I've installed vino and tried to turn on the 'remote desktop' from the preferences, with a password. However, when I try to connect vncviewer to my box ("192.168.1.129:0") I get a connection refused. What am I missing?
On Mon, 2004-10-18 at 08:42 -0400, Aaron Gaudio wrote:
I've installed vino and tried to turn on the 'remote desktop' from the preferences, with a password. However, when I try to connect vncviewer to my box ("192.168.1.129:0") I get a connection refused. What am I missing?
Could it be a firewall issue? I'm not sure if turning it on ties in with iptables (it should really).
From rom a command line type iptables -La will tell you what rules you have running.
On Mon, 2004-10-18 at 14:06 +0100, Douglas Furlong wrote:
On Mon, 2004-10-18 at 08:42 -0400, Aaron Gaudio wrote:
I've installed vino and tried to turn on the 'remote desktop' from the preferences, with a password. However, when I try to connect vncviewer to my box ("192.168.1.129:0") I get a connection refused. What am I missing?
Could it be a firewall issue? I'm not sure if turning it on ties in with iptables (it should really).
From rom a command line type iptables -La will tell you what rules you have running.
In response to a number of such inquiries, no, I am not using iptables. No ports on my box are blocked by any firewall software.
On Mon, 18 Oct 2004 14:06:33 +0100, Douglas Furlong douglas.furlong@firebox.com wrote:
Could it be a firewall issue? I'm not sure if turning it on ties in with iptables (it should really).
No... no it shouldnt. Just like starting up something like a p2p client shouldnt automatically punch a hole. No way should any end-user application like vino have rights to punch a hole in the firewall without sysadmin authorization. No way, no how. Even on a single user system...no way. Opening up the firewall should be a delibrate act and not something that is automated behind the scenes. If you want to argue that system-config-securitylevel needs should have a pre-defined entry for vino, that i can get behind.
-jef
On Tue, 2004-10-19 at 00:30 -0400, Jeff Spaleta wrote:
On Mon, 18 Oct 2004 14:06:33 +0100, Douglas Furlong
<snip>
If you want to argue that system-config-securitylevel needs should have a pre-defined entry for vino, that i can get behind.
And a nice link from the vino config section to the system-config- sercuritylevel.
Sounds like a better idea to me.
On Tue, 2004-10-19 at 00:30 -0400, Jeff Spaleta wrote:
No... no it shouldnt. Just like starting up something like a p2p client shouldnt automatically punch a hole. No way should any end-user application like vino have rights to punch a hole in the firewall without sysadmin authorization. No way, no how. Even on a single user system...no way. Opening up the firewall should be a delibrate act and not something that is automated behind the scenes. If you want to argue that system-config-securitylevel needs should have a pre-defined entry for vino, that i can get behind.
I agree entirely with you. Punching holes in the firewall is something that no application should ever do.
May I ask then, why I was recently told that ntpd does it? Or is my information mistaken?
Cheers,
tir, 19.10.2004 kl. 07.09 skrev Douglas Furlong:
On Tue, 2004-10-19 at 00:30 -0400, Jeff Spaleta wrote:
On Mon, 18 Oct 2004 14:06:33 +0100, Douglas Furlong
<snip>
If you want to argue that system-config-securitylevel needs should have a pre-defined entry for vino, that i can get behind.
And a nice link from the vino config section to the system-config- sercuritylevel.
Sounds like a better idea to me.
Yes, that sounds like a good idea. Probably gdmsetup and redhat-config-printer should do this as well.
On Tue, Oct 19, 2004 at 07:34:49PM +0200, Kyrre Ness Sjobak wrote:
Yes, that sounds like a good idea. Probably gdmsetup and redhat-config-printer should do this as well.
For system-config-printer there is a bug report open for this -- but I'm still waiting for a framework to use.
Tim. */
On Tue, 2004-10-19 at 22:46 +0100, Tim Waugh wrote:
On Tue, Oct 19, 2004 at 07:34:49PM +0200, Kyrre Ness Sjobak wrote:
Yes, that sounds like a good idea. Probably gdmsetup and redhat-config-printer should do this as well.
For system-config-printer there is a bug report open for this -- but I'm still waiting for a framework to use.
Yes the trusted ports selection needs some love. It's v. high on my list for FC4 (and perhaps an FC3 update).
Paul
On Tue, 2004-10-19 at 19:34 +0200, Kyrre Ness Sjobak wrote:
tir, 19.10.2004 kl. 07.09 skrev Douglas Furlong:
On Tue, 2004-10-19 at 00:30 -0400, Jeff Spaleta wrote:
On Mon, 18 Oct 2004 14:06:33 +0100, Douglas Furlong
<snip>
If you want to argue that system-config-securitylevel needs should have a pre-defined entry for vino, that i can get behind.
