[Tfug] headless systems

Bexley Hall bexley401 at yahoo.com
Mon Jun 25 12:10:43 MST 2007 

--- christopher floess <skeptikos at gmail.com> wrote:

> On 6/22/07, Bexley Hall <bexley401 at yahoo.com> wrote:
> >
> > --- Andrew Ayre <andy at britishideas.com> wrote:
> >
> > > We use ssh on all our servers, whether they are
> in
> > > the same room or in a
> > > different country. Never had any problems with
> it.
> > > Works fine with Suse,
> > > Gentoo, Debian, Ubuntu... We no longer use
> telnet or
> > > ftp. I guess there
> > > is no advantage to using ssh on a LAN, but for
> us
> >
> > Unless you *know* your LAN is physically secure
> > and *trust* everyone in your organization (i.e.
> they
> > all have root's password), then you still have a
> need
> > to run ssh on a LAN
> 
> Well, since I'm only building the network for my own
> personal
> interests I'm pretty confident it will be safe.

<grin>  "Famous Last Words"...  :-(
 
> > Why not just run a X session on it?  xdm(1) is
> > your friend...
> 
> See, that's interesting. Like I said, I'm not really
> familiar how
> people accomplish this. It's clear that there are
> many ways.
> I just want the one that's fool proof, a complete
> solution, and
> easy. Oh wait, that takes the fun out of it.
> 
> So you're saying I start an X session who's clients
> are on the
> other pc's? I'm sorry I haven't read the man page
> yet, but I
> don't know that this would even be covered in them.
> Are the
> X sessions mutually exlcusive? Meaning that while
> the
> session is being served apps from one computer, it
> can't
> be served apps from itself or some other computer. I
> was
> under the impression that the X server/client model
> was
> developed under the thinking that the computers
> connected
> to a server don't always have the computing power as
> the
> server, so the idea is to get the server (not x
> server) to
> carry the load of the apps (clients). If this
> understanding is
> right, can x clients on multiple servers be
> displayed under
> one x session. Am I even making sense here?
> Hopefully. Let
> me know if you need me to elaborate ~ Chris

My setup:

1). There is absolutely *no* outside access to my
    network -- either wired or wireless.  Unless
    you're *in* my house with a pair of wire cutters,
    you don't see my network traffic (I assume my
    activities are boring enough that TEMPEST isn't
    an issue  :>  YMMV -- in which case, I probably
    DON'T want to talk to you!!  :>)
2). All of my boxes (except the WindBlows box) run
    headless.  No, that's a lie, but "pretend" it
    isn't.  I have one box that runs 24/7/365 and
    provides key services to the network.  These
    include things like TFTP, BOOTP, NFSd, NTP, DNS,
    xfs, etc.  There are a bunch of other "useful"
    services running on that box but the ones of
    interest here are the ones necessary to running
    the network itself.
3). Every box runs xdm(1) -- there are other variants
    that may be better suited to a more modern 
    environment (I have a bunch of legacy equipment
    to support).
4). I use X terminals to "login" to whichever machine
    I want to use at the moment.  The X terminal
    displays a menu of "available machines" that
    I can log into.  This list varies depending on
    what machines I happen to have up at the time.
    (e.g., I rarely keep my FTP server up since it
    isn't needed often and why burn power needlessly?)
5). Once logged into a machine, I can telnet or ssh
    to any other machine as needed.  E.g., if I have
    to export a particular file hierarchy on machine
    A so that I can access it from machine B.  If I
    need to access several machines via telnet/ssh,
    I just open several xterm's and set up a session
    in each (recall xterm is a terminal emulation;
    not to be confused with an X terminal!)
6). I can run any of the X clients (e.g., xterm) on
    that machine onto which I am logged (awkward
    sentence).  They look at my $DISPLAY variable and
    know where to contact the X terminal to put
    things on the screen.
7). In a pinch, I'll "xhost +" to turn off the
    authentication mechanisms so I can start clients
    on *other* machines and let them use my $DISPLAY
    at the same time.
8). When I am done, I just log off.  If I need to
    shut down a machine, I open a telnet session
    to that machine prior to shutting down the X
    terminal (the x terminal can run telnet sessions
    without the need for any other hosts) and do a
    "shutdown -p now"

Note that, in a pinch, I also have an X server that
runs on the Windows PC so I can use it as an X
terminal, as well (but rarely do)

X is full of security risks, though, so not to be
used unless you are aware of all this.

<shrug>  There are obviously other ways of doing this.
This works well for me.  I need to be able to have
machines in different rooms (to get away from fan
noise) and yet access them all from the comfort of
my office, etc.

HTH,
--don


       
____________________________________________________________________________________
Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more. 
http://mobile.yahoo.com/go?refer=1GNXIC

More information about the tfug mailing list