Difference between pages "Linux basics" and "X11 over the network"

From Wikislax
(Difference between pages)
Jump to: navigation, search
(Useful linux commands)
 
(Xdm)
 
Line 1: Line 1:
== Using VI ==
+
{{RightTOC}}
  
'''vi''' (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, '''vi''' was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.
+
Using X over the network affords accessing remote servers graphically as if you were on the console. So for instance, from your Windows workstation, you can run Windows and Linux side by side, full screen, and switch with function-key combinations such as alt-tab or ctrl-alt-F7 or F8. A very handy feature. X is natively present and fast on Linux. On Windows, it will always be a bit slower, and you need to install an X server. [https://sourceforge.net/projects/vcxsrv/ VcXrv] is a very competent one.
  
The open mode affords moving the cursor. '''j''', '''k''', '''l''', '''m''' move the cursor by one character. '''ctrl-f''' moves one page forward and '''ctrl-b''' moves one page backwards. '''w''' moves one word forward and  '''b''' moves one word backwards. It is also possible to use the arrow keys.
+
The software presenting an X window on a terminal is called an X server, which is contrary to what we are used to, as the X server is not on the server but actually on the client ! Over the Internet, you will always encapsulate X11 in SSH ('''X11 forwarding''', to configure in '''/etc/ssh/sshd_config''') as the X protocols are not secure. However, X needs a significant bandwidth so it is not likely that you will use it over an ADSL connection as it would be too slow. Optical fiber could be OK though.
  
'''i''' goes into insert mode before the cursor, '''a''' goes into insert mode after the cursor, and '''A''' goes into insert mode at the end of the line. '''o''' adds a line after the current line, and '''O''' adds a live before the current line. '''R''' goes into rewrite mode.
+
For more information on using remote X applications, check this [http://www.xs4all.nl/~zweije/xauth.html mini-HOWTO] or this excellent [http://shop.oreilly.com/product/9780596101954.do O'Reilly book].
  
'''esc''' affords getting out of the insert mode.
+
== Xdm, Kdm, Gdm ==
  
'''c$''' affords replacing the end of the line and '''d$''' affords deleting the end of the line. '''cw''' affords replacing one word and '''dw''' affords deleting one word. '''dd''' affords deleting the current line.
+
X requires a daemon on the server to handle connections. The base daemon is Xdm, that offers a graphical login directly under X, with no desktop manager. Access can be local on the computer console, or can be from an X terminal or X emulated terminal on the network.
  
''':q''' affords quitting without saving. If the file has been modified, quitting must be forced by typing ''':q!'''. ''':x''' affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing ''':x!'''. ''':w''' affords writing the text in a new file. If the new file already exists, writing must be forced by typing ''':w!'''.
+
The KDE and Gnome desktop environments Kdm and Gdm come with Xdm variants that have a different look and feel. It is possible to run one or several of the three, provided that they will not compete for management of the same terminals.
  
''':num''' affords moving to the line number num. ''':$''' affords moving to the end of the file.
+
However it makes sense to use only one. Kdm is a good choice as it affords choosing the Session Window Manager (Kde, Xfce4, ...) from the connection dialog box.
''':num1copynum2''' affords copying the line number num1 after the line number num2. ''':num1mnum2''' affords moving the line number num1 after the line number num2.
 
  
For detailed information, check the [http://vimdoc.sourceforge.net/htmldoc/help.html VIM Documentation]. To enter special characters check the page on [http://vimdoc.sourceforge.net/htmldoc/digraph.html digraphs]. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
+
== Kdm ==
  
== Using SSH ==
+
For KDE to manage X terminals over the network, update '''/etc/kde/kdm/kdmrc''' specifying '''Enable=true''' for '''[Xdmcp]'''.
  
SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, '''ssh''' offers a command line terminal, '''scp''' affords copying a file, and '''sftp''' behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is [https://www.openssh.com/ OpenSSH], developped by members of the [https://www.openbsd.org/ OpenBSD] project.
+
In '''/etc/kde/kdm/Xaccess''', uncomment line '''#* # any host can get a login window''' to authorize connection from any incoming IP address (or to restrict usage to your local network).
  
