[GTALUG] Lightdm "Secure Remote connection"
Giles Orr
gilesorr at gmail.com
Mon Feb 8 06:58:33 UTC 2016
> On Sun, Feb 07, 2016 at 01:59:26PM -0500, Giles Orr wrote:
>> Lightdm offers as one of the options at the login screen, a "Secure
>> Remote connection" (this is on Debian jessie). If this is selected,
>> you enter a username and password as usual, and when you click "Log
>> in" it asks for a "host:port" combination. I haven't used this
>> before, so I guessed that 192.168.0.105:22 (a valid machine on my
>> network) would be appropriate. After some cogitation and a bit of
>> screen flashing, this returns to the login prompt.
>>
>> What settings do I need locally and remotely for this to work? Where
>> should I look for errors? Any thoughts?
>>
>> A bunch of points that may help:
>> - ssh is installed on both machines, sshd is running and remote logins
>> work both ways
>> - the lightdm and lightdm-gtk-greeter packages are installed on both machines
>> - the remote machine is running Ubuntu trusty
>> - the remote user I'm trying to connect as is already running a local
>> X session on the remote machine: I'm assuming that doesn't matter?
>> - wireshark and the hard-to-read logs in /var/log/lightdm/ (on both
>> ends of the connection) suggest that ssh connects properly and X
>> starts ... and then fails, but I'm not clear on why. Nor am I totally
>> sure I'm reading this right
>>
>> - this feature appears to be totally undocumented: the interface
>> explains nothing, there's nothing in the man page, and even Google
>> knows nothing ... I even resorted to code diving, but "Secure Remote
>> connection" isn't in there. It's also not anywhere in /etc/ where I
>> would have expected to find it if it was an option configured by
>> Debian (although it could be under /usr/ ... I haven't done a grep of
>> that entire tree ...)
>>
>> Thanks for any assistance.
On 7 February 2016 at 14:25, William Park <opengeometry at yahoo.ca> wrote:
> 1. You may need to configure the remote Lightdm to accept incoming XDMCP
> connection. If
> X -query 192.168.0.105
> works, then it's accepting. Search for "XDMCP" keyword.
>
> 2. Check the firewall on port 177 and 6000-6010. No need, if #1 works.
> :-)
>
> 3. Now, encryption part... I don't know what "Secure Remote Connection"
> means. It could mean port forwarding via SSH (-X or -Y option). Or, it
> could mean some new features of Lightdm, in which case, check its config
> file.
It seems to me that if it's doing what we're both guessing it's doing
- ie. using ssh to connect to the remote machine before forwarding the
connection - then the firewall rules are unnecessary because all
connections are local. Nevertheless, I've applied them. Still no
joy.
The only thing that made a difference (and only on localhost) was
changing /etc/X11/Xwrapper.config from "allow_users=console" to
"allow_users=anyone". This changed the output of "X -query localhost"
from "you don't have permission" to:
(EE)
Fatal server error:
(EE) Server is already active for display 0
If this server is no longer running, remove /tmp/.X0-lock
and start again.
(EE)
(EE)
Please consult the The X.Org Foundation support
at http://wiki.x.org
for help.
(EE)
A hint online suggested that since I already have X running on :0, I
should use "X -query localhost:1" which gets much the same error as
above, with one line changed:
Fatal server error:
(EE) Xserver: Name or service not known: -query localhost:1
And yet, this command:
Xephyr -query localhost -screen 1024x768 -dpi 96 -terminate :1 &
works exactly as expected, starting X in a box.
--
Giles
http://www.gilesorr.com/
gilesorr at gmail.com
More information about the talk
mailing list