LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

May 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS May 2014

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: ssh -X xinit failure
From:	Nico Kadel-Garcia <[log in to unmask]>
Reply To:	Nico Kadel-Garcia <[log in to unmask]>
Date:	Wed, 7 May 2014 20:27:07 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (49 lines)

On Wed, May 7, 2014 at 4:02 PM, Yasha Karant <[log in to unmask]> wrote:
> Thank you for the information on www.nomachine.com, etc.  Two points:  I was
> not confused about the mechanisms and terminology of X windows, but the
> university network security czar administrative (not academic) group
> evidently was -- I simply "followed instructions" that clearly are
> incorrect, and, silly me, did not experiment with simple tests. Second:
> does the package you recommend behave *IDENTICALLY* to ssh -X so far as any
> network security (ports, protocols, packet headers, etc.) can detect?

It does not. It runs a separate SSH tunneling server on an alternative
port, one that has much more graceful server side interfaces to manage
the configurations. It requires a client SSH private key to establish
the original connection, and this is easily altered on a site by site
basis, so it supports a robust 2-fator authentication work mode. It
then has a graceful GUI for managing client sessions, setting policies
for maximum numbers of clients, whether a client can have two
sessions, or whether a client can share their sessions.

> Almost all network protocols are blocked by the same security group,
> including some internal packet examination that may be able to detect if ssh
> -X is not being used.  Only ssh -X is "permitted" by this group for remote X
> windows, and none of the MS Windows (currently 7) university-wide-supplied
> classroom console "workstations" have any X windows servers -- thus I must

Why not bring a USB stick with CygWin on it? Or a live DVD to boot
with, unless they've locked that down?

And a word with them about "NX based X sessions", mentioning the free
personal use and better resource management, might be worth educating
them about it. See https://www.nomachine.com/AR01L00770 for more
details about the relevant ports and services.

> bring my research laptop to class to demonstrate any GUI running on a Linux
> machine (such as a compute server with a graphical debugger).  Of necessity,
> we have more control over the protocols, etc., used on the research
> networks, but these are not used by any direct instructional facility.
> Within our Department (technically, School), our instructional technicians
> run our own instructional network (separate from any research network), and
> this is more permissive of protocols than the university czar group allows
> -- although the czar group has attempted to gain control of, and thus
> effectively shut down, our instructional network (that mostly has SL6
> workstations).  However, the question I am pursuing is for use in classrooms
> outside those we control.
>
> Yasha Karant

OK, I've not tried to install the Windows NX client on removeable
media, but that might be a good way to make it work.

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV