[quote]
Mark4785 wrote:
...
Yes, i've followed that guide and set-up SSH tunnelling for the root account in addition to a standard user account named accessroot.
[color=ff0000][b]VNCSERVERS="1:root 2:accessroot"[/b][/color]
VNCSERVERARGS[1]="-geometry 640x480 -localhost"
VNCSERVERARGS[2]="-geometry 640x480 -localhost"
[/quote]
Don't try to access the GUI as root. Start the session as a normal user and [url=http://wiki.centos.org/TipsAndTricks/BecomingRoot]become root[/url] as required.
Managing server via SSH
Re: Managing server via SSH
[quote]
pschaff wrote:
Don't try to access the GUI as root. Start the session as a normal user and [url=http://wiki.centos.org/TipsAndTricks/BecomingRoot]become root[/url] as required.[/quote]
I have set-up the standard user account named 'accessroot' to auto log-in from the splash screen. Once logged in, I cannot SSH to the GUI. Even when I use the switch user command so that I am logged in has root, I am unable to access the GUI via the SSH client. ONLY when I log in has root do I get SSH access to the GUI.
I'm beginning to think that remote access to the CentOS 5 log-in screen via SSH tunnelling is not even a possibility??
I'd like to re-emphasise that I'm looking to connect to the CentOS 5 log-in screen when I am not logged into any user account. Is this not possible??
pschaff wrote:
Don't try to access the GUI as root. Start the session as a normal user and [url=http://wiki.centos.org/TipsAndTricks/BecomingRoot]become root[/url] as required.[/quote]
I have set-up the standard user account named 'accessroot' to auto log-in from the splash screen. Once logged in, I cannot SSH to the GUI. Even when I use the switch user command so that I am logged in has root, I am unable to access the GUI via the SSH client. ONLY when I log in has root do I get SSH access to the GUI.
I'm beginning to think that remote access to the CentOS 5 log-in screen via SSH tunnelling is not even a possibility??
I'd like to re-emphasise that I'm looking to connect to the CentOS 5 log-in screen when I am not logged into any user account. Is this not possible??
Re: Managing server via SSH
"auto log-in". Why? Disable that.
Your basic network info seems ok. Is the Mac in the same subnet?
You wrote: "I am using a VNC client with SSH tunneling capability". Lets try some basics before that. When no-one is logged in locally (i.e. what you call "on splash screen"), ssh into the CentOS. No tunneling, no VNC, just ssh. Not as user "root". What happens?
Once we get that working, then we can add the tunneling directive to the ssh command. If that succeeds, then run the VNC client without using its ssh-options. In small steps ...
Your basic network info seems ok. Is the Mac in the same subnet?
You wrote: "I am using a VNC client with SSH tunneling capability". Lets try some basics before that. When no-one is logged in locally (i.e. what you call "on splash screen"), ssh into the CentOS. No tunneling, no VNC, just ssh. Not as user "root". What happens?
Once we get that working, then we can add the tunneling directive to the ssh command. If that succeeds, then run the VNC client without using its ssh-options. In small steps ...
-
DouglasRyder
- Posts: 62
- Joined: 2012/08/02 13:53:01
- Location: UK
Re: Managing server via SSH
Hi Mark,
My understanding is that you are trying to make a connection from a VNC client to the GDM login screen that is running on display :0 of a Linux machine. You also want to run the connection over a ssh tunnel for security purposes. I think the short answer is that you can't do this. Here's why....
To make a connection to a desktop session running on display :0, you need to use x0vncserver (not vncserver).
Start by logging in to your Linux machine via ssh in text mode.
Run /usr/bin/vncpasswd (to create ${HOME}/.vnc/passwd)
Run /usr/bin/x0vncserver :0 PasswordFile=${HOME}/.vnc/passwd NeverShared=1
This starts x0vncserver, which will try to attach itself to the desktop session running on display :0. It only works if you run x0vncserver as the same user that owns the existing desktop session. In your case the machine will be sat at the GDM login screen, so there is no exising desktop session and x0vncserver will fail to start. My point is that x0vncserver is intended to bypass the GDM login screen because you have already been authenticated (otherwise you couldn't have started x0vncserver in the first place).
To make it work, you would need to start X windows on display :0 from the ssh command prompt, and then start x0vncserver so that it can attach to the display. You can't do this because the default X security settings will not allow you to start X on display :0 unless you are logged in to the local console. You can probaby get round this by disabling some of the X security settings, but I wouldn't recommend it.
So the next question is why do you want to do this? The normal practice would be to start a vncserver session on a different display number. You can still have a full Gnome desktop session. It just won't be visible on the local console.
Does that help?
My understanding is that you are trying to make a connection from a VNC client to the GDM login screen that is running on display :0 of a Linux machine. You also want to run the connection over a ssh tunnel for security purposes. I think the short answer is that you can't do this. Here's why....
To make a connection to a desktop session running on display :0, you need to use x0vncserver (not vncserver).
Start by logging in to your Linux machine via ssh in text mode.
Run /usr/bin/vncpasswd (to create ${HOME}/.vnc/passwd)
Run /usr/bin/x0vncserver :0 PasswordFile=${HOME}/.vnc/passwd NeverShared=1
This starts x0vncserver, which will try to attach itself to the desktop session running on display :0. It only works if you run x0vncserver as the same user that owns the existing desktop session. In your case the machine will be sat at the GDM login screen, so there is no exising desktop session and x0vncserver will fail to start. My point is that x0vncserver is intended to bypass the GDM login screen because you have already been authenticated (otherwise you couldn't have started x0vncserver in the first place).
To make it work, you would need to start X windows on display :0 from the ssh command prompt, and then start x0vncserver so that it can attach to the display. You can't do this because the default X security settings will not allow you to start X on display :0 unless you are logged in to the local console. You can probaby get round this by disabling some of the X security settings, but I wouldn't recommend it.
So the next question is why do you want to do this? The normal practice would be to start a vncserver session on a different display number. You can still have a full Gnome desktop session. It just won't be visible on the local console.
Does that help?
-
DouglasRyder
- Posts: 62
- Joined: 2012/08/02 13:53:01
- Location: UK
Re: Managing server via SSH
I made that last post too complicated. I'll try again...
You can manage the machine from a remote VNC client.
You can route the VNC connection over a ssh tunnel.
You can do this as a normal (non root user).
You can probably do it as root as well, but that's not a good idea.
You can do this regardless of whether anybody is already logged in to the local console.
You will not see the CentOS login screen when you make the connection. That's not how VNC works.
Suggest that you follow the advice from jlehtone and proceed one step at a time.
You can manage the machine from a remote VNC client.
You can route the VNC connection over a ssh tunnel.
You can do this as a normal (non root user).
You can probably do it as root as well, but that's not a good idea.
You can do this regardless of whether anybody is already logged in to the local console.
You will not see the CentOS login screen when you make the connection. That's not how VNC works.
Suggest that you follow the advice from jlehtone and proceed one step at a time.