On Wed 17 Oct 2018 at 08:32:30 (+0100), mick crane wrote: > On 2018-10-17 05:33, David Wright wrote: > > On Wed 17 Oct 2018 at 04:35:36 (+0100), mick crane wrote: > > > On 2018-10-16 22:53, Gene Heskett wrote: > > > > On Tuesday 16 October 2018 13:11:45 Greg Wooledge wrote: > > > > > > > > > On Tue, Oct 16, 2018 at 12:43:40PM -0400, Gene Heskett wrote: > > > > > > #1 is ssh -Y has been killed from jessie on. No excuse for doing it > > > > > > and bug filing is ignored. > > > > > > > > > > I don't know what you mean by this. I just performed the following > > > > > experiment on my stretch workstation (wooledg), in communications with > > > > > a stretch server (arc3) elsewhere on our network. > > > > > > > > > > 1) Already logged into wooledg, I opened a new urxvt window. > > > > > > > > > > 2) In this window, I typed: ssh -Y arc3 > > > > > > > > > > 3) After authenticating to arc3 with a password, at the shell prompt, > > > > > I typed: xterm > > > > > > > > > > 4) After a moment, a new xterm window appeared on my display. > > > > > > > > Thats expected. Now enter synaptic-pkexec. It should ask you, if > > > > you are > > > > user 1000, for a passwd and given it, it will run. But after > > > > wheezy, its > > > > not possible. LinuxCNC's graphics needs are modest, and it will run, as > > > > the user. But its not root. > > > > > > seems correct you can't use X over ssh as root. > > > I don't know why but always seemed wrong running X as root. > > > > To be fair, I don't think Gene is trying to run X as root (which would > > an X *server*), but just a client. Yes, I agree that running X as root > > would be horrible, but I have no difficulty in running an X client as > > root, either on the same machine or having logged in as root (by key) > > to another machine. But I would be very choosy about which clients I'd > > be prepared to run. > > meant clients. I'm a bit uncertain how exporting X works. > Had it working with keys as user and left it alone. > Assume ssh on remote sends X requests to machine you are sat at. > Changed a bit sshd_config on remote to check this but guess that might > be sshd_config on sat at machine and ssh_config on remote ( or both, I > dunno ). > will have a fiddle but assume it's not meant to work.
As Greg wrote above, I'd sit at the machine (A) running the X server and open an xterm. I'd then obtain root (I use su). Now I'd ssh -X into root on the other machine (B) by means of keys. IIRC at this point A would write a /root/.Xauthority file on B if required. Now I'd type, say, xeyes on B (in the xterm) and expect to see the eyes pop up on the Xserver screen at A. Using sudo at any stage might complicate this, and a client could also decide whether to run or not depending on certain security criteria. I can't help with that as I'm not familiar with Gene's client, and also I use sudo only to perform various "potted" tasks like shutdown (and then only on the same machine as the user). Cheers, David.
