Difference between pages "X11 over the network" and "Linux basics"

From Wikislax
(Difference between pages)
Jump to: navigation, search
(Kdm)
 
(Useful linux commands)
 
Line 1: Line 1:
{{RightTOC}}
+
== Using VI ==
  
Using X over the network affords accessing remote servers graphically as if you were on the console. So for instance, from your Windows workstation, you can run Windows and Linux side by side, full screen, and switch with function-key combinations such as alt-tab or ctrl-alt-F7 or F8. A very handy feature. X is natively present and fast on Linux. On Windows, it will always be a bit slower, and you need to install an X server. [https://sourceforge.net/projects/vcxsrv/ VcXrv] is a very competent one.
+
'''vi''' (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, '''vi''' was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.
  
The software presenting an X window on a terminal is called an X server, which is contrary to what we are used to, as the X server is not on the server but actually on the client ! Over the Internet, you will always encapsulate X11 in SSH ('''X11 forwarding''', to configure in '''/etc/ssh/sshd_config''') as the X protocols are not secure. However, X needs a significant bandwidth so it is not likely that you will use it over an ADSL connection as it would be too slow. Optical fiber could be OK though.
+
The open mode affords moving the cursor. '''j''', '''k''', '''l''', '''m''' move the cursor by one character. '''ctrl-f''' moves one page forward and '''ctrl-b''' moves one page backwards. '''w''' moves one word forward and  '''b''' moves one word backwards. It is also possible to use the arrow keys.
  
For more information on using remote X applications, check this [http://www.xs4all.nl/~zweije/xauth.html mini-HOWTO] or this excellent [http://shop.oreilly.com/product/9780596101954.do O'Reilly book].
+
'''i''' goes into insert mode before the cursor, '''a''' goes into insert mode after the cursor, and '''A''' goes into insert mode at the end of the line. '''o''' adds a line after the current line, and '''O''' adds a live before the current line. '''R''' goes into rewrite mode.
  
== Xdm, Kdm, Gdm ==
+
'''esc''' affords getting out of the insert mode.
  
X requires a daemon on the server to handle connections. The base daemon is Xdm, that offers a graphical login directly under X, with no desktop manager. Access can be local on the computer console, or can be from an X terminal or X emulated terminal on the network.
+
'''c$''' affords replacing the end of the line and '''d$''' affords deleting the end of the line. '''cw''' affords replacing one word and '''dw''' affords deleting one word. '''dd''' affords deleting the current line.
  
The KDE and Gnome desktop environments Kdm and Gdm come with Xdm variants that have a different look and feel. It is possible to run one or several of the three, provided that they will not compete for management of the same terminals.
+
''':q''' affords quitting without saving. If the file has been modified, quitting must be forced by typing ''':q!'''. ''':x''' affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing ''':x!'''. ''':w''' affords writing the text in a new file. If the new file already exists, writing must be forced by typing ''':w!'''.
  
However it makes sense to use only one. Kdm is a good choice as it affords choosing the Session Window Manager (Kde, Xfce4, ...) from the connection dialog box.
+
''':num''' affords moving to the line number num. ''':$''' affords moving to the end of the file.
 +
''':num1copynum2''' affords copying the line number num1 after the line number num2. ''':num1mnum2''' affords moving the line number num1 after the line number num2.
  
== Kdm ==
+
For detailed information, check the [http://vimdoc.sourceforge.net/htmldoc/help.html VIM Documentation]. To enter special characters check the page on [http://vimdoc.sourceforge.net/htmldoc/digraph.html digraphs]. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
  
For KDE to manage X terminals over the network, update '''/etc/kde/kdm/kdmrc''' specifying '''Enable=true''' for '''[Xdmcp]'''.
+
To get syntax highligting instead of '''vi''' use the '''vim'''(vi improved) replacement :
  
To be able to connect as root, update '''/etc/kde/kdm/kdmrc''', specifying '''AllowRootLogin=true''' for '''[X-*-Core]'''.
+
# '''cd /usr/bin'''
 +
# '''rm vi'''
 +
# '''ln -s vim vi'''
  
In '''/etc/kde/kdm/Xaccess''', uncomment line  '''#* # any host can get a login window''' to authorize connection from any incoming IP address (or to restrict usage to your local network).
+
== Using SSH ==
  
== Xdm ==
+
SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, '''ssh''' offers a command line terminal, '''scp''' affords copying a file, and '''sftp''' behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is [https://www.openssh.com/ OpenSSH], developped by members of the [https://www.openbsd.org/ OpenBSD] project.
  
