matt | April 29, 2008
Okay, so the conventional (old) way to connect to other machines was through X (X is network aware). This had a problem with being insecure because it was unencrypted.
The new way to connect to other machines is through VNC. VNC is not secure either, but can be tunneled through SSH. The problem is, it is slow.
Now, X is fast – very fast. See, VNC uses a remote framebuffer and pumps raster data over the wire, but X sends data over the wire which is then rastered by the local graphics hardware – excellent for remote headless servers, etc. They don't even run an X server, just client apps.
Now, given modern ssh X11 forwarding, we can have the best of both worlds – an encrypted (and optionally compressed) ssh connection keeps it safe while the display is rendered on your shiny local hardware.
There are two ways to accomplish this:
(I) Full screen login on a separate vt.
This is easy:
(1) run gdmflexiserver from a login screen, or use the “switch user” feature. (2) select the “Secure Remote Login” session (3) login as your other login (needs a local account) (4) it will ask you what host you want to connect to – do so.
- It would be nice if this could be made a “one click”.
- It doesn't exit cleanly – I have filed a bug about this.
(II) A nested X server
(1) Run the X server with a basic xterm
xinit /usr/bin/xterm -display :1 — /usr/bin/Xephyr -nolisten tcp -ac -screen 1280×1024 :1
(2) Then just ssh over to your remote machine and run whatever session you like (such as startxfce4)
- It would be nice to have xinit just exec the ssh itself, but that seems to not set the display correctly – I don't know why.
- There is no nice way to switch in and out of full screen – you either do full screen or windowed, but cannot toggle between them.
I should also mention that you can get a windowed version of (I) by running gdmflexiserver --xnest