From owner-freebsd-questions@FreeBSD.ORG Sun Dec 17 10:53:38 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8D85416A47B for ; Sun, 17 Dec 2006 10:53:38 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.187.76.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFA3243CAE for ; Sun, 17 Dec 2006 10:53:30 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from [IPv6:::1] (localhost.infracaninophile.co.uk [IPv6:::1]) by smtp.infracaninophile.co.uk (8.13.8/8.13.8) with ESMTP id kBHAr9sk003686; Sun, 17 Dec 2006 10:53:09 GMT (envelope-from m.seaman@infracaninophile.co.uk) Message-ID: <4585218A.4030207@infracaninophile.co.uk> Date: Sun, 17 Dec 2006 10:52:58 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 1.5.0.8 (X11/20061216) MIME-Version: 1.0 To: Lane References: <200612161224.14708.lane@joeandlane.com> <200612161350.12657.lane@joeandlane.com> <20061216233254.GF4409@rescomp.berkeley.edu> <200612161744.01856.lane@joeandlane.com> In-Reply-To: <200612161744.01856.lane@joeandlane.com> X-Enigmail-Version: 0.94.0.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig79329E404BD8E33E16F36415" X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (smtp.infracaninophile.co.uk [IPv6:::1]); Sun, 17 Dec 2006 10:53:25 +0000 (GMT) X-Virus-Scanned: ClamAV 0.88.7/2349/Sun Dec 17 00:12:22 2006 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00, DKIM_POLICY_TESTING,NO_RELAYS autolearn=ham version=3.1.7 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on happy-idiot-talk.infracaninophile.co.uk Cc: FreeBSD Questions , Christopher Cowart Subject: Re: xorg on a headless, mouseless, keyboardless box X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Dec 2006 10:53:38 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig79329E404BD8E33E16F36415 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Lane wrote: > I can, in fact, run a gui root process on the remote machine, now. >=20 > Unfortunately I still can't run qemu so that I can get the console. I = get: >=20 > X Error of failed request: BadWindow (invalid Window parameter) > Major opcode of failed request: 25 (X_SendEvent) > Resource id in failed request: 0x3e > Serial number of failed request: 18 > Current serial number in output stream: 21 >=20 >=20 > Any advice on how to setup the remote (headless, mouseless, and keyboar= dless)=20 > server to run X? My brain is fried trying to track down a HOWTO, and t= he=20 > wiki is just a half millimeter left of useless. The quickest and easiest method would be to run this on your desktop *before* SSH'ing to the other machine: xhost +LOCAL: That means that any user on the same machine (technically, any user accessing your display via the local domain socket /tmp/.X11-unix/X0) can pop up windows on your X display. Because of the way SSH X- forwarding works, all the processes on your remote machine appear to the local X server as if they were running on your local desktop, so that command will work for them too. Obviously this has security implications on machines where you do not trust all of the users -- for instance it would be fairly trivial for anyone else with access to either of those machines to be able to capture= all of your keyboard input including any passwords you needed to type. You need to be able to trust implicitly both your local desktop and the remote server you're logging into. You can have more fine-grained control by using xauth to copy the access tokens for your display into the .Xauthority file in another users' home directory: xauth nextract - $DISPLAY | su - otheruser -c "xauth nmerge -" You should only need to do that one time per $DISPLAY, but if you're doing X forwarding over SSH, you may need to do that at least once for each desktop machine you log in from, even if you get the same $DISPLAY setting each time. ssh, when doing X forwarding, does pretty much that internally to forward your credentials so commands on the remote machine can display on the desktop in front of you. Note: $DISPLAY is set automatically for you when you enable X forwarding and SSH in. You may need to quietly eliminate misguided attempts to set $DISPLAY in the shell startup scripts of otheruser --- it should inherit the value from your environment if you become that user by su(1) or sudo(= 1). See xauth(1) for more information about what you can do with it -- quite a lot more really. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig79329E404BD8E33E16F36415 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFhSGV8Mjk52CukIwRCO4fAJwJaLFugFXg/elzRvDJiE0/mzJFJwCgjvZF jEKdAvtZ66G52dfUlilZYdY= =9bJN -----END PGP SIGNATURE----- --------------enig79329E404BD8E33E16F36415--