X
Xauth
用xhost命令添加授权的主机或者用户,可以让远端机器上的X客户端程序显示在本机的X server上,此外需要在远端机器上把DISPLAY变量设为本机的。理论上是这样的,实际上还有一个xauth的步骤。直接简单这样做是不行的(Ubuntu 10.10),以前似乎可以。不折腾这个了,直接ssh -X remote machine,就把这些都设置了。参见ssh(1)的X11 Forwording节:
The DISPLAY value set by ssh will point to the server machine, but with a
display number greater than zero. This is normal, and happens because
ssh creates a “proxy” X server on the server machine for forwarding the
connections over the encrypted channel.
ssh will also automatically set up Xauthority data on the server machine.
For this purpose, it will generate a random authorization cookie, store
it in Xauthority on the server, and verify that any forwarded connections
carry this cookie and replace it by the real cookie when the connection
is opened. The real authentication cookie is never sent to the server
machine (and no cookies are sent in the plain).
http://ubuntuforums.org/showpost.php?p=1406690&postcount=11里面告诉如何手动搞定xauth的方法。
GDM的远程登录
服务端的地址是192.168.1.10,客户端的地址是192.168.1.2。这里的服务端是指开了GDM的机器,而客户端执行远程登陆的机器。在服务端对GDM进行配置。在/etc/gdm/custom.conf里面加入:
[xdmcp]
Enable=false
然后在客户端用
X :1 -query 192.168.1.10
即可远程连接到GDM的登录窗口。这里的-query不是X的命令行选项,应该是所有X应用都支持的选项。另外,这个连接和GDM的DisableTCP选项无关。上面的命令执行后,其实是客户端开启的X server在x11-1(6001)端口监听,在客户端观察TCP连接如下:
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.2:x11-1 192.168.1.10:42860
ESTAB 0 0 192.168.1.2:x11-1 192.168.1.10:42856
ESTAB 0 0 192.168.1.2:x11-1 192.168.1.10:42842
ESTAB 0 0 192.168.1.2:x11-1 192.168.1.10:42835
ESTAB 0 0 192.168.1.2:x11-1 192.168.1.10:42854
ESTAB 0 0 192.168.1.2:x11-1 192.168.1.10:42850
ESTAB 0 0 192.168.1.2:x11-1 192.168.1.10:42845
ESTAB 0 0 192.168.1.2:x11-1 192.168.1.10:42861
ESTAB 0 0 192.168.1.2:x11-1 192.168.1.10:42855
ESTAB 0 0 192.168.1.2:x11-1 192.168.1.10:42831
......
上面的连接用了ss -p,但是没有输出相关的程序。而在开启GDM的服务端,ss -p的输出如下:
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.10:42849 192.168.1.2:x11-1 users:(("gnome-power-man",22773,3))
ESTAB 0 0 192.168.1.10:42851 192.168.1.2:x11-1 users:(("synce-trayicon",22815,3))
ESTAB 0 0 192.168.1.10:42855 192.168.1.2:x11-1 users:(("indicator-apple",22853,3))
ESTAB 0 0 192.168.1.10:42874 192.168.1.2:x11-1 users:(("gdu-notificatio",22962,3))
ESTAB 0 0 192.168.1.10:42841 192.168.1.2:x11-1 users:(("nautilus",22758,3))
ESTAB 0 0 192.168.1.10:42844 192.168.1.2:x11-1 users:(("polkit-gnome-au",22763,3))
ESTAB 0 0 192.168.1.10:42858 192.168.1.2:x11-1 users:(("notification-ar",22858,3))
ESTAB 0 0 192.168.1.10:42846 192.168.1.2:x11-1 users:(("evolution-alarm",22762,3))
ESTAB 2592 0 192.168.1.10:42826 192.168.1.2:x11-1 users:(("dbus-launch",22698,3))
ESTAB 0 0 192.168.1.10:42864 192.168.1.2:x11-1 users:(("gnome-screensav",22949,3))
......
是服务端的各个X应用连接到了客户端的X server。可是把客户端电脑关了,这些TCP连接都不会死。把服务端休眠了,第二天开机观察:
$ w
09:58:51 up 19:05, 6 users, load average: 0.20, 0.14, 0.34
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
tux tty8 :0 Wed19 19:05m 3:10 0.28s gnome-session --session=classic-gnome
tux pts/0 :0.0 09:58 0.00s 0.24s 0.01s w
tux 192.168.1.2:1 Wed19 18:37 9:52 0.28s gnome-session --session=classic-gnome
最后一个登录项是昨天的X远程登录。看看TCP连接:
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.10:42851 192.168.1.2:x11-1 users:(("synce-trayicon",22815,3))
ESTAB 0 0 192.168.1.10:42855 192.168.1.2:x11-1 users:(("indicator-apple",22853,3))
ESTAB 0 0 192.168.1.10:42874 192.168.1.2:x11-1 users:(("gdu-notificatio",22962,3))
ESTAB 0 0 192.168.1.10:42841 192.168.1.2:x11-1 users:(("nautilus",22758,3))
ESTAB 0 0 192.168.1.10:42844 192.168.1.2:x11-1 users:(("polkit-gnome-au",22763,3))
ESTAB 0 0 192.168.1.10:42858 192.168.1.2:x11-1 users:(("notification-ar",22858,3))
ESTAB 0 0 192.168.1.10:42846 192.168.1.2:x11-1 users:(("evolution-alarm",22762,3))
ESTAB 2688 0 192.168.1.10:42826 192.168.1.2:x11-1 users:(("dbus-launch",22698,3))
ESTAB 0 0 192.168.1.10:42864 192.168.1.2:x11-1 users:(("gnome-screensav",22949,3))
ESTAB 0 0 192.168.1.10:42878 192.168.1.2:x11-1 users:(("awn-applet",22987,3))
ESTAB 0 0 192.168.1.10:42888 192.168.1.2:x11-1 users:(("update-notifier",23073,3))
ESTAB 2592 0 192.168.1.10:42808 192.168.1.2:x11-1
ESTAB 0 0 192.168.1.10:42845 192.168.1.2:x11-1 users:(("vino-server",22764,3))
ESTAB 0 0 192.168.1.10:46341 192.168.1.2:x11-1 users:(("gnome-screensav",26856,3))
......
192.168.1.2的IP都不可达了,而这些TCP连接还处于ESTABLISHED状态,这导致客户端再进行X远程连接被拒绝。甚至停止掉GDM,这些进程都不会结束。必须挨个杀掉这些进程,或者重启电脑才能让这些TCP连接消失。这种情况确实太不干净了。不过再次试验,结束掉客户端的X服务后,TCP连接都正常消失了。