[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Micro-report: using Stable without systemd

On Wed 17 Oct 2018 at 08:32:30 (+0100), mick crane wrote:
> On 2018-10-17 05:33, David Wright wrote:
> > On Wed 17 Oct 2018 at 04:35:36 (+0100), mick crane wrote:
> > > On 2018-10-16 22:53, Gene Heskett wrote:
> > > > On Tuesday 16 October 2018 13:11:45 Greg Wooledge wrote:
> > > >
> > > > > On Tue, Oct 16, 2018 at 12:43:40PM -0400, Gene Heskett wrote:
> > > > > > #1 is ssh -Y has been killed from jessie on. No excuse for doing it
> > > > > > and bug filing is ignored.
> > > > >
> > > > > I don't know what you mean by this.  I just performed the following
> > > > > experiment on my stretch workstation (wooledg), in communications with
> > > > > a stretch server (arc3) elsewhere on our network.
> > > > >
> > > > > 1) Already logged into wooledg, I opened a new urxvt window.
> > > > >
> > > > > 2) In this window, I typed: ssh -Y arc3
> > > > >
> > > > > 3) After authenticating to arc3 with a password, at the shell prompt,
> > > > > I typed: xterm
> > > > >
> > > > > 4) After a moment, a new xterm window appeared on my display.
> > > >
> > > > Thats expected. Now enter synaptic-pkexec. It should ask you, if
> > > > you are
> > > > user 1000, for a passwd and given it, it will run. But after
> > > > wheezy, its
> > > > not possible. LinuxCNC's graphics needs are modest, and it will run, as
> > > > the user. But its not root.
> > > 
> > > seems correct you can't use X over ssh as root.
> > > I don't know why but always seemed wrong running X as root.
> > 
> > To be fair, I don't think Gene is trying to run X as root (which would
> > an X *server*), but just a client. Yes, I agree that running X as root
> > would be horrible, but I have no difficulty in running an X client as
> > root, either on the same machine or having logged in as root (by key)
> > to another machine. But I would be very choosy about which clients I'd
> > be prepared to run.
> 
> meant clients. I'm a bit uncertain how exporting X works.
> Had it working with keys as user and left it alone.
> Assume ssh on remote sends X requests to machine you are sat at.
> Changed a bit sshd_config on remote to check this but guess that might
> be sshd_config on sat at machine and ssh_config on remote ( or both, I
> dunno ).
> will have a fiddle but assume it's not meant to work.

As Greg wrote above, I'd sit at the machine (A) running the X server
and open an xterm. I'd then obtain root (I use su). Now I'd ssh -X
into root on the other machine (B) by means of keys. IIRC at this
point A would write a /root/.Xauthority file on B if required. Now I'd
type, say, xeyes on B (in the xterm) and expect to see the eyes pop up
on the Xserver screen at A.

Using sudo at any stage might complicate this, and a client could also
decide whether to run or not depending on certain security criteria.
I can't help with that as I'm not familiar with Gene's client, and
also I use sudo only to perform various "potted" tasks like shutdown
(and then only on the same machine as the user).

Cheers,
David.
Reply to: