On 11/9/2013 11:02 AM, Ted Byers wrote:
On Sat, Nov 9, 2013 at 1:49 PM, Linda Walsh <suse@tlinx.org> wrote:
If it is over a private LAN, do you need your session to be encrypted?
No, I don't need encryption, but ssh is the only tool I have used on any Linux to connect to one linux box to another.
You still use ssh for the connection, BUT, Say you are logging in from "Desktop" to "Server". You'll need the REMOTEHOST from PAM to be set in "/etc/security/pam_env.conf" .. I have: ---- # The original idea for this came from Andrew G. Morgan ... #<quote> # a pam_env module ... would be an "auth" module that returns PAM_IGNORE # for the auth part and sets the environment returning PAM_SUCCESS in # the setcred function... #</quote> ... # First, some special variables # # Set the REMOTEHOST variable for any hosts that are remote, default # to "localhost" rather than not being set at all #REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} REMOTEHOST DEFAULT="" OVERRIDE=@{PAM_RHOST} # # Set the DISPLAY variable if it seems reasonable DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY} # --- (the comments are from the file -- i.e. it suggests this usage as pam_env is only supposed to be called once/session when you 1st log into the machine). Overrides are applied if override var is set, else it goes w/defaults. --- Then in your .bashrc, export DISPLAY="$REMOTEHOST:0" #cuz ssh will set it to "localhost:<some forwarded+encrypted port> ---- Then you need to make sure pam_env.so is in your: /etc/pam.d/common-auth file as top "non-comment": auth optional pam_env.so AND (important), make sure it is NOT listed in /etc/pam.d/common-session (NOTE: the reason for this, is that the value "PAM_RHOST" is only available when you FIRST login and go through pam's authorization stage) The suse maintainer made a buggy change that overwrites DISPLAY and REMOTEHOST with blank or null values (not very useful) every time you do something like "su" or "sudo" (and other things that start a new session). So you need to work around the Suse bug introduced in 12.3. --- Then your DISPLAY will be set to point directly at your 'Desktop', and goes in "clear text" over port 6000 (for DISPLAY :0). If I wasn't clear on anything, let me know... Also, as an "FYI", you want to make sure you are not using ssh's compression over a 100Mb or faster connection, as the fastest compression will slow you down ~50%, on a 1Gb connection the percentage slow down is worse (~90% or more). Finally, you mention:
If all the machines were Windows, I'd be using RDP, but I don't know if RDP even exists in th eUnix world.
There is "xrdp" if you can figure out how to configure it.. mine bails because my desktop settings are confused. But my win xrdp client does attach to the choice manager on my linux box.. just no desktop... C'est la vie -- so that's another option. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org