question on x windows

Wed Feb 27 03:25:43 UTC 2008

Aaron Bliss wrote:
> Hi everyone,
> I have a user who would like to connect to x windows on one of our linux 
> servers.  I'm not use to offering up x windows to any end users (I'm a 
> command line guy) so I'm struggling with this a bit.  I've installed x 
> font server, daemon is running, and I installed xfce.  Server is running 
> at run level 5 right now.  I'm not sure what ports I need to open on the 
> firewall to allow them to connect to the server or what other config 
> files that might be preventing them from displaying an x session on 
> their desktop (they have a windows x server running on their machines).  
> I know that x windows sessions are insecure, so I would also be in favor 
> of forwarding the session over ssh, but I would like to know how to 
> connect with and without ssh to the xfs server.  Thanks for your help.
> 
> Aaron
> 

You will want to make sure you have a display manager running, this 
takes care of the actual X environment, the process is called (off the 
top of my head) gdm.

xfs is the font server, this allows a local server/remote server to 
display the correct fonts, you will need to make sure this is publically 
accessable, netstat -anp | grep xfs should give you the port you will 
need to open up, and the X server will need to support a remote font 
server. The downside to no support here is that things will look really 
screwed up on the X Server when running applications that require fonts 
that the X Server doesn't know about. (generally it will revert to a 
generic font with interesting results)

The X server will then need to make a direct XDMCP query to the server, 
this should be in the options somewhere in the X server and will depend 
on the server being used. You will know if this works as you should be 
presented with a GUI login screen. Again, no idea what port this works 
on, doing a netstat -anp | grep gdm should give this to you.

Once a session has been established, connections from the xclients to 
the X server will need to be allowed, these happen as pointed out 
earlier on port 6000 (and possibly higher in some circumstances - but I 
forget what these are)

If there is just a single X application that the user wants to use. then 
get them to run the X server locally accepting all connections from 
localhost, then using ssh (putty is good) turn on X forwarding in the 
client, make sure that 'X11Forwarding' is set to 'Yes' in the 
/etc/ssh/sshd_config file (you will need to restart sshd for this to 
take effect) and then ssh to the box. The ssh server will automagically 
setup your environment and the user can just run X apps and it will work 
[tm], as an example, try typing 'xterm' in the ssh window, and you 
should find an xterm appears.

Note as well, that these days, X is not really ment to run across a 
network with the full desktop/gnome/KDE/bells and whistles like window 
animations and stuff enabled, if you want this stuff - then sometimes 
you CAN get it, but its a pain and you will probably end up having to 
put an any/any allow rule in your firewall to cater for the random ports 
things will open up (sound daemons etc etc) or expect random brokeness.

HTH,

-- 
Steve.