[opensuse] communicating between desltop and server
Hello, I just tested communication between desktop and server (both 42.2) and found it a bit surprising. I don't know if it's the consequence of some forgotten config of my own or some default change in the distro. I detailed it here: http://dodin.info/wiki/pmwiki.php?n=Doc.CommunicatingWithTheServer2017 but as summary, it's no more necessary to use -X with ssh to get X11 forwarding, and having xfce on the server and plasma5 on the desktop seems to be usable, xfce works at least some time on top of plasma is this just me? thanks jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
jdd wrote:
This part of my tests are very unexpected. I have right now openSUSE Leap 42.2 on each computers (my desktop and my server). As far as I can tell it's no more necessary to use the "-X" ssh switch to have X11 forwarding activated, so it seems to be as default.
--- FYI - ssh first checks the remote /etc/ssh/sshd_config to see if the remote server defaults to X11 forwarding (X11Forwarding yes), then checks your local "~/.ssh/config" to see if it defaults to allowing it. The "-X" switch is only for ssh's from an ssh you don't have configured yet. I.e. usually I have everything about my ssh session configured in my .ssh/config file so I don't need command line flags.
It's still necessary to use the "--no-remote" option to launch Firefox if you want Firefox to work fully from the server (that is saving files on the sever), else Firefox (typed on the server's terminal window) simply asks for a local (on the desktop) session.
I think the "no-remote" is needed if there is a firefox already running on your desktop. I've never seen FF (or any other program, for that matter, asking for a local session. Might be nice if needing a web-browser on my server launched the one on my desktop, instead of a remote-X FF running on the server.
You can also launch xfce on the server. That is, even with an already running session on the server you can run an other as user. Log with ssh user@serverIP and type startxfce and you will have an xfce session starting on top of your plasma session.
Starting on top of your plasma session? Sounds like you have plasma running on the console, and you are running a different desktop manager for your ssh session. That should be "fine", though if both desktop managers use the same files somewhere, they might overwrite each other. Don't use desktop managers that often.
Last time I tried this (some years ago) doing so made my kde4 session unusable. I didn't really test ising xfce on the server like this for a long time though.
Depends on what you did exactly, but more than likely I'd think it was a bug. Different desktop managers running on different displays shouldn't be trashing each other, IMO...
but as summary, it's no more necessary to use -X with ssh to get X11 forwarding,
Never was if you had it in your ssh config file.
and having xfce on the server and plasma5 on the desktop seems to be usable, xfce works at least some time on top of plasma
On which desktop? Both running on the console?, or one desktop on console and another running on a remote DISPLAY?
is this just me?
--- Depends on what you are doing... Is what just you? ;-? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 23/03/2017 à 02:29, L A Walsh a écrit :
and having xfce on the server and plasma5 on the desktop seems to be usable, xfce works at least some time on top of plasma
On which desktop? Both running on the console?, or one desktop on console and another running on a remote DISPLAY?
I use a standard plasma running as user on my desktop, open a Konsole, ssh @server, type startxfce on the Konsole and get xfce on the desktop, that is the background, a taskbar over the plasma one... last time, kde and xfce claiming for the same display resulted on a mess. I tested this time that xfce do not have to be launched on the server locally (on the server screen and keyboard), but can be as well but in fact (just tested), xfce launched with startxfce on the server is active on the dsktop, that is uses same apps than plasma, for example I end this post with xfce jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 23/03/2017 à 02:29, L A Walsh a écrit :
jdd wrote:
It's still necessary to use the "--no-remote" option to launch Firefox if you want Firefox to work fully from the server (that is saving files on the sever), else Firefox (typed on the server's terminal window) simply asks for a local (on the desktop) session.
I think the "no-remote" is needed if there is a firefox already running on your desktop. I've never seen FF (or any other program, for that matter, asking for a local session. Might be nice if needing a web-browser on my server launched the one on my desktop, instead of a remote-X FF running on the server.
you are right. If Firefox have a running session on the desktop, and "firefox" is typed in *the server terminal*, a new windows open on the desktop (save do save on the desktop). If firefox is *not* running on the desktop, typing "firefox" opens a firefox server session that displays on the desktop, but save on the server. Option --no-remote gives the last result even if an other session of Firefox is still running on the desktop. I need this because some test site gives results as graphical html. still curious :-) thanks jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 03/22/2017 08:29 PM, L A Walsh wrote:
The "-X" switch is only for ssh's from an ssh you don't have configured yet. I.e. usually I have everything about my ssh session configured in my .ssh/config file so I don't need command line flags.
In the current climate, it is far better to use -Y instead of -X, that way trusted clients are not subject to the X11 security control extensions. If I recall correctly, a decade ago -X was the only game in town. I know I found myself needing to update old aliases to take advantage of this by swapping -X for -Y. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-03-23 20:28, David C. Rankin wrote:
On 03/22/2017 08:29 PM, L A Walsh wrote:
The "-X" switch is only for ssh's from an ssh you don't have configured yet. I.e. usually I have everything about my ssh session configured in my .ssh/config file so I don't need command line flags.