'''ssh''' obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :
+
Another trick using KDM : to be able to connect as root, update '''/etc/kde/kdm/kdmrc''', specifying '''AllowRootLogin=true''' for '''[X-*-Core]'''.
  
# '''ssh-keygen -t rsa'''
+
== Xdm ==
Generating public/private rsa key pair.
 
Enter file in which to save the key (/root/.ssh/id_rsa): '''<cr>'''
 
Enter passphrase (empty for no passphrase): '''<cr>'''
 
Enter same passphrase again: '''cr>'''
 
Your identification has been saved in /root/.ssh/id_rsa.
 
Your public key has been saved in /root/.ssh/id_rsa.pub.
 
The key fingerprint is:
 
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
 
The key's randomart image is:
 
+---[RSA 2048]----+
 
|  ..=O+..      |
 
|    ..o++.    ..|
 
|      oo.    = +|
 
|      . +o . = +.|
 
|      oSo. o * o|
 
|        . o o*.=.|
 
|        = +E+* .|
 
|        + ...+.. |
 
|        ++o+    |
 
+----[SHA256]-----+
 
# '''scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub'''
 
password: '''secret<cr>'''
 
id_rsa.pub                                          100% 394      1.8MB/s  00:00
 
# '''ssh server'''
 
password: '''secret<cr>'''
 
# '''cd .ssh'''
 
# '''cat >> authorized_keys < id_rsa.pub'''
 
# '''chmod 600 authorized_keys'''
 
# '''rm id_rsa.pub'''
 
  
== Useful linux commands ==
+
In '''/etc/X11/xdm/xdm-config''', comment out the last line '''!DisplayManager.requestPort:    0''' to authorize X terminal access from the network. Else port 177 won't be listened, as can be verified using '''nmap -sU localhost''', that lists the listening UDP ports. If checking with tcpdump, '''udp port xdmcp unreachable''' will be seen on the wire.
  
{| {{thead}}
+
In '''/etc/X11/xdm/Xaccess''', uncomment line  '''#* # any host can get a login window''' to authorize connection from any incoming IP address (or to restrict usage to your local network). In '''/etc/X11/xdm/Xservers''', comment out the line with ''':0''' to avoid getting an X login screen on the console.
|-
 
! {{chead}} width="220" | Command
 
! {{chead}} | Effect
 
|-
 
|<tt>'''cd'''</tt>||change directory.
 
|-
 
|<tt>'''chmod -R ppp ddd'''</tt>||recursively change permissions on file or directory.
 
|-
 
|<tt>'''chown -R uuu:ggg ddd'''</tt>||recursively change user:group ownership on file or directory.
 
|-
 
|<tt>'''chgrp -R ggg ddd'''</tt>||recursively change group ownership on file or directory.
 
|-
 
|<tt>'''command xxx <nowiki>|</nowiki> grep yyy'''</tt>||search for string yyy in output of command xxx.
 
|-
 
|<tt>'''ethtool -s eth0 wol g'''</tt>||puts interface eth0 in wake-on-lan status.
 
|-
 
|<tt>'''find xxx -name yyy -print'''</tt>||find file yyy in in subdirectories of xxx.
 
|-
 
|<tt>'''ifconfig -a'''</tt>||kill print the network interfaces configuration.
 
|-
 
|<tt>'''iptables -L'''</tt>||print the firewall rules.
 
|-
 
|<tt>'''killall xxx'''</tt>||kill program named xxx.
 
|-
 
|<tt>'''ldconfig'''</tt>||reload libraries taking into account new libraries just built.
 
|-
 
|<tt>'''ln -s existing new'''</tt>||create a symbolic link new to an existing directory or file.
 
|-
 
|<tt>'''ls -al'''</tt>||list the working directory, including files beginning with a dot.
 
|-
 
|<tt>'''man xxx'''</tt>||display the xxx command manual page.
 
|-
 
|<tt>'''more xxx'''</tt>||display file xxx with the possibility of moving up and down. '''less''' and '''most''' are similar commands.
 
|-
 
|<tt>'''mount -t ttt /dev/xxx /mnt/ddd'''</tt>||mount device xxx as type ttt under directory ddd.
 
|-
 
|<tt>'''(u)mount /mnt/ddd'''</tt>||(u)mount device ddd as specified in /etc/fstab.
 