And a nice link from the vino config section to the system-config- sercuritylevel.
Sounds like a better idea to me.
Yes, that sounds like a good idea. Probably gdmsetup and redhat-config-printer should do this as well.
What is wrong with a user level configuration tool, like redhat-config- printer, gdmsetup, or any number of other things, having a link to the system-config-securitylelevel which requires root privileges?
I accepted the "error" in my original statement, but I don't see what the problem is with having the above linking together so that the user see's where he is meant to go to get the system up and running.
On Wed, 2004-10-20 at 09:13 +0100, Douglas Furlong wrote:
On Tue, 2004-10-19 at 19:34 +0200, Kyrre Ness Sjobak wrote:
tir, 19.10.2004 kl. 07.09 skrev Douglas Furlong:
On Tue, 2004-10-19 at 00:30 -0400, Jeff Spaleta wrote:
On Mon, 18 Oct 2004 14:06:33 +0100, Douglas Furlong
<snip>
And a nice link from the vino config section to the system-config- sercuritylevel.
What is wrong with a user level configuration tool, like redhat-config- printer, gdmsetup, or any number of other things, having a link to the system-config-securitylelevel which requires root privileges?
I accepted the "error" in my original statement, but I don't see what the problem is with having the above linking together so that the user see's where he is meant to go to get the system up and running.
Currently we're not powerful enough in for custom ports. So that a user requires specific application knowledge to allow - 5900 say rather than selecting by service.
I'm hoping to fix this after fc3 is out the door. I'd say wait until we have a easier to understand ui for this.
Paul
On Wed, 2004-10-20 at 09:17 +0100, Paul Nasrat wrote:
On Wed, 2004-10-20 at 09:13 +0100, Douglas Furlong wrote:
On Tue, 2004-10-19 at 19:34 +0200, Kyrre Ness Sjobak wrote:
tir, 19.10.2004 kl. 07.09 skrev Douglas Furlong:
On Tue, 2004-10-19 at 00:30 -0400, Jeff Spaleta wrote:
On Mon, 18 Oct 2004 14:06:33 +0100, Douglas Furlong
<snip>
And a nice link from the vino config section to the system-config- sercuritylevel.
What is wrong with a user level configuration tool, like redhat-config- printer, gdmsetup, or any number of other things, having a link to the system-config-securitylelevel which requires root privileges?
I accepted the "error" in my original statement, but I don't see what the problem is with having the above linking together so that the user see's where he is meant to go to get the system up and running.
Currently we're not powerful enough in for custom ports. So that a user requires specific application knowledge to allow - 5900 say rather than selecting by service.
I'm hoping to fix this after fc3 is out the door. I'd say wait until we have a easier to understand ui for this.
I guess for the really long run for such "user run servers" we would want to have something where an app could have a list of allowed ports, e.g. 5800-5999/tcp for a vnc server (maybe a list of allowed users as well), and if this app would open a port in the allowed range for listening, the firewall would open it up as well, and when the app closes down the port or would otherwise finish, the firewall would close down the port, too. I could imagine a user space daemon that would do the opening up/closing down but how it would get notified about a state change would need some discussion ;-).
Nils
On Wed, 20 Oct 2004 09:13:00 +0100, Douglas Furlong douglas.furlong@firebox.com wrote:
What is wrong with a user level configuration tool, like redhat-config- printer, gdmsetup, or any number of other things, having a link to the system-config-securitylelevel which requires root privileges?
You are still thinking single user system where the user is also the sysadmin. You have to think of a solution that makes sense in a multiuser environment, and in a multiuser environment having users see the s-c-* password dialogs come up everytime a normal user tries to start up a service that needs an open port isn't necessarily a great idea. For my home system your suggestion would work for me. But on my system at work, that sort of thing isn't so great. You could make it a bit better and add a way to configure the operating system to NOT show the s-c-* password dialogs in the multiuser case but I'm not sure I like this complexity.
For any config gui that already needs administrator privledges to do its job, this idea to link to s-c-securitylevel is fine. But for vino, the subject of this thread, and which is an end-user controlled service and end-user configuration gui to setup, having any sort of link to a root password protected tool I think is not appropriate. For vino and end-user services like it, I'd much rather find a clever way for the service to try to determine if the firewall is allowing port access or not on the port that is needed, and if not to prompt the user with a message dialog to contact the system administrator concerning the firewall configuration.
I do not want normal users on a multiuser system to ever be prompted for the root password if I can help it.
