LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

May 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS May 2014

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: ssh -X xinit failure
From:	Yasha Karant <[log in to unmask]>
Reply To:	Yasha Karant <[log in to unmask]>
Date:	Wed, 7 May 2014 23:19:23 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (68 lines)

On 05/07/2014 05:27 PM, Nico Kadel-Garcia wrote:
> On Wed, May 7, 2014 at 4:02 PM, Yasha Karant <[log in to unmask]> wrote:
>> Thank you for the information on www.nomachine.com, etc.  Two points:  I was
>> not confused about the mechanisms and terminology of X windows, but the
>> university network security czar administrative (not academic) group
>> evidently was -- I simply "followed instructions" that clearly are
>> incorrect, and, silly me, did not experiment with simple tests. Second:
>> does the package you recommend behave *IDENTICALLY* to ssh -X so far as any
>> network security (ports, protocols, packet headers, etc.) can detect?
> It does not. It runs a separate SSH tunneling server on an alternative
> port, one that has much more graceful server side interfaces to manage
> the configurations. It requires a client SSH private key to establish
> the original connection, and this is easily altered on a site by site
> basis, so it supports a robust 2-fator authentication work mode. It
> then has a graceful GUI for managing client sessions, setting policies
> for maximum numbers of clients, whether a client can have two
> sessions, or whether a client can share their sessions.
>
>> Almost all network protocols are blocked by the same security group,
>> including some internal packet examination that may be able to detect if ssh
>> -X is not being used.  Only ssh -X is "permitted" by this group for remote X
>> windows, and none of the MS Windows (currently 7) university-wide-supplied
>> classroom console "workstations" have any X windows servers -- thus I must
> Why not bring a USB stick with CygWin on it? Or a live DVD to boot
> with, unless they've locked that down?
>
> And a word with them about "NX based X sessions", mentioning the free
> personal use and better resource management, might be worth educating
> them about it. See https://www.nomachine.com/AR01L00770 for more
> details about the relevant ports and services.
>
>> bring my research laptop to class to demonstrate any GUI running on a Linux
>> machine (such as a compute server with a graphical debugger).  Of necessity,
>> we have more control over the protocols, etc., used on the research
>> networks, but these are not used by any direct instructional facility.
>> Within our Department (technically, School), our instructional technicians
>> run our own instructional network (separate from any research network), and
>> this is more permissive of protocols than the university czar group allows
>> -- although the czar group has attempted to gain control of, and thus
>> effectively shut down, our instructional network (that mostly has SL6
>> workstations).  However, the question I am pursuing is for use in classrooms
>> outside those we control.
>>
>> Yasha Karant
> OK, I've not tried to install the Windows NX client on removeable
> media, but that might be a good way to make it work.
The university provided MS Win 7 machines are fully locked down -- to 
run gvim so that I could have students see Linux systems programming 
sample source code, I had to have one of the university technicians 
install gvim.  It will work until the next "upgrade" that usually has a 
full reformat of the university classroom computer drives.  Although I 
am a tenured professor who teaches this material (and deos research 
involving it), I am not permitted to install software on any 
Departmental machine (including those in Departmental classrooms) but 
must have a Department technician install any applications, etc., that I 
might need.  As the Departmental Linux machines do support ssh -X (but 
no other protocols -- and the Departmental MS Win machines have no X 
servers), I ssh -X to a research machine (for which I do have root 
access and have externally funded research support) to access 
applications that I need for instructional demonstration as well as 
research.  A simple example will suffice:  so that students can 
experience the practical differences between GUI web browsers, I have 
firefox, seamonkey, chrome, opera, konqueror, and several others 
installed, and show MS Internet Exploder under MS Win 7 under Virtual 
Box under Linux.  This can be a very instructive demonstration of a 
nominally "standards based" interface.  However, it cannot be done from 
any non-research machine.

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV