H.Merijn Brand wrote:
On Thu, 18 Jan 2018 15:40:00 +0100, Petr Cerny <pcerny@suse.cz> wrote:
not using X11 forwarding? What should I tell a newby when he/she asks *WHY* it should not be used?
I'll bite, not for war's, but to get as much info as possible on why I should or should not use X11 versus VNC
1) security - application can only grab inputs it gets from its X server. If you run it in a Xvnc, it only gets input that it is sent by the VNC client.
A legit reason, but somewhat void if on an internal network behind big firewalls
The key word is "somewhat". The question is not whether there are attackers on your network, but how many.
2) speed - the X protocol is usually much more verbose when compared to VNC, since it carries requests to draw things, while VNC only transports bitmaps (compressed). Try running Firefox via ssh -X and through VNC. I've also seen things that just didn't work via SSH-forwarded X11.
With 100+ synchronous networks on both end, who will notice?
Out of curiosity: have you actually tried?
3) network outages - X forwarded apps will break on connection interrupt, VNC lives fully on the server and one can reconnect to it.
I've seen outages of close to 2 minutes and the client still managed to "revive" the application/window. If I need the output, it is likely I have a long running process, and then I'll start screen.
VNC *is* screen/tmux for X11 applications
Downside of VNC is, that you may be putting more strain on the server (the system that is running the application), but I would argue that if that becomes the problem, the question actually is, whether running that application remotely is the optimal solution (likely it isn't).
Another downside is that the server needs to be set up. When using X11 forwarding, both sides are likely to support the protocol by default.
Installing 1 package on the server and one on the client (plus optional dependencies shouldn't be that much of an effort). Configuration is a matter of 5 minutes (20 if you include reading man pages).
For me, the fact that the server gets a higher load, alone is good enough a reason not to use VNC but stick to ssh -Y. My server(s) are usually under a higher strain than my desktop is. That's why it is a server, right?
Try checking the load a heavy graphic app puts on your system when running as X11@SSH and VNC (I haven't benchmarked it). Or just check whatever you are usually running.
Now if all distributions had tools like YaST2 that work fine in non-X11 environments (ASCII only), I would not need X11 that much, but the competing distro's like CentOS- and Ubuntu-like still require an awful lot of tools to show in GUI's (X11). Try finding how to install a printer in Ubuntu: 90% og the pages you find start with "Click on ..." like they expect you to have a desktop. For me that usually is
$ ssh -Y admin_user@server server$ sudo bash $ system-config-printer
I feel your pain, yet this argument is almost irrelevant to what we're discussing now (almost since it is a bit easier to run `ssh -Y` than invoking the ssh+vncserver+vncviewer combo indeed - but then we have scripting languages...).
openSUSE++
$ sudo yast2 printer
Thanks Cheers Petr -- Petr Cerny Mozilla/OpenSSH maintainer for SUSE Linux -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org