|-
 
|<tt>'''nmap <i>host</i>'''</tt>||check filtering status of ports on <i>host</i>. '''-sU''' for UDP.
 
|-
 
|<tt>'''ntpdate -bv 0.fr.pool.ntp.org'''</tt>|| force ntp synchronization.
 
|-
 
|<tt>'''ps -ef'''</tt>||list the running processes.
 
|-
 
|<tt>'''pwd'''</tt>||print working directory.
 
|-
 
|<tt>'''rm -r'''</tt>||remove file or directory recursively.
 
|-
 
|<tt>'''route'''</tt>||display the network routing table.
 
|-
 
|<tt>'''scp -p usr1@hst1:/str1  usr2@hst2:/str2'''</tt>||copy files between hosts.
 
|-
 
|<tt>'''screen <i>-S<name></i>'''</tt>||screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
 
|-
 
|<tt>'''ssh <i>host</i>'''</tt>||connect remotely to site <i>host</i>.
 
|-
 
|<tt>'''su -l uuuu'''</tt>||execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
 
|-
 
|<tt>'''telinit n'''</tt>||go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
 
|-
 
|<tt>'''umask'''</tt>||edit /etc/profile to change the default umask value of 022 and '''set it to 027''' (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
 
|-
 
|<tt>'''vi'''</tt>||run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
 
|}
 
  
<br clear=all>
+
To automatically launch '''xdm''' during Slackware init, add the following lines to '''/etc/rc.d/rc.local''' :
  
{{pFoot|[[Maintaining Slackware]]|[[Main Page]]|[[Configuration files]]}}
+
# Xdm
 +
if [ -x /usr/X11/bin/xdm ]; then
 +
        /usr/X11/bin/xdm
 +
fi
 +
 
 +
== X11 firewalling ==
 +
 
 +
At the firewall level, the X terminal must be able to contact the host using '''UDP 177''' and the host must be able to callback the X terminal using '''TCP 6000:6063'''. Open the corresponding ports, but to avoid login information to be sent over the wire, restrict usage to the local network :
 +
 
 +
# SSH-tunnelled X-Window output appears as input on interface lo
 +
iptables -A INPUT -p udp -j ACCEPT --dport 177 -s 192.168.0.0/24
 +
iptables -A INPUT -p tcp -j ACCEPT --dport 6000:6063 -m state --state NEW -s 192.168.0.0/24
 +
iptables -A INPUT -i lo -p tcp -j ACCEPT --dport 6000:6063 -m state --state NEW -s 192.168.0.0/24
 +
 
 +
For access from the Internet, il will be better to encapsulate X11 within an SSH session, using the X11 forwarding option. Due to encryption, this is however much slower. In this case, instead of KDE, prefer a less network-intensive window manager such as xfce4.
 +
 
 +
== X11 server ==
 +
 
 +
The X terminal can be a Linux computer on which you run the X server to display X from a remote client. For instance typing '''nohup X -query <i>host</i> :1 &''' will display X from host <i>host</i> on virtual terminal 8. This way you will be able to keep local X and remote X side by side and switch between them using '''<ctrl><alt><F7>''' and '''<ctrl><alt><F8>'''.
 +
 
 +
The X terminal can also be a Windows PC equipped with an X emulator such as [https://sourceforge.net/projects/vcxsrv/ VcXrv] or other software found from the Internet. At the time of this writing though, such software is frustrating due to unstability or poor licensing conditions, so VcXrv seems to currently be the better choice, although a bit slow. <u>'''Note'''</u> : Specify in the configuration that you will be using XDMCP.
 +
 
 +
== Windows firewall ==
 +
 
 +
On Windows, use the firewall with «'''Allow exceptions'''» and create an entry in the firewall for the X11 protocol (port 6000), specifying in the scope the server IP address or the local network (not the Internet).
 +
 
 +
<br/>
 +
 
 +
{{pFoot|[[X11 configuration]]|[[Main Page]]|[[Compiling the Kernel]]}}

Revision as of 11:59, 20 March 2026

Using X over the network affords accessing remote servers graphically as if you were on the console. So for instance, from your Windows workstation, you can run Windows and Linux side by side, full screen, and switch with function-key combinations such as alt-tab or ctrl-alt-F7 or F8. A very handy feature. X is natively present and fast on Linux. On Windows, it will always be a bit slower, and you need to install an X server. VcXrv is a very competent one.