In '''/etc/X11/xdm/xdm-config''', comment out the line '''#DisplayManager.requestPort:    0''' to authorize X terminal access from the network. Else port 177 won't be listened, as can be verified using '''nmap -sU localhost''', that lists the listening UDP ports. If checking with tcpdump, '''udp port xdmcp unreachable''' will be seen on the wire.
+
'''ssh''' obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time :
  
In '''/etc/X11/xdm/Xaccess''', uncomment line '''#* # any host can get a login window''' to authorize connection from any incoming IP address (or to restrict usage to your local network). In '''/etc/X11/xdm/Xservers''', comment out the line with ''':0''' to avoid getting an X login screen on the console.
+
# '''ssh-keygen -t rsa'''
 +
Generating public/private rsa key pair.
 +
Enter file in which to save the key (/root/.ssh/id_rsa): '''<cr>'''
 +
Enter passphrase (empty for no passphrase): '''<cr>'''
 +
  Enter same passphrase again: '''cr>'''
 +
Your identification has been saved in /root/.ssh/id_rsa.
 +
Your public key has been saved in /root/.ssh/id_rsa.pub.
 +
The key fingerprint is:
 +
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
 +
The key's randomart image is:
 +
+---[RSA 2048]----+
 +
|  ..=O+..      |
 +
|    ..o++.    ..|
 +
|      oo.    = +|
 +
|      . +o . = +.|
 +
|      oSo. o * o|
 +
|        . o o*.=.|
 +
|        = +E+* .|
 +
|        + ...+.. |
 +
|        ++o+    |
 +
+----[SHA256]-----+
 +
# '''scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub'''
 +
password: '''secret<cr>'''
 +
id_rsa.pub                                          100% 394      1.8MB/s  00:00
 +
# '''ssh server'''
 +
password: '''secret<cr>'''
 +
# '''cd .ssh'''
 +
# '''cat >> authorized_keys < id_rsa.pub'''
 +
# '''chmod 600 authorized_keys'''
 +
# '''rm id_rsa.pub'''
  
To automatically launch '''xdm''' during Slackware init, add the following lines to '''/etc/rc.d/rc.local''' :
+
== Useful linux commands ==
  
  # Xdm
+
{| {{thead}}
if [ -x /usr/X11/bin/xdm ]; then
+
|-
        /usr/X11/bin/xdm
+
! {{chead}} width="220" | Command
fi
+
! {{chead}} | Effect
 +
|-
 +
|<tt>'''cd'''</tt>||change directory.
 +
|-
 +
|<tt>'''chmod -R ppp ddd'''</tt>||recursively change permissions on file or directory.
 +
|-
 +
|<tt>'''chown -R uuu:ggg ddd'''</tt>||recursively change user:group ownership on file or directory.
 +
|-
 +
|<tt>'''chgrp -R ggg ddd'''</tt>||recursively change group ownership on file or directory.
 +
|-
 +
|<tt>'''command xxx <nowiki>|</nowiki> grep yyy'''</tt>||search for string yyy in output of command xxx.
 +
|-
 +
|<tt>'''ethtool -s eth0 wol g'''</tt>||puts interface eth0 in wake-on-lan status.
 +
|-
 +
|<tt>'''find xxx -name yyy -print'''</tt>||find file yyy in in subdirectories of xxx.
 +
|-
 +
|<tt>'''groupadd <<i>group</i>>'''</tt>||add group <<i>group</i>>.
 +
|-
 +
|<tt>'''ifconfig -a'''</tt>||print the network interfaces configuration.
 +
|-
 +
|<tt>'''iptables -L'''</tt>||print the firewall rules.
 +
|-
 +
|<tt>'''killall xxx'''</tt>||kill program named xxx.
 +
|-
 +
|<tt>'''ldconfig'''</tt>||reload libraries taking into account new libraries just built.
 +
|-
 +
|<tt>'''ln -s existing new'''</tt>||create a symbolic link new to an existing directory or file.
 +
|-
 +
|<tt>'''ls -al'''</tt>||list the working directory, including files beginning with a dot.
 +
|-
 +
|<tt>'''man xxx'''</tt>||display the xxx command manual page.
 +
|-
 +
|<tt>'''mkisofs -o Windows7SP1.iso -J -r xxx'''</tt>||Put xxx in an iso image.
 +
|-
 +
|<tt>'''more xxx'''</tt>||display file xxx with the possibility of moving up and down. '''less''' and '''most''' are similar commands.
 +
|-
 +
|<tt>'''mount -t ttt /dev/xxx /mnt/ddd'''</tt>||mount device xxx as type ttt under directory ddd.
 +
|-
 +
|<tt>'''(u)mount /mnt/ddd'''</tt>||(u)mount device ddd as specified in /etc/fstab.
 +
|-
 +
|<tt>'''nmap <i>host</i>'''</tt>||check filtering status of ports on <i>host</i>. '''-sU''' for UDP.
 +
|-
 +
|<tt>'''ntpdate -bv 0.fr.pool.ntp.org'''</tt>|| force ntp synchronization.
 +
|-
 +
|<tt>'''ps -ef'''</tt>||list the running processes.
 +
|-
 +
|<tt>'''pwd'''</tt>||print working directory.
 +
|-
 +
|<tt>'''rm -r'''</tt>||remove file or directory recursively.
 +
|-
 +
|<tt>'''route'''</tt>||display the network routing table.
 +
|-
 +
|<tt>'''scp -p usr1@hst1:/str1 usr2@hst2:/str2'''</tt>||copy files between hosts.
 +
|-
 +
|<tt>'''screen <i>-S<name></i>'''</tt>||screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
 +
|-
 +
|<tt>'''ssh <i>host</i>'''</tt>||connect remotely to site <i>host</i>.
 +
|-
 +
|<tt>'''su -l uuuu'''</tt>||execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
 +
|-
 +
|<tt>'''telinit n'''</tt>||go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
 +
|-
 +
|<tt>'''umask'''</tt>||edit /etc/profile to change the default umask value of 022 and '''set it to 027''' (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
 +
|-
 +
|<tt>'''useradd <<i>group</i>> <<i>user</i>>'''</tt>||add <<i>user</i>> as a member of group <<i>group</i>>.
 +
|-
 +
|<tt>'''vi'''</tt>||run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.
 +
|}
  
