[opensuse] Remote X display
Folks, It hasn't been a priority to remotely invoke X displays until now. Now I get and am at a loss to interpret "cannot connect to X server" and "Set DISPLAY environment variable, use -display option or check permissions of your X-Server" when try to run Open Office remotely, for example. "DISPLAY environment variable" --- What is it supposed to contain? I don't have an example. "check permissions of your X-Server" --- Permission of which file? What else do I need to do? Bob Stanfield 29 Ledge Ln Pipersville, PA 18947 V 610-294-9884 F 610-294-8119 C 215-589-0230 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, Sep 17, 2007 at 02:23:50PM -0400, RBStanfield wrote:
Folks,
It hasn't been a priority to remotely invoke X displays until now. Now I get and am at a loss to interpret
"cannot connect to X server" and [...]
What else do I need to do?
Use "ssh -Y user@remotehost" to log in into the remote box. Regards, Rasmus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
RBStanfield wrote:
Folks,
It hasn't been a priority to remotely invoke X displays until now. Now I get and am at a loss to interpret
"cannot connect to X server" and This is one I see often when I am logged into another machine and forget to set the DISPLAY environment variable.
"Set DISPLAY environment variable, use -display option or check permissions of your X-Server" With the shell I am using it is setenv DISPLAY my.localhost.ip:0.0
Without that your remote apps are trying to send their X commands to the remote machine instead of yours Damon Register -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, Sep 17, 2007 at 02:41:05PM -0400, Damon Register wrote:
RBStanfield wrote:
"Set DISPLAY environment variable, use -display option or check permissions of your X-Server"
With the shell I am using it is setenv DISPLAY my.localhost.ip:0.0
Without that your remote apps are trying to send their X commands to the remote machine instead of yours
If your local host is accepting this you have security holes you can drive a truck through. But please, tell me the IP of your local machine, so that I can send you embarrassing pictures on your screen when your boss is standing behind you... ;-) Regards, Rasmus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 17 September 2007 11:52, Rasmus Plewe wrote:
...
If your local host is accepting this you have security holes you can drive a truck through. But please, tell me the IP of your local machine, so that I can send you embarrassing pictures on your screen when your boss is standing behind you... ;-)
134.5.8.29 -==--==--==--==--==--==--==--==--==--==--==--==--==--==--==- % whois 134.5.8.29 OrgName: Lockheed Martin Corporation OrgID: LHMC Address: 1401 Del Norte City: Denver StateProv: CO PostalCode: 80221 Country: US NetRange: 134.5.0.0 - 134.5.255.255 CIDR: 134.5.0.0/16 NetName: LASC NetHandle: NET-134-5-0-0-1 Parent: NET-134-0-0-0-0 NetType: Direct Assignment NameServer: NS1.LMCO.COM NameServer: NS2.LMCO.COM NameServer: NS3.LMCO.COM Comment: RegDate: 1989-04-11 Updated: 2005-02-07 OrgTechHandle: LMN-ORG-ARIN OrgTechName: Lockheed Martin Corporation OrgTechPhone: +1-303-430-2064 OrgTechEmail: lm-nic@lmco.com -==--==--==--==--==--==--==--==--==--==--==--==--==--==--==- The whois information is consistent with the domain name of Damon's email address. My guess is that there is sufficent firewall protection arond Lockheed Martin's corporate intranet as well as a VPN for employees when off premises and to connect different campuses.
Regards, Rasmus
RRS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Randall R Schulz wrote:
My guess is that there is sufficent firewall protection arond Lockheed I hope so. In general I think we have to worry more about hacking from our own IS people than we do from the outside. I hear from one of the local admins that the nightly IS efforts often mess up the NFS shares of some of the systems but that stuff is beyond me so I don't really understand what he is talking about
Damon Register -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
If your local host is accepting this you have security holes you can I forgot that in my case all of this was between local computers inside
Rasmus Plewe wrote: the company network
drive a truck through. But please, tell me the IP of your local machine, Now you have got me curious. I am often interested in learning. Can you please explain why?
so that I can send you embarrassing pictures on your screen when your boss is standing behind you... ;-) Wait, let me go get my boss :-)
Damon Register -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, Sep 18, 2007 at 08:01:43AM -0400, Damon Register wrote:
If your local host is accepting this you have security holes you can I forgot that in my case all of this was between local computers inside
Rasmus Plewe wrote: the company network
The security concept of "I got a firewall, so I can open any hole I want to on my computer" is, admittedly, often exercised, but nevertheless not the recommended standard. ;-)
drive a truck through. But please, tell me the IP of your local machine, Now you have got me curious. I am often interested in learning. Can you please explain why?
In order for something like "DISPLAY=host:0.0" to work, you need to grant remote, unauthenticated access to your X server (through something like "xhost +"). That is something the X server was not designed to handle securely. Think "keystroke logging" e.g..
so that I can send you embarrassing pictures on your screen when your boss is standing behind you... ;-) Wait, let me go get my boss :-)
Then I would need the contact information of a coworker of yours inside your firewall who might like to participate. Seriously: lowering security for no good reason is never a good idea. Even if it does not hurt immediately, it at least erodes people's awareness of the importance of security[0]. You can get around your problem by using ssh's X forwarding capabilities (-X or -Y), so there is no need to open up your display. In this case, the secure solution is also the more convenient one, something that is rather rare. You should take advantage of it! :-) Regards, Rasmus [0] Security risk #1: Administrator Security risk #2: User Security risk #3: OS You may swap #1 and #2. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 9/17/07, RBStanfield
Folks,
It hasn't been a priority to remotely invoke X displays until now. Now I get and am at a loss to interpret
"cannot connect to X server" and
Do you really need "X server" specifically, or just a way to remotely access a graphical login that provides X functionality as if you were local. The standard remote X process is sort of clumsy and filled with little gotchas IMHO. A couple other choices are VNC and FreeNX. OpenSUSE comes with clients and servers for both. (Windows clients also readily available.) I've been using FreeNX for the last couple SUSE releases. FreeNX has actually been a bit of a pain to keep running too, so if I were starting from scratch I would consider VNC. Greg -- Greg Freemyer Litigation Triage Solutions Specialist http://www.linkedin.com/in/gregfreemyer The Norcross Group The Intersection of Evidence & Technology http://www.norcrossgroup.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (5)
-
Damon Register -
Greg Freemyer -
Randall R Schulz -
Rasmus Plewe -
RBStanfield