[opensuse] How do I get a session when I login remotely from a X11+ssh based system?
Many utils issue warnings and some no longer work correctly (like saving and restoring settings. Instead of using the ".rc" files they've always used, they look to store things out on dbus somewhere in a session. So how do I get rid of the warnings and have my settings stored again... or better, how do I tell Session manager just to use my home directory settings as my "session"? I currently log in with ssh, and have display set to my remotehost:0. (not going through ssh due to speed degradation -- but also because am on a closed, internal net. Did anyone think about people logging in remotely from other systems when they came up with this sessions idea? How's it supposed to work? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
https://bugzilla.novell.com/show_bug.cgi?id=867019 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Linda Walsh wrote:
XDMCP has been broken sine 12.x. It last worked with openSUSE 11.4. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
Linda Walsh wrote:
XDMCP has been broken sine 12.x. It last worked with openSUSE 11.4.
That explains part of the problem. Trying xrdp, though as well different protocol. The first error I get has to do with loading GLX stuff for the remote session.... The second error has to do with not being able to get a session ... /usr/bin/gnome-session Starting gnome-session libGL error: failed to load driver: swrast libGL error: Try again with LIBGL_DEBUG=verbose for more details. gnome-session-is-accelerated: No GLX_EXT_texture_from_pixmap support. gnome-session-check-accelerated: Helper exited with code 256 libGL error: failed to load driver: swrast libGL error: Try again with LIBGL_DEBUG=verbose for more details. gnome-session-is-accelerated: No GLX_EXT_texture_from_pixmap support. gnome-session-check-accelerated: Helper exited with code 256 ** (process:5627): WARNING **: software acceleration check failed: Child process exited with code 1 ** (gnome-session-quit:5662): WARNING **: Couldn't connect to session bus: Failed to connect to socket /tmp/dbus-V9CYFVcCNc: Connection refused Could not connect to the session manager (more details under the bug...)... Yeah... it seems little testing was done for remote access -- this became clear when the pam maintainer took over the pam_env function to be used /session instead of /login. The remotehost var is only available at initial login -- not on subsequent calls to session (so DISPLAY doesn't get setup correctly). Of course he said it worked for him logging in locally... Good thing no one will be working remotely or from the cloud or anything... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 3/6/2014 11:14 AM, Linda Walsh wrote:
Good thing no one will be working remotely or from the cloud or anything...
Well, "from the cloud" users would use SSH, which does work, and is not all that much slower as you implied in your first post. Yes, its slower, but its more than adequate to reach down the hall, or even across town. Especially with compression on, given modern processors, you can decrypt and decompress faster than dealing with the firehose of XDMCP. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
John Andersen wrote:
On 3/6/2014 11:14 AM, Linda Walsh wrote:
Good thing no one will be working remotely or from the cloud or anything...
Well, "from the cloud" users would use SSH, which does work, and is not all that much slower as you implied in your first post. Yes, its slower, but its more than adequate to reach down the hall, or even across town.
Especially with compression on, given modern processors, you can decrypt and decompress faster than dealing with the firehose of XDMCP.
Not on a 1Gb link or faster, and I am using ssh and the difference between going through ssh vs. direct is noticeable. ---- I am using ssh. I don't think that has bearing on this problem. And BTW,one can't decrypt and decompress faster over a fast link. File transfer w/compressed/random data shows ssh's speeds around 150-170MB/ and that's with MD4. You use a default, take that down another 20-30MB. Using samba with all of it's Windows overhead gets in the 450-550MB/s range. Compression creates worse problems. Not sure what ssh uses, but the best file compressors at minimal settings do around 29MB/s, no where near fast enough to keep up with a 1Gb link let alone a 10Gb link. In X, the difference isn't as noticeable until you load a large font or a page with alot of widget boxes -- usable yes, snappy & real time..... no. I pretty much gave up on using 'Xfs' (X font server), due to the slowness -- over ssh -- 10-15 second wait. Even direct a third that. But I'm trying to get GLX stuff to work which I expect to be more bandwidth intensive. Anyway, are you saying how I use ssh is a cause of the session problems or the GLX problems? Or are you saying that xrdp and xdmcp work and are tested w/cygwin-X on a Win platform some X client on a Mac? I didn't get the impression that much heterogeneous testing was being done -- open suse doesn't even support or test building their own software on a fully installed development system -- instead you need to install virtual clean-rooms to do builds in. I'd think heterogeneous environments like be rather common in businesses and becoming more so in home environments.. ...(linux servers are getting pretty common, and windows's boxes to talk to them are not that rare either)... You have openGL working over remote X and it works well? Cuz I can't get it to work at all... other can't get other remote desktop stuff to work either. I'm not the only one. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/03/14 09:18 PM, Linda Walsh wrote:
Not on a 1Gb link or faster, and I am using ssh and the difference between going through ssh vs. direct is noticeable.