== X11 firewalling ==
+
<br clear=all>
  
At the firewall level, the X terminal must be able to contact the host using '''UDP 177''' and the host must be able to callback the X terminal using '''TCP 6000:6063'''. Open the corresponding ports, but to avoid login information to be sent over the wire, restrict usage to the local network :
+
{{pFoot|[[Maintaining Slackware]]|[[Main Page]]|[[Configuration files]]}}
 
 
# SSH-tunnelled X-Window output appears as input on interface lo
 
iptables -A INPUT -p udp -j ACCEPT --dport 177 -s 192.168.0.0/24
 
iptables -A INPUT -p tcp -j ACCEPT --dport 6000:6063 -m state --state NEW -s 192.168.0.0/24
 
iptables -A INPUT -i lo -p tcp -j ACCEPT --dport 6000:6063 -m state --state NEW -s 192.168.0.0/24
 
 
 
For access from the Internet, il will be better to encapsulate X11 within an SSH session, using the X11 forwarding option. Due to encryption, this is however much slower. In this case, instead of KDE, prefer a less network-intensive window manager such as xfce4.
 
 
 
== X11 server ==
 
 
 
The X terminal can be a Linux computer on which you run the X server to display X from a remote client. For instance typing '''nohup X -query <i>host</i> :1 &''' will display X from host <i>host</i> on virtual terminal 8. This way you will be able to keep local X and remote X side by side and switch between them using '''<ctrl><alt><F7>''' and '''<ctrl><alt><F8>'''.
 
 
 
The X terminal can also be a Windows PC equipped with an X emulator such as [https://sourceforge.net/projects/vcxsrv/ VcXrv] or other software found from the Internet. At the time of this writing though, such software is frustrating due to unstability or poor licensing conditions, so VcXrv seems to currently be the better choice, although a bit slow. <u>'''Note'''</u> : Specify in the configuration that you will be using XDMCP.
 
 
 
== Windows firewall ==
 
 
 
On Windows, use the firewall with «'''Allow exceptions'''» and create an entry in the firewall for the X11 protocol (port 6000), specifying in the scope the server IP address or the local network (not the Internet).
 
 
 
<br/>
 
 
 
{{pFoot|[[X11 configuration]]|[[Main Page]]|[[Compiling the Kernel]]}}
 

Revision as of 13:44, 29 March 2026

Using VI

vi (pronounced vee-eye) is the Unix standard text editor so affords editing the configuration files by hand. If you don’t know it yet, it can be a bit surprising. Actually, vi was created at a time when the keyboards did not have any arrow or insert keys. So there are two modes: the «open» mode and the «insert» mode.

The open mode affords moving the cursor. j, k, l, m move the cursor by one character. ctrl-f moves one page forward and ctrl-b moves one page backwards. w moves one word forward and b moves one word backwards. It is also possible to use the arrow keys.

i goes into insert mode before the cursor, a goes into insert mode after the cursor, and A goes into insert mode at the end of the line. o adds a line after the current line, and O adds a live before the current line. R goes into rewrite mode.

esc affords getting out of the insert mode.

c$ affords replacing the end of the line and d$ affords deleting the end of the line. cw affords replacing one word and dw affords deleting one word. dd affords deleting the current line.

