Lightdm "Secure Remote connection"
Lightdm offers as one of the options at the login screen, a "Secure Remote connection" (this is on Debian jessie). If this is selected, you enter a username and password as usual, and when you click "Log in" it asks for a "host:port" combination. I haven't used this before, so I guessed that 192.168.0.105:22 (a valid machine on my network) would be appropriate. After some cogitation and a bit of screen flashing, this returns to the login prompt. What settings do I need locally and remotely for this to work? Where should I look for errors? Any thoughts? A bunch of points that may help: - ssh is installed on both machines, sshd is running and remote logins work both ways - the lightdm and lightdm-gtk-greeter packages are installed on both machines - the remote machine is running Ubuntu trusty - the remote user I'm trying to connect as is already running a local X session on the remote machine: I'm assuming that doesn't matter? - wireshark and the hard-to-read logs in /var/log/lightdm/ (on both ends of the connection) suggest that ssh connects properly and X starts ... and then fails, but I'm not clear on why. Nor am I totally sure I'm reading this right - this feature appears to be totally undocumented: the interface explains nothing, there's nothing in the man page, and even Google knows nothing ... I even resorted to code diving, but "Secure Remote connection" isn't in there. It's also not anywhere in /etc/ where I would have expected to find it if it was an option configured by Debian (although it could be under /usr/ ... I haven't done a grep of that entire tree ...) Thanks for any assistance. -- Giles http://www.gilesorr.com/ gilesorr@gmail.com
1. You may need to configure the remote Lightdm to accept incoming XDMCP connection. If X -query 192.168.0.105 works, then it's accepting. Search for "XDMCP" keyword. 2. Check the firewall on port 177 and 6000-6010. No need, if #1 works. :-) 3. Now, encryption part... I don't know what "Secure Remote Connection" means. It could mean port forwarding via SSH (-X or -Y option). Or, it could mean some new features of Lightdm, in which case, check its config file. -- William On Sun, Feb 07, 2016 at 01:59:26PM -0500, Giles Orr wrote:
Lightdm offers as one of the options at the login screen, a "Secure Remote connection" (this is on Debian jessie). If this is selected, you enter a username and password as usual, and when you click "Log in" it asks for a "host:port" combination. I haven't used this before, so I guessed that 192.168.0.105:22 (a valid machine on my network) would be appropriate. After some cogitation and a bit of screen flashing, this returns to the login prompt.
What settings do I need locally and remotely for this to work? Where should I look for errors? Any thoughts?
A bunch of points that may help: - ssh is installed on both machines, sshd is running and remote logins work both ways - the lightdm and lightdm-gtk-greeter packages are installed on both machines - the remote machine is running Ubuntu trusty - the remote user I'm trying to connect as is already running a local X session on the remote machine: I'm assuming that doesn't matter? - wireshark and the hard-to-read logs in /var/log/lightdm/ (on both ends of the connection) suggest that ssh connects properly and X starts ... and then fails, but I'm not clear on why. Nor am I totally sure I'm reading this right
- this feature appears to be totally undocumented: the interface explains nothing, there's nothing in the man page, and even Google knows nothing ... I even resorted to code diving, but "Secure Remote connection" isn't in there. It's also not anywhere in /etc/ where I would have expected to find it if it was an option configured by Debian (although it could be under /usr/ ... I haven't done a grep of that entire tree ...)
Thanks for any assistance.
-- Giles http://www.gilesorr.com/ gilesorr@gmail.com --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On Sun, Feb 07, 2016 at 01:59:26PM -0500, Giles Orr wrote:
Lightdm offers as one of the options at the login screen, a "Secure Remote connection" (this is on Debian jessie). If this is selected, you enter a username and password as usual, and when you click "Log in" it asks for a "host:port" combination. I haven't used this before, so I guessed that 192.168.0.105:22 (a valid machine on my network) would be appropriate. After some cogitation and a bit of screen flashing, this returns to the login prompt.
What settings do I need locally and remotely for this to work? Where should I look for errors? Any thoughts?
A bunch of points that may help: - ssh is installed on both machines, sshd is running and remote logins work both ways - the lightdm and lightdm-gtk-greeter packages are installed on both machines - the remote machine is running Ubuntu trusty - the remote user I'm trying to connect as is already running a local X session on the remote machine: I'm assuming that doesn't matter? - wireshark and the hard-to-read logs in /var/log/lightdm/ (on both ends of the connection) suggest that ssh connects properly and X starts ... and then fails, but I'm not clear on why. Nor am I totally sure I'm reading this right
- this feature appears to be totally undocumented: the interface explains nothing, there's nothing in the man page, and even Google knows nothing ... I even resorted to code diving, but "Secure Remote connection" isn't in there. It's also not anywhere in /etc/ where I would have expected to find it if it was an option configured by Debian (although it could be under /usr/ ... I haven't done a grep of that entire tree ...)
Thanks for any assistance.
On 7 February 2016 at 14:25, William Park <opengeometry@yahoo.ca> wrote:
1. You may need to configure the remote Lightdm to accept incoming XDMCP connection. If X -query 192.168.0.105 works, then it's accepting. Search for "XDMCP" keyword.
2. Check the firewall on port 177 and 6000-6010. No need, if #1 works. :-)
3. Now, encryption part... I don't know what "Secure Remote Connection" means. It could mean port forwarding via SSH (-X or -Y option). Or, it could mean some new features of Lightdm, in which case, check its config file.
It seems to me that if it's doing what we're both guessing it's doing - ie. using ssh to connect to the remote machine before forwarding the connection - then the firewall rules are unnecessary because all connections are local. Nevertheless, I've applied them. Still no joy. The only thing that made a difference (and only on localhost) was changing /etc/X11/Xwrapper.config from "allow_users=console" to "allow_users=anyone". This changed the output of "X -query localhost" from "you don't have permission" to: (EE) Fatal server error: (EE) Server is already active for display 0 If this server is no longer running, remove /tmp/.X0-lock and start again. (EE) (EE) Please consult the The X.Org Foundation support at http://wiki.x.org for help. (EE) A hint online suggested that since I already have X running on :0, I should use "X -query localhost:1" which gets much the same error as above, with one line changed: Fatal server error: (EE) Xserver: Name or service not known: -query localhost:1 And yet, this command: Xephyr -query localhost -screen 1024x768 -dpi 96 -terminate :1 & works exactly as expected, starting X in a box. -- Giles http://www.gilesorr.com/ gilesorr@gmail.com
On Mon, Feb 08, 2016 at 06:58:33AM -0500, Giles Orr wrote:
A hint online suggested that since I already have X running on :0, I should use "X -query localhost:1" which gets much the same error as above, with one line changed:
":1" is in the wrong place. It should be X :1 -query localhost and go to <Alt-Ctrl-F8>.
Fatal server error: (EE) Xserver: Name or service not known: -query localhost:1
And yet, this command:
Xephyr -query localhost -screen 1024x768 -dpi 96 -terminate :1 &
works exactly as expected, starting X in a box.
I upgraded my Debian-Mate VM to 8.3, and it's using Lightdm. And, I can't find any "Secure Remote" thingy on the login screen or in Lightdm configuration files. -- William
participants (2)
-
Giles Orr -
William Park