In the current climate, it is far better to use -Y instead of -X, that way trusted clients are not subject to the X11 security control extensions.
I'm always confused by the wording in the man page re X or Y. Which one is "safer"? -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
On Thu, 23 Mar 2017 21:03, Carlos E. R. wrote:
On 2017-03-23 20:28, David C. Rankin wrote:
On 03/22/2017 08:29 PM, L A Walsh wrote:
The "-X" switch is only for ssh's from an ssh you don't have configured yet. I.e. usually I have everything about my ssh session configured in my .ssh/config file so I don't need command line flags.
In the current climate, it is far better to use -Y instead of -X, that way trusted clients are not subject to the X11 security control extensions.
I'm always confused by the wording in the man page re X or Y. Which one is "safer"?
Short and incomplete answer is: -X is the old stuff, the old and buggy X11 security control extensions come to play with all their errors. Calling that "safe" is questionable. -Y is the new replacement for -X, for any X server that you trust enough enough to "work like local login". Use -Y for any server that you can trust enough to do so. use -X only for those that you do not trust and thus relay on the X11 security control extensions. see "man 1 ssh" for more info. - Yamaban. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-03-23 21:24, Yamaban wrote:
On Thu, 23 Mar 2017 21:03, Carlos E. R. wrote:
On 2017-03-23 20:28, David C. Rankin wrote:
On 03/22/2017 08:29 PM, L A Walsh wrote:
The "-X" switch is only for ssh's from an ssh you don't have configured yet. I.e. usually I have everything about my ssh session configured in my .ssh/config file so I don't need command line flags.
In the current climate, it is far better to use -Y instead of -X, that way trusted clients are not subject to the X11 security control extensions.
I'm always confused by the wording in the man page re X or Y. Which one is "safer"?
Short and incomplete answer is: -X is the old stuff, the old and buggy X11 security control extensions come to play with all their errors. Calling that "safe" is questionable.
-Y is the new replacement for -X, for any X server that you trust enough enough to "work like local login".
Use -Y for any server that you can trust enough to do so. use -X only for those that you do not trust and thus relay on the X11 security control extensions.
see "man 1 ssh" for more info.
Well, I asked because I don't understand that page O:-) From the above, I understand that -X does more verifications, it is more strict, and it is thus safer. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
On 03/23/2017 05:32 PM, Carlos E. R. wrote:
Well, I asked because I don't understand that page O:-)
From the above, I understand that -X does more verifications, it is more strict, and it is thus safer.
Yes, Here is a good explanation: http://askubuntu.com/questions/35512/what-is-the-difference-between-ssh-y-tr... -- David C. Rankin, J.D.,P.E.
On 2017-03-24 02:18, David C. Rankin wrote:
On 03/23/2017 05:32 PM, Carlos E. R. wrote:
Well, I asked because I don't understand that page O:-)
From the above, I understand that -X does more verifications, it is more strict, and it is thus safer.
Yes,
Here is a good explanation:
http://askubuntu.com/questions/35512/what-is-the-difference-between-ssh-y-tr...
Ah. This is more clear, thanks. So, if I'm paranoid, -X is "safer". It seems that I'm not the only one that has problems with that manpage, looking at your link ;-) -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
24.03.2017 01:32, Carlos E. R. пишет:
From the above, I understand that -X does more verifications, it is more strict, and it is thus safer.
As installed by default in openSUSE, -X and -Y are identical. You need to set ForwardX11Trusted to "no" make -X do something different.
On 2017-03-24 04:30, Andrei Borzenkov wrote:
24.03.2017 01:32, Carlos E. R. пишет:
From the above, I understand that -X does more verifications, it is more strict, and it is thus safer.
As installed by default in openSUSE, -X and -Y are identical. You need to set ForwardX11Trusted to "no" make -X do something different.
I see that variable set in /etc/ssh/ssh_config, yes. So it controls the client side. So for me both X, Y, do the same thing. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
On 03/22/2017 09:43 AM, jdd wrote:
it's no more necessary to use -X with ssh to get X11 forwarding,
It hasn't been necessary for years if your server and client are set up properly. If your local /etc/ssh/ssh_config allows X11 forwarding you get it, unless the server side denies it, in which case the -X parameter would not have done any good anyway. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 23/03/2017 à 04:21, John Andersen a écrit :
On 03/22/2017 09:43 AM, jdd wrote:
it's no more necessary to use -X with ssh to get X11 forwarding,
It hasn't been necessary for years if your server and client are set up properly.
If your local /etc/ssh/ssh_config allows X11 forwarding you get it, unless the server side denies it, in which case the -X parameter would not have done any good anyway.
may be it's 42.2 default now, I'm sure it was not some years ago good to know, thanks jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (7)
-
Andrei Borzenkov -
Carlos E. R. -
David C. Rankin -
jdd -
John Andersen -
L A Walsh -
Yamaban