:q affords quitting without saving. If the file has been modified, quitting must be forced by typing :q!. :x affords saving and quitting. If the file does not have the write rigths, saving must be forced by typing :x!. :w affords writing the text in a new file. If the new file already exists, writing must be forced by typing :w!.

:num affords moving to the line number num. :$ affords moving to the end of the file. :num1copynum2 affords copying the line number num1 after the line number num2. :num1mnum2 affords moving the line number num1 after the line number num2.

For detailed information, check the VIM Documentation. To enter special characters check the page on digraphs. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.

To get syntax highligting instead of vi use the vim(vi improved) replacement : 

# cd /usr/bin
# rm vi
# ln -s vim vi

Using SSH

SSH is a suite of tools affording connecting remotely over encrypted communications. On the client side, ssh offers a command line terminal, scp affords copying a file, and sftp behaves like ftp. The server side consists of sshd, sftp-server, and ssh-agent. ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen afford key management. The SSH present on Slackware and the BSDs is OpenSSH, developped by members of the OpenBSD project.

ssh obviously requires your password every time it is executed. This can be avoided by creating on the client a pair of rsa keys and copying the public key to the server. Not specifying a passphrase is not very secure but will afford avoiding having to enter it every time : 

# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): <cr>
Enter passphrase (empty for no passphrase): <cr>
Enter same passphrase again: cr>
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ATSDdER5/l8OJvr+jpINIReJtd81zntVbTjuJW5aobE root@client
The key's randomart image is:
+---[RSA 2048]----+
|   ..=O+..       |
|    ..o++.     ..|
|       oo.    = +|
|      . +o . = +.|
|       oSo. o * o|
|        . o o*.=.|
|         = +E+* .|
|        + ...+.. |
|         ++o+    |
+----[SHA256]-----+
# scp root@client:.ssh/id_rsa.pub root@server:.ssh/id_rsa.pub
password: secret<cr>
id_rsa.pub                                          100% 394      1.8MB/s   00:00
# ssh server
password: secret<cr>
# cd .ssh
# cat >> authorized_keys < id_rsa.pub
# chmod 600 authorized_keys
# rm id_rsa.pub

Useful linux commands

Command Effect
cd change directory.
chmod -R ppp ddd recursively change permissions on file or directory.
chown -R uuu:ggg ddd recursively change user:group ownership on file or directory.
chgrp -R ggg ddd recursively change group ownership on file or directory.
command xxx | grep yyy search for string yyy in output of command xxx.
ethtool -s eth0 wol g puts interface eth0 in wake-on-lan status.
find xxx -name yyy -print find file yyy in in subdirectories of xxx.
groupadd <group> add group <group>.
ifconfig -a print the network interfaces configuration.
iptables -L print the firewall rules.
killall xxx kill program named xxx.
ldconfig reload libraries taking into account new libraries just built.
ln -s existing new create a symbolic link new to an existing directory or file.
ls -al list the working directory, including files beginning with a dot.
man xxx display the xxx command manual page.
mkisofs -o Windows7SP1.iso -J -r xxx Put xxx in an iso image.
more xxx display file xxx with the possibility of moving up and down. less and most are similar commands.
mount -t ttt /dev/xxx /mnt/ddd mount device xxx as type ttt under directory ddd.
(u)mount /mnt/ddd (u)mount device ddd as specified in /etc/fstab.
nmap host check filtering status of ports on host. -sU for UDP.
ntpdate -bv 0.fr.pool.ntp.org force ntp synchronization.
ps -ef list the running processes.
pwd print working directory.
rm -r remove file or directory recursively.
route display the network routing table.
scp -p usr1@hst1:/str1 usr2@hst2:/str2 copy files between hosts.
screen -S<name> screen offers a frame to run a shell, detach from it (<ctrl>-a d) and later reattach to it.
ssh host connect remotely to site host.
su -l uuuu execute shell as another user. if -l is used an environment similar to what the other user would have had with a direct login is provided.
telinit n go to the runlevel n (1=single-user, 3=multi-user, 4=graphical, 6=reboot).
umask edit /etc/profile to change the default umask value of 022 and set it to 027 (files not readable by other users), a good setting except when installing as root server software to be ran as a standard user account (permission issues).
useradd <group> <user> add <user> as a member of group <group>.
vi run the vi text editor. To get rid of the message "skipping N old session files", delete files elvis*.ses in /var/tmp.


Maintaining Slackware Main Page Configuration files
Retrieved from "http://studioware.com/wikislax/index.php?title=X11_over_the_network&oldid=179"