On Wednesday 17 October 2018 05:38:38 Morel Bérenger wrote: > Le Wed, 17 Oct 2018 04:40:49 -0400, > > Gene Heskett <ghesk...@shentel.net> a écrit : > > On Wednesday 17 October 2018 04:00:37 Morel Bérenger wrote: > > > Le Tue, 16 Oct 2018 17:53:37 -0400, > > > > > > Gene Heskett <ghesk...@shentel.net> a écrit : > > > > On Tuesday 16 October 2018 13:11:45 Greg Wooledge wrote: > > > > > On Tue, Oct 16, 2018 at 12:43:40PM -0400, Gene Heskett wrote: > > > > > > #1 is ssh -Y has been killed from jessie on. No excuse for > > > > > > doing it and bug filing is ignored. > > > > > > > > > > I don't know what you mean by this. I just performed the > > > > > following experiment on my stretch workstation (wooledg), in > > > > > communications with a stretch server (arc3) elsewhere on our > > > > > network. > > > > > > > > > > 1) Already logged into wooledg, I opened a new urxvt window. > > > > > > > > > > 2) In this window, I typed: ssh -Y arc3 > > > > > > > > > > 3) After authenticating to arc3 with a password, at the shell > > > > > prompt, I typed: xterm > > > > > > > > > > 4) After a moment, a new xterm window appeared on my display. > > > > > > > > Thats expected. Now enter synaptic-pkexec. It should ask you, if > > > > you are user 1000, for a passwd and given it, it will run. But > > > > after wheezy, its not possible. LinuxCNC's graphics needs are > > > > modest, and it will run, as the user. But its not root. And root > > > > is denied regardless of how you go about obtaining root > > > > permissions. > > > > > > Also, I wonder if you tried to do that through, for example > > > Xephyr? Might workaround the issue you have? > > > > Well I was just reminded that gksudo works. Now what the heck is > > Xephyr? Google says its x on x, whatever that means. I'll try to > > remember that and play with it if its available for wheezy & later. > > > > Thanks Morel Bérenger. > > The ncurses mode of aptitude says Xephyr is a X server that can be > executed inside another X server, more or less like Xnest (or xming, > for people like me that had to work on a windows station but wanted to > keep a nice wm embedded on personal hardware ;)). > > I can not really explain how this works, but in short you could > consider a remote system providing the performances stuff (hard disk > space, strong CPU, tons or RAM...) and opening the X session on local > systems. > I think it might fix your problem because basically, su-programs > (probably PAM modules, in fact) do some security related checks to > avoid passwords to be sniffed by a client on another computer: which > is what I would expect a ssh -Y gksudo do. > > If my explanation is not clear (and I'm certain of it), it's because I > don't really master that side of systems, sorry for that :)
You at least, dug deep enough to see that pam was probably the guilty party, same conclusion I reached. Unforch, removing pam also pretty much nukes the whole system. And I'm not seeing well enough to expound at length, cataract operation this morning. -- Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>