On Thu, 18 Jan 2018 15:40:00 +0100, Petr Cerny <pcerny@suse.cz> wrote:
H.Merijn Brand wrote:
On Thu, 18 Jan 2018 15:20:20 +0100, Petr Cerny <pcerny@suse.cz> wrote:
That said, please do not use X forwarding unless you really must even after ten people told you this sentence. Every time someone uses X forwarding, <insert your favourite kitten/baby cries/dies/starves combination or whatever>.
Doesn't sound convincing. What is the most current definitive guide for not using X11 forwarding? What should I tell a newby when he/she asks *WHY* it should not be used?
I'll bite, not for war's, but to get as much info as possible on why I should or should not use X11 versus VNC I'll stop if the list finds this inappropriate here
1) security - application can only grab inputs it gets from its X server. If you run it in a Xvnc, it only gets input that it is sent by the VNC client.
A legit reason, but somewhat void if on an internal network behind big firewalls
2) speed - the X protocol is usually much more verbose when compared to VNC, since it carries requests to draw things, while VNC only transports bitmaps (compressed). Try running Firefox via ssh -X and through VNC. I've also seen things that just didn't work via SSH-forwarded X11.
With 100+ synchronous networks on both end, who will notice?
3) network outages - X forwarded apps will break on connection interrupt, VNC lives fully on the server and one can reconnect to it.
I've seen outages of close to 2 minutes and the client still managed to "revive" the application/window. If I need the output, it is likely I have a long running process, and then I'll start screen.
Downside of VNC is, that you may be putting more strain on the server (the system that is running the application), but I would argue that if that becomes the problem, the question actually is, whether running that application remotely is the optimal solution (likely it isn't).
Another downside is that the server needs to be set up. When using X11 forwarding, both sides are likely to support the protocol by default. For me, the fact that the server gets a higher load, alone is good enough a reason not to use VNC but stick to ssh -Y. My server(s) are usually under a higher strain than my desktop is. That's why it is a server, right? Now if all distributions had tools like YaST2 that work fine in non-X11 environments (ASCII only), I would not need X11 that much, but the competing distro's like CentOS- and Ubuntu-like still require an awful lot of tools to show in GUI's (X11). Try finding how to install a printer in Ubuntu: 90% og the pages you find start with "Click on ..." like they expect you to have a desktop. For me that usually is $ ssh -Y admin_user@server server$ sudo bash $ system-config-printer openSUSE++ $ sudo yast2 printer
Cheers Petr
-- H.Merijn Brand http://tux.nl Perl Monger http://amsterdam.pm.org/ using perl5.00307 .. 5.27 porting perl5 on HP-UX, AIX, and openSUSE http://mirrors.develooper.com/hpux/ http://www.test-smoke.org/ http://qa.perl.org http://www.goldmark.org/jeff/stupid-disclaimers/