The software presenting an X window on a terminal is called an X server, which is contrary to what we are used to, as the X server is not on the server but actually on the client ! Over the Internet, you will always encapsulate X11 in SSH (X11 forwarding, to configure in /etc/ssh/sshd_config) as the X protocols are not secure. However, X needs a significant bandwidth so it is not likely that you will use it over an ADSL connection as it would be too slow. Optical fiber could be OK though.

For more information on using remote X applications, check this mini-HOWTO or this excellent O'Reilly book.

Xdm, Kdm, Gdm

X requires a daemon on the server to handle connections. The base daemon is Xdm, that offers a graphical login directly under X, with no desktop manager. Access can be local on the computer console, or can be from an X terminal or X emulated terminal on the network.

The KDE and Gnome desktop environments Kdm and Gdm come with Xdm variants that have a different look and feel. It is possible to run one or several of the three, provided that they will not compete for management of the same terminals.

However it makes sense to use only one. Kdm is a good choice as it affords choosing the Session Window Manager (Kde, Xfce4, ...) from the connection dialog box.

Kdm

For KDE to manage X terminals over the network, update /etc/kde/kdm/kdmrc specifying Enable=true for [Xdmcp].

In /etc/kde/kdm/Xaccess, uncomment line #* # any host can get a login window to authorize connection from any incoming IP address (or to restrict usage to your local network).

Another trick using KDM : to be able to connect as root, update /etc/kde/kdm/kdmrc, specifying AllowRootLogin=true for [X-*-Core].

Xdm

In /etc/X11/xdm/xdm-config, comment out the last line !DisplayManager.requestPort: 0 to authorize X terminal access from the network. Else port 177 won't be listened, as can be verified using nmap -sU localhost, that lists the listening UDP ports. If checking with tcpdump, udp port xdmcp unreachable will be seen on the wire.

In /etc/X11/xdm/Xaccess, uncomment line #* # any host can get a login window to authorize connection from any incoming IP address (or to restrict usage to your local network). In /etc/X11/xdm/Xservers, comment out the line with :0 to avoid getting an X login screen on the console.

To automatically launch xdm during Slackware init, add the following lines to /etc/rc.d/rc.local : 

# Xdm
if [ -x /usr/X11/bin/xdm ]; then
        /usr/X11/bin/xdm
fi

X11 firewalling

At the firewall level, the X terminal must be able to contact the host using UDP 177 and the host must be able to callback the X terminal using TCP 6000:6063. Open the corresponding ports, but to avoid login information to be sent over the wire, restrict usage to the local network : 

# SSH-tunnelled X-Window output appears as input on interface lo
iptables -A INPUT -p udp -j ACCEPT --dport 177 -s 192.168.0.0/24
iptables -A INPUT -p tcp -j ACCEPT --dport 6000:6063 -m state --state NEW -s 192.168.0.0/24
iptables -A INPUT -i lo -p tcp -j ACCEPT --dport 6000:6063 -m state --state NEW -s 192.168.0.0/24

For access from the Internet, il will be better to encapsulate X11 within an SSH session, using the X11 forwarding option. Due to encryption, this is however much slower. In this case, instead of KDE, prefer a less network-intensive window manager such as xfce4.

X11 server

The X terminal can be a Linux computer on which you run the X server to display X from a remote client. For instance typing nohup X -query host :1 & will display X from host host on virtual terminal 8. This way you will be able to keep local X and remote X side by side and switch between them using <ctrl><alt><F7> and <ctrl><alt><F8>.

The X terminal can also be a Windows PC equipped with an X emulator such as VcXrv or other software found from the Internet. At the time of this writing though, such software is frustrating due to unstability or poor licensing conditions, so VcXrv seems to currently be the better choice, although a bit slow. Note : Specify in the configuration that you will be using XDMCP.

Windows firewall

On Windows, use the firewall with «Allow exceptions» and create an entry in the firewall for the X11 protocol (port 6000), specifying in the scope the server IP address or the local network (not the Internet).


X11 configuration Main Page Compiling the Kernel
Retrieved from "http://studioware.com/wikislax/index.php?title=Linux_basics&oldid=153"