-jef
On Wed, 2004-10-20 at 11:56 +0200, Nils Philippsen wrote: [ snip unrelated discussion ]
I'm still not able to connect to any vino session. Though I have enabled it via the Preferences (and have since logged out and back in), I still don't see any indication that a vncserver is available. I don't see vino-server in a ps listing... should I? What could be keeping me from getting this up and running?
On Wed, 2004-10-20 at 14:50 -0400, Aaron Gaudio wrote:
On Wed, 2004-10-20 at 11:56 +0200, Nils Philippsen wrote: [ snip unrelated discussion ]
I'm still not able to connect to any vino session. Though I have enabled it via the Preferences (and have since logged out and back in), I still don't see any indication that a vncserver is available. I don't see vino-server in a ps listing... should I? What could be keeping me from getting this up and running?
After further trials, running /usr/libexec/vino-server manually does start up vino and let me connect a vncviewer to it. However, I'm assuming the user is not supposed to have to run this manually (especially considering the existence of /usr/lib/bonobo/servers/GNOME_RemoteDesktop.server). Does anyone know what is supposed to activate the server? How are others running vino?
On Wed, 20 Oct 2004 23:44:52 -0400, Aaron Gaudio
After further trials, running /usr/libexec/vino-server manually does start up vino and let me connect a vncviewer to it. However, I'm assuming the user is not supposed to have to run this manually (especially considering the existence of /usr/lib/bonobo/servers/GNOME_RemoteDesktop.server). Does anyone know what is supposed to activate the server? How are others running vino?
vino is working for me almost as i expect it. The configuration tool doesn't catch the fact that i have multiple X servers running locally and always wants to tell me localhost:0 is the display to connect to with the client, even though its not... i need to file that.
I can start a gnome desktop start vino and then run a vncviewer from the same gnome desktop...and and enjoy staring into infinity. It helps to be on drugs when you do this for best effect.
I can start a gnome desktop start a second gnome desktop on the same server using gdmflexiserver start vino on the second gnome desktop jump back to the first desktop and use vncviewer there and get a very inefficient way of simulating gdmflexiserver -n
I can start a gnome desktop start vino and then on the other machine on the lan I can connect via vncviewer as long as my firewall is open enough to allow it.
I can't reproduce the problems you are having. -jef
On Wed, 2004-10-20 at 23:59 -0400, Jeff Spaleta wrote:
I can start a gnome desktop start vino and then run a vncviewer from the same gnome desktop...and and enjoy staring into infinity. It helps to be on drugs when you do this for best effect.
I guess what I'm asking is: what are you doing to "start vino"? My expectation is that if I check "Allow other users to view your desktop" under the Remote Desktop Preferences, vino will automatically get started...
On Thu, 21 Oct 2004 01:45:06 -0400, Aaron Gaudio > I guess what I'm asking is: what are you doing to "start vino"?
My expectation is that if I check "Allow other users to view your desktop" under the Remote Desktop Preferences, vino will automatically get started...
and that is exactly what im doing.
-jef
Hi,
On Thu, 2004-10-21 at 04:44, Aaron Gaudio wrote:
On Wed, 2004-10-20 at 14:50 -0400, Aaron Gaudio wrote:
On Wed, 2004-10-20 at 11:56 +0200, Nils Philippsen wrote: [ snip unrelated discussion ]
I'm still not able to connect to any vino session. Though I have enabled it via the Preferences (and have since logged out and back in), I still don't see any indication that a vncserver is available. I don't see vino-server in a ps listing... should I? What could be keeping me from getting this up and running?
After further trials, running /usr/libexec/vino-server manually does start up vino and let me connect a vncviewer to it. However, I'm assuming the user is not supposed to have to run this manually (especially considering the existence of /usr/lib/bonobo/servers/GNOME_RemoteDesktop.server). Does anyone know what is supposed to activate the server? How are others running vino?
gnome-session is what activates vino-server depending on whether you've enabled it from the preferences dialog.
Are you running GNOME?
Cheers, Mark.
On Thu, 2004-10-28 at 17:09 +0100, Mark McLoughlin wrote:
After further trials, running /usr/libexec/vino-server manually does start up vino and let me connect a vncviewer to it. However, I'm assuming the user is not supposed to have to run this manually (especially considering the existence of /usr/lib/bonobo/servers/GNOME_RemoteDesktop.server). Does anyone know what is supposed to activate the server? How are others running vino?
gnome-session is what activates vino-server depending on whether you've enabled it from the preferences dialog.
Are you running GNOME?
Sorry, my system's been down for a week due to moving.
Yes, I am running GNOME, and I have enabled the option the "Remote Desktop" caplet.