xorg on a headless, mouseless, keyboardless box

Matthew Seaman m.seaman at infracaninophile.co.uk
Sun Dec 17 02:53:38 PST 2006 

Lane wrote:

> I can, in fact, run a gui root process on the remote machine, now.
> 
> Unfortunately I still can't run qemu so that I can get the console.  I get:
> 
> X Error of failed request:  BadWindow (invalid Window parameter)
>   Major opcode of failed request:  25 (X_SendEvent)
>   Resource id in failed request:  0x3e
>   Serial number of failed request:  18
>   Current serial number in output stream:  21
> 
> 
> Any advice on how to setup the remote (headless, mouseless, and keyboardless) 
> server to run X?  My brain is fried trying to track down a HOWTO, and the 
> wiki is just a half millimeter left of useless.

The quickest and easiest method would be to run this on your desktop
*before* SSH'ing to the other machine:

    xhost +LOCAL:

That means that any user on the same machine (technically, any user
accessing your display via the local domain socket /tmp/.X11-unix/X0)
can pop up windows on your X display.  Because of the way SSH X-
forwarding works, all the processes on your remote machine appear to
the local X server as if they were running on your local desktop, so
that command will work for them too.

Obviously this has security implications on machines where you do not
trust all of the users -- for instance it would be fairly trivial for
anyone else with access to either of those machines to be able to capture
all of your keyboard input including any passwords you needed to type.
You need to be able to trust implicitly both your local desktop and the
remote server you're logging into.

You can have more fine-grained control by using xauth to copy the access
tokens for your display into the .Xauthority file in another users' home
directory:

   xauth nextract - $DISPLAY | su - otheruser -c "xauth nmerge -"

You should only need to do that one time per $DISPLAY, but if you're
doing X forwarding over SSH, you may need to do that at least once
for each desktop machine you log in from, even if you get the same
$DISPLAY setting each time.  ssh, when doing X forwarding, does pretty
much that internally to forward your credentials so commands on the
remote machine can display on the desktop in front of you.

Note: $DISPLAY is set automatically for you when you enable X forwarding
and SSH in.  You may need to quietly eliminate misguided attempts to set
$DISPLAY in the shell startup scripts of otheruser --- it should inherit
the value from your environment if you become that user by su(1) or sudo(1).

See xauth(1) for more information about what you can do with it -- quite
a lot more really.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20061217/c95622dc/signature.pgp

More information about the freebsd-questions mailing list