You are not logged in.
- Topics: Active | Unanswered
#1 2010-09-26 08:06:44
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,600
- Website
trying to secure xdmcp over ssh - macbook pro <-> arch server [solved]
The wife has a macbook pro and would like to use the Arch box over our LAN via Xdmcp. Once the Arch box is configured to allow Xdmcp, it's a simple matter of a single command on the Mac from a terminal:
$ Xnest -query archbox -geometry 1270x750 :1A few seconds later, gdm opens up in the X11 window on the Mac and everything works but this option is not secured. I found several articles suggesting that one can use ssh to secure the connection but I hit a wall getting it to work on the macbook pro.
On the mac:
$ ssh -X username@archbox -n Xnest -query localhost -geometry 1250x750 :1
username@archbox's password:
(EE) AIGLX error: dlopen of /usr/lib/xorg/modules/dri/swrast_dri.so failed (/usr/lib/xorg/modules/dri/swrast_dri.so: cannot open shared object file: No such file or directory)
(EE) GLX: could not load software renderer
[dix] Could not init font path element /usr/share/fonts/OTF/, removing from list!
Couldn't get keyboard.
Fatal server error:
XDMCP fatal error: Manager unwilling Host unwillingSuggestions are welcomed 
Last edited by graysky (2010-09-30 19:05:00)
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
#2 2010-09-26 15:48:14
- jelly
- Administrator
- From: /dev/null
- Registered: 2008-06-10
- Posts: 714
Re: trying to secure xdmcp over ssh - macbook pro <-> arch server [solved]
You also could try NX which is better
Offline
#3 2010-09-26 18:00:48
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,600
- Website
Re: trying to secure xdmcp over ssh - macbook pro <-> arch server [solved]
I tried NX in the past but didn't like it. I have a gigalan at home so even if this method isn't very efficient it won't matter.... for now I'd like to understand the cause of this error.
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
#4 2010-09-30 19:04:21
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,600
- Website
Re: trying to secure xdmcp over ssh - macbook pro <-> arch server [solved]
The answer is here.
Finally have it working smoothly after configuring the Linux box to use RSAAuthentication and PubkeyAuthentication. Thanks again for the tip!
------
#!/bin/bash
xinit /usr/bin/ssh -Y user@linux gnome-session -- /usr/X11/bin/Xnest :5 -geometry 1270x750 -ac
------> Does this work for you?
>
> xinit /usr/bin/ssh -Y user@linux gnome-session --
> /usr/X11/bin/Xnest :5 -geometry 1270x750 -ac
>
> I'm not sure if it will handle password authentication, so
> make sure you use ssh keys for authentication. You
> should get a nice graphical passphrase request, or you can
> use 'ssh-add' beforehand.
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
#5 2010-09-30 19:23:53
- tomk
- Forum Fellow
- From: Ireland
- Registered: 2004-07-21
- Posts: 9,839
Re: trying to secure xdmcp over ssh - macbook pro <-> arch server [solved]
Possibly irrelevant question, but why are you concerned about security when it's all within your LAN? Just because it's A Good Thing?
Offline
#6 2010-09-30 19:51:34
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,600
- Website
Re: trying to secure xdmcp over ssh - macbook pro <-> arch server [solved]
@tomk - Yes. Also, if I decide to add a wireless router to my LAN, I want all box-to-box communications to be encrypted. Wireless security is a strange thing with many ways to be defeated.
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline