Link to home
Start Free TrialLog in
Avatar of rtod2
rtod2Flag for United States of America

asked on

CYGWIN to CentOS GDM over ssh or ssh2

I can get the desktop environment in cygwin using xwin.exe -query ip_address .
I think that it is using raw XDMCP.  I want to lock down the servers and only use SSH or better SSH2.  I understand that "you can tunnel XDMCP 'through' SSH".  Do I have that last statement correct?

If so, how do I accomplish this?
Avatar of ai_ja_nai
ai_ja_nai
Flag of Italy image

Just connect to the remote box via ssh (with -X option, so that you can forward the X session) and every command you'll start in the xterm will be encrypted
..Unless you want to use XDMCP to get a big window on your Windows desktop with the GNOME/KDE/XFCE desktop insde. That's a whole different story, since XDMCP is a raw protocol that doesn't support any form of encryption. You can actually tunnel the connection by hand, by redirecting UDP port 177 and TCP port 6000 traffic on port 22 on the client side and setting up the "exit" on the server side.
Or you can use a secured VPN, so that you can use the raw XDMCP on a secure channel with no risks

ssh -L localport:remotesite.com:remoteport user@remotesshserver.com

Open in new window

Avatar of rtod2

ASKER

I'm not understanding.  I may need baby steps here.  I really appreciate the example.  Can I tunnel XDMCP through SSH to the login screen (pre-login) without having an account on the system?

I'm so close I can taste it :)
Avatar of Kerem ERSOY
Kerem ERSOY

Since you talk of CygWin it seems taht you're a regular running Windows Xp / Vista etc...

If you've not done already you'll need ssh for Cygin. To get it
- Run Cygwin Setup
- Browse the available programs list
- Select SSH andwait for it to setup SSH.
- Once the setup is over to access your remote X servers:
- Start your Cygwin
- Start a terminal session through Cygwin.
- Type "ssh -X username@server"
- It will ask password.
- Once you've login to you account.
- Type
   gnome-session & 
for gnome
   kdestart & 
for KDE to appear on your screen.

Good Luck,
K.
SSH is located in this menu through Cygwin Setup:
Net > openssh
         openssl
Avatar of rtod2

ASKER

When you run the setup for xcygwin, the second path it asks for is "where to place the files you are downloading".  I chose a path for that and then copied the folder to a thumb drive.  To run xcygwin, I opened the folder now on the thumb drive, modified the existing cygwin.bat file to include the correct paths, and ran the cmd: xwin.exe -query ip_address from within it.

If I understand you correctly, you are saying that the setup did not copy the required ssh stuff to the folder, correct?

In the Windows world, setup implies registry settings and pre-existing file modifications.  I assume that in this scenario, the setup.exe program simply extracts the files to a folder, correct?
> If I understand you correctly, you are saying that the setup did not copy the required ssh stuff to the
> folder, correct?

Exactly openssh and openssl are not installed by default so yu need to pick them explicitly to get them installed.

- Once you've got them installed all you'd do is to start XWin either form the Install folder or starting CygWiin and calling xinit.
- Once your X session is opened place the mouse over the console area so that you will be able to type in it.
- execute
ssh -X  root@remote_system_name_or_ip
- enter your password and you're not in the remote system.
- execute
gnome-session &
 at command prompt and now your session must be displayed on your CygWin screen.

I'm writing this message over a CygWin session just as I described above.


> If I understand you correctly, you are saying that the setup did not copy the required ssh stuff to the
> folder, correct?

Exactly openssh and openssl are not installed by default so yu need to pick them explicitly to get them installed.

- Once you've got them installed all you'd do is to start XWin either form the Install folder or starting CygWiin and calling xinit.
- Once your X session is opened place the mouse over the console area so that you will be able to type in it.
- execute
ssh -X  root@remote_system_name_or_ip
- enter your password and you're not in the remote system.
- execute
gnome-session &
 at command prompt and now your session must be displayed on your CygWin screen.

I'm writing this message over a CygWin session just as I described above.


Avatar of rtod2

ASKER

Kereme,
Thank you very much for the information about how to start both KDE and GDM dashboards from the cmd window, via SSH.  This was definitely in my list of things to figure out.  I also understand that cygwin will run 'rootless' where separate x11 GUI's can appear outside of the windows framework, and directly on your windows desktop.  This is fascinating!

The ability to start KDE and GDM without being dumped into them from the login GUI is something I did not know was possible.  This is fantastic information!

The purpose of the above question was in reference to a project I am working where I am to demo something called OpenVZ.  Some folks may be used to seeing the login GUI as well though.  I'm looking to see that as well, over ssh.
Avatar of rtod2

ASKER

Kereme,
Thank you very much for the information about how to start both KDE and GDM dashboards from the cmd window, via SSH.  This was definitely in my list of things to figure out.  I also understand that cygwin will run 'rootless' where separate x11 GUI's can appear outside of the windows framework, and directly on your windows desktop.  This is fascinating!

The ability to start KDE and GDM without being dumped into them from the login GUI is something I did not know was possible.  This is fantastic information!

The purpose of the above question was in reference to a project I am working where I am to demo something called OpenVZ.  Some folks may be used to seeing the login GUI as well though.  I'm looking to see that as well, over ssh.
Avatar of rtod2

ASKER

Kereme, I must admit that I am a little unclear on your last post.  Thank you very much for taking the time to explain it to me.
ASKER CERTIFIED SOLUTION
Avatar of Kerem ERSOY
Kerem ERSOY

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of rtod2

ASKER

ai_ja_nai ,
Can you add to this.  I'm still a little unclear on your information?
Tell me what confuses you
@rtod2:
> ai_ja_nai ,
> Can you add to this.  I'm still a little unclear on your information?

ai_ja_nai's suggestion of redirecing port UDP:177 over the SSH is useless. Since SSH only allows the redirection of TCP ports. Not the UDP ports.

if you use ssh -X switch it will automatically redirect TCP:6000 to your local machine.

But if you want to get the login prompt from your local machine you'll need to use XDM / GDM to your local machine which will use a random port each time you want to connect so it is not possible to automate it through SSH.

Also you told every process is running on its own window instead of systems own desktop. This happens when you start Cygwin from the  Cygwin-X > X-Win Server.

If you start it as:
Cygwin > Cygwin bash Shell
then you type
xinit
from the command console you get and do SSH over the console provided you get your remote session in its own desktop instead of independent windows.

As I told earlier this wont help you to get a klogin prompt on your local X on your local Cygwin. You can only have it when you run xdm / Gdm. I've already given you the instructions to enable them in the message {ID: 24386179} in this tread.

Cheers,
K.
Here's an excerpt from "Linux XCMP HOWTO":

Using XDMCP is inherently insecure, therefore, most of the distributions shipped as it's XDMCP default turned off. If you must use XDMCP, be sure to use it only in a trusted networks, such as corporate network within a firewall. Unfortunately, XDMCP uses UDP port 177 and TCP port 6000; therefore, it is not natively able to use it with SSH. Currently, SSH1 and SSH2 are not implemented to securely forward the UDP communication.

check the whole document here it als oincludes a reference to the document I've sent you:

http://www.faqs.org/docs/Linux-HOWTO/XDMCP-HOWTO.html
Avatar of rtod2

ASKER

KeremeE  I'm still a little lost.  Perhaps I could call you via skype or something?
its ok :) But I don't know if its allowed to send my skype over here :)
Avatar of rtod2

ASKER

So to have everything recommended in the cygwin manual, and additionally to test your suggestions, I need the following:

x11
X-start-menu-items (xinit will be selected automatically)
xorg-docs
xorg-server


I also need inetutils, openssh, openssl  but am having trouble navigating to those.



SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of rtod2

ASKER

oh geez!
Avatar of rtod2

ASKER

X-11 packages - selecting the packages below should auto-select, xauth, xinit, xorg-server, xterm, and others

X-start-menu-icons
twm
xclipboard
xorg-docs

Net packages  selecting the packages below should auto-select openssl and others

inetutils
openssh
openssl097

What is the procedure for bringing up a 'rootless' window?
..rootless..?
I guess you mean running in multiwindow mode instead of single screen. This is similar to that when you  launch cygwin-x from the Windows menu. It is simle:

You launch windows with a command like:
xinit
startx
XWin
X

When you launching the X, if you the switch -multiwindow then it will run in multi window mode each application will be run in a window over the host OS. This mode is especially good and faster if you are connecting via WAN as it would not require the redrawing of the window manager items.

An1ther useful switch is -clipboard it means that Cygwin will share its clipboard with windows so you'll be able to cut and paste.

Cheers,
K.
Hi rtod2 please post here if you have other questions. I'm also updated my info so that I have my msn messenger addy in my info : )
Avatar of rtod2

ASKER

New question posted here https://www.experts-exchange.com/questions/24418971/portable-xcygwin.html  prior to your request.  Is that an OK spot?  I very much appreciate your assistance.
Avatar of rtod2

ASKER

Kereme  I have no way of accessing your MSN from here.  Please find my information in my profile as well.  I'd very much like to get in touch via email.