I use ssh between machines on my 1G LAN. It occurs to me that you have choices over which encryption algorithm you can use between specific hosts and whether or not to use compression. It also occurs to me that compression only makes sense when you have more CPU power than network bandwidth. On a LAN I'd turn that off. I can also imagine some very fast WAN links that would be 'faster' than the overhead of compression. However I can't see that there is a "none" listed for an encryption algorithm. None mentioned in ssh_config(5) though I read on the net that there is a source patch to achieve that. You'll need it at both ends. Perhaps using telnet might suffice? Well not for remote X obviously. Maybe socat could do the job? http://www.dest-unreach.org/socat/ There's this example: <quote> socat UNIX-LISTEN:/tmp/.X11-unix/X1,fork \ SOCKS4:host.victim.org:127.0.0.1:6000,socksuser=nobody,sourceport=20 with UNIX-LISTEN, socat opens a listening UNIX domain socket /tmp/.X11-unix/X1. This path corresponds to local XWindow display :1 on your machine, so XWindow client connections to DISPLAY=:1 are accepted. Socat then speaks with the SOCKS4 server host.victim.org that might permit sourceport 20 based connections due to an FTP related weakness in its static IP filters. Socat pretends to be invoked by socksuser nobody, and requests to be connected to loopback port 6000 (only weak sockd configurations will allow this). So we get a connection to the victims XWindow server and, if it does not require MIT cookies or Kerberos authentication, we can start work. Please note that there can only be one connection at a time, because TCP can establish only one session with a given set of addresses and ports. </quote> There are tests for the speeds with various algorithms at http://blog.famzah.net/2010/06/11/openssh-ciphers-performance-benchmark/ I'm sceptical as to whether or not a particular combination in a particular context will meet those speed test examples, though I do recognise that DES is slow and decrepit. And of course that may vary between generations of chips and whether you are using 32 bit or 64 bit at each end. Some algorithms such as AES are going to be '64-bit friendly'. For x86 family chips with encryption hardware see this: http://en.wikipedia.org/wiki/AES_instruction_set and scroll down to see what libraries make use of that. Also http://lwn.net/Articles/14010/ -- The trouble is, if you don't risk anything, you risk even more. - Erica Jong -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
Maybe socat could do the job? http://www.dest-unreach.org/socat/ There's this example: <quote> socat UNIX-LISTEN:/tmp/.X11-unix/X1,fork \ SOCKS4:host.victim.org:127.0.0.1:6000,socksuser=nobody,sourceport=20
The problem is not in establishing a normal X11 based session w/o encryption. There are various levels of problems some of which I have workarounds for. The first and easiest is "simple X (& no GLX ) -- That one I just need the name of the remote system. The solution with socat would also need the remote system name. That is made available to pam during authentication by ssh. After that it is no longer available. the "pam_env" module can translate that remote host into an ENV var (aka "REMOTE_HOST") via the config file in /etc/security/pam_env.conf. with the line: REMOTEHOST DEFAULT="" OVERRIDE=@{PAM_RHOST} (or alternatively:) REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} This is only available when 'ssh' make contact with the system. The problem her, is that OpenSuse's "pam" maintainer arrogated the usage of pam_env from it's previous once/system-auth role to using it as a lazy way to re-initialize per-session state. Unfortunately, in that it doesn't save the previous REMOTEHOST or DISPLAY, it fails preserve what is necessary for the new session to be useful. AFAIK, the only value saved between sessions is the antiquated, but still useful 'TERM' setting. The intent, clearly is to preserve display settings, but this isn't an option in the su program (though it is configurable in the 'sudo' program). Any other program that starts a new session in Suse, will, by default clear your DISPLAY and REMOTEHOST settings. The workaround there, is to undo inserting pam_env into the /etc/pam.d session files and have it only in the 'auth' section. But that's now, a non-standard configuration in OpenSuse (though standard in the rest of the world). ----------------------------------- The *second* main problem which is the focus of my current problems, is that GLX also needs to run remotely. It has the ability to do so, but is not doing so. The *third* main problem is that with the implementation of using "session" based settings, vs. "home-directory" based settings, all settings are based on a local system DBUS connection -- which again -- doesn't exist if you are logged in remotely. *EVEN* if you have a local dbus (are running under Cygwin, for example, under windows), DBUS wasn't designed for remote usage and I have yet to come up with a config that will allow the remote system to use my LOCAL dbus -- something that would often be more useful: Example: remote application wants to open a URL: Would be far preferable for it to be opened via my local browser, rather than trying to run the same browser via 'X' on the remote system. Without the DBUS connection, settings in applications are not saved between invocations. Saving state in wireshark -- no longer works. Saving options in firefox -- no longer works. They are all looking to store info on the session DBUS connection. which doesn't work remotely. linux systems which used to have stellar options to work on remotely, are slowly having their abilities eroded which will make it much harder to use in mixed platform environments (like most of the world). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
John Andersen wrote:
On 3/6/2014 11:14 AM, Linda Walsh wrote:
Good thing no one will be working remotely or from the cloud or anything...
