinit failure | | Thank you for the information on www.nomachine.com, etc. Two points: | I | was not confused about the mechanisms and terminology of X windows, | but | the university network security czar administrative (not academic) | group | evidently was -- I simply followed instructions that clearly are | incorrect, and, silly me, did not experiment with simple tests. | Second: | does the package you recommend behave *IDENTICALLY* to ssh -X so far | as | any network security (ports, protocols, packet headers, etc.) can | detect? Almost all network protocols are blocked by the same | security | group, including some internal packet examination that may be able to | detect if ssh -X is not being used. Only ssh -X is permitted by | this | group for remote X windows, and none of the MS Windows (currently 7) | university-wide-supplied classroom console workstations have any X | windows servers -- thus I must bring my research laptop to class to | demonstrate any GUI running on a Linux machine (such as a compute | server | with a graphical debugger). Of necessity, we have more control over | the | protocols, etc., used on the research networks, but these are not | used | by any direct instructional facility. Within our Department | (technically, School), our instructional technicians run our own | instructional network (separate from any research network), and this | is | more permissive of protocols than the university czar group allows -- | although the czar group has attempted to gain control of, and thus | effectively shut down, our instructional network (that mostly has SL6 | workstations). However, the question I am pursuing is for use in | classrooms outside those we control. | | Yasha Karant | | On 05/06/2014 08:43 PM, Nico Kadel-Garcia wrote: | On Tue, May 6, 2014 at 10:33 PM, Yasha Karant ykar...@csusb.edu | wrote: | Thanks for the information. At my institution, we were told by | the | university network security group that after ssh -X, one still | needed to | activate X for the session by xinit or the like for security | reasons. | Evidently, the persons were thinking of some other environment (MS | Windows | perhaps?). Indeed, xeyes and firefox both work fine from the | remote host to | the local client workstation. | *Sigh*. OK, time for some lessons. X reverses the concept of | server | and client from how people think of them. xinit is used to | start | an X server on your local machine, so that X applications can | work | correctly. The graphical login presented as a default on most Linux | environments is an X based login manager, with an X session already | running, so for most Linux environments you don't need it. If you | run | a server that is at run level 3, where an X session isn't | normally | used for logins, then you'd need to run xinit on your local | system | to get things working. | | ssh -X would then run from a terminal session or SSH tool in that | X | session, running on your local X server On the SSH server you log | into, if you start X applications, they are then clients of your | local X server connected over SSH. | | The more common problem is when people neglect to install the | necessary X libraries on the remote SSH server, and wonder why ssh | -X won't work. The necessary tools include xauth and X library | dependencies and fonts. Start by making sure the remote side has | xauth installed, if you have trouble that way. | | Now, with all that said: bare X sessions tend to be bandwidth and | resource greedy, and don't share sessions well or hve good tools | for | controlling
Re: ssh -X xinit failure
On Wed, May 7, 2014 at 4:02 PM, Yasha Karant ykar...@csusb.edu wrote: Thank you for the information on www.nomachine.com, etc. Two points: I was not confused about the mechanisms and terminology of X windows, but the university network security czar administrative (not academic) group evidently was -- I simply followed instructions that clearly are incorrect, and, silly me, did not experiment with simple tests. Second: does the package you recommend behave *IDENTICALLY* to ssh -X so far as any network security (ports, protocols, packet headers, etc.) can detect? It does not. It runs a separate SSH tunneling server on an alternative port, one that has much more graceful server side interfaces to manage the configurations. It requires a client SSH private key to establish the original connection, and this is easily altered on a site by site basis, so it supports a robust 2-fator authentication work mode. It then has a graceful GUI for managing client sessions, setting policies for maximum numbers of clients, whether a client can have two sessions, or whether a client can share their sessions. Almost all network protocols are blocked by the same security group, including some internal packet examination that may be able to detect if ssh -X is not being used. Only ssh -X is permitted by this group for remote X windows, and none of the MS Windows (currently 7) university-wide-supplied classroom console workstations have any X windows servers -- thus I must Why not bring a USB stick with CygWin on it? Or a live DVD to boot with, unless they've locked that down? And a word with them about NX based X sessions, mentioning the free personal use and better resource management, might be worth educating them about it. See https://www.nomachine.com/AR01L00770 for more details about the relevant ports and services. bring my research laptop to class to demonstrate any GUI running on a Linux machine (such as a compute server with a graphical debugger). Of necessity, we have more control over the protocols, etc., used on the research networks, but these are not used by any direct instructional facility. Within our Department (technically, School), our instructional technicians run our own instructional network (separate from any research network), and this is more permissive of protocols than the university czar group allows -- although the czar group has attempted to gain control of, and thus effectively shut down, our instructional network (that mostly has SL6 workstations). However, the question I am pursuing is for use in classrooms outside those we control. Yasha Karant OK, I've not tried to install the Windows NX client on removeable media, but that might be a good way to make it work.