Well, "from the cloud" users would use SSH, which does work, and is not all that much slower as you implied in your first post.
It's also not that clear that a VPN user in the cloud would be needing to use ssh. It seems that would be grossly inefficient, since neither protocol would be able to compress the other efficiently, but the vpn has the benefit of there being strong likely hood of vpn encryption offloaded in HW -- and in a 10Gb adapter, one might assume they wouldn't use a slow "crypter" solution. But the problem appeard that openGL, while having the ability to be used remotely doesn't seem to work remotely. That seems like a major faux pas. The client and the server both have some ability to speak openGL to a remote, but it seems neither is speaking to each other over established remote protocols. Indeed, the local SWrast fallback driver doesn't seem to load at all, being another factor in the problem. While I asked about a specific use case, thinking that making it concrete would make it easier to address, the lack of anyone at opensuse having any windows workstation available to them (which seems odd given the partnership between MS and openSuse a few years ago, and that each each selling the other's product). Specifying use of an open source source and free solution to reproduce the problem, I thought, should also make it easier. But I would ask how it can be done with any other X system -- even from a MAC? Interoperability with any other system doesn't seem to be an option? Seriously?? Given that 90% of the reason for moving to systemd is secure-boot compatibility with windows, it's hard to believe compatibility in any other way wouldn't work. Additionally, neither XDMCP nor XRDP seem to function (xrdp used to at least display a greeter but now doesn't even do that). Doesn't that limit cloud users-usage? How many androids or Windows mobile devices are running opensuse 13.1? Maybe some laptop users... ? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
yes, it's broken with gdm and kdm. I use xdmcp successfull still on 12.3 usind xdm. Gnome doesn't work since dropped fallback mode, but no problem with icewm. never used 3D acceleration or any openGL high end stuff.. On Mar 6 2014 07:45, James Knott wrote:
Date: Thu, 06 Mar 2014 07:45:27 -0500 From: James Knott
To: opensuse@opensuse.org Subject: Re: [opensuse] Re: How do I get a session when I login remotely from a X11+ssh based system? Linda Walsh wrote:
XDMCP has been broken sine 12.x. It last worked with openSUSE 11.4. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 03/20/2014 08:26 AM, Paul Neuwirth pecked at the keyboard and wrote:
yes, it's broken with gdm and kdm. I use xdmcp successfull still on 12.3 usind xdm. Gnome doesn't work since dropped fallback mode, but no problem with icewm. never used 3D acceleration or any openGL high end stuff..
On Mar 6 2014 07:45, James Knott wrote:
Date: Thu, 06 Mar 2014 07:45:27 -0500 From: James Knott
To: opensuse@opensuse.org Subject: Re: [opensuse] Re: How do I get a session when I login remotely from a X11+ssh based system? Linda Walsh wrote:
XDMCP has been broken sine 12.x. It last worked with openSUSE 11.4. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Paul, Please read: http://en.opensuse.org/openSUSE:Mailing_list_netiquette#Bottom-posting -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mar 20 2014 08:58, Ken Schneider - openSUSE wrote:
Paul,
Please read: http://en.opensuse.org/openSUSE:Mailing_list_netiquette#Bottom-posting
-- Ken Schneider SuSe since Version 5.2, June 1998
Thanks for this hint. We'll keep in mind in future. I have been too lazy and not really aware of this. Sorry for that to the whole list. regards Paul btw: using SuSe since 6.4 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (6)
-
Anton Aylward
-
James Knott
-
John Andersen
-
Ken Schneider - openSUSE
-
Linda Walsh
-
Paul Neuwirth