Shell WTF
-
SSH supports password authentication.
Ok; so I boot up a new Linux VM on AWS, and I log into it using X11-over-SSH... how? What application do I even need? I've never heard of one, and I work with computers quite a bit.
You're claiming this is possible, but given that AWS doesn't actually do it (while they do for Windows), I'm guessing you're just full of shit.
-
You're claiming this is possible, but given that AWS doesn't actually do it (while they do for Windows), I'm guessing you're just full of shit.
Because AWS is the only company in the world to use Linux, right?
Or maybe it's because AWS chose to use key-based auth instead of password-based auth, right?
Or maybe, just maybe, you have no fucking clue what you're on about. Which is right
-
Because AWS is the only company in the world to use Linux, right?
Ok; show me ONE provider of Linux VMs that sets them up in the way Ben L recommends.
And I still wanna know what app you'd even use to connect to a server set up that way, since I've never heard of one. I'm guessing you can't, or you only can from another identical Linux distro or something idiotic like that.
-
what app you'd even use
If I'm following correctly, PuTTY: https://wiki.utdallas.edu/wiki/display/FAQ/X11+Forwarding+using+Xming+and+PuTTY
-
Ok; show me ONE provider of Linux VMs that sets them up in the way Ben L recommends.
I can't answer that; the only Linux VM provider I have experience with is AWS.
@blakeyrat said:And I still wanna know what app you'd even use to connect to a server set up that way, since I've never heard of one. I'm guessing you can't, or you only can from another identical Linux distro or something idiotic like that.
PuTTY; you'll be prompted for the password during the login process.
-
Ok; show me ONE provider of Linux VMs that sets them up in the way Ben L recommends.
Can you see how this is a different thing than what you were asking about before?
-
PuTTY; you'll be prompted for the password during the login process.
If I'm following correctly, PuTTY: https://wiki.utdallas.edu/wiki/display/FAQ/X11+Forwarding+using+Xming+and+PuTTY
Yes, there's xming, also nxmachine (and some other clones). I have no clue if they install that stuff by default. If you have a "full service" sort of provider, I imagine you could pay them to do that for you ahead of time.
-
My understanding is that you need Xming on your local machine, not on the VM. I used that process to connect run Arduino IDE on my Raspberry Pi from my local laptop, since it's a GUI IDE.
-
My understanding is that you need Xming on your local machine, not on the VM.
Yes, nxmachine requires extra stuff installed, but is good for more remote / skinny pipe situations. Of course, that all assumes that you have X installed at all on the server in question.
I used that process to connect run Arduino IDE on my Raspberry Pi from my local laptop, since it's a GUI IDE.
Yeah, locally, something like nxmachine isn't really required. But if you're going over the internet or something that isn't in the same building, you're going to want something like that. Nxmachine does some caching and stuff that can dramatically improve performance in those situations. INB4 BUT RDP IS BETTAR!
I've also used cygwin's X in the past.
-
Because AWS is the only company in the world to use Linux, right?
I heard a rumour that AWS Lunix is, in point of fact, an awful and dreadful Lunix...
-
-
-
I heard a rumour that AWS Lunix is, in point of fact, an awful and dreadful Lunix...
And that's why I moved all my bots to Ibinti Lunix, which AWS also provide ;)
-
Never used it.
I've played with the demo a few times. It certainly seemed to be able to set up remote desktop sessions between random Windows and Linux computers, without needing much in the way of setup...
-
I heard a rumour that AWS Lunix is, in point of fact, an awful and dreadful Lunix...
That will be because Amazon hosts it all on Linux hardware.
-
X11-over-SSH
Depends on your latency, your bandwidth, and your app. By the time I can't avoid going graphical, it's a nogo. And you need 2 local apps: SSH client and X server. Windows contains neither by default. Practically all linux distros contain an SSH client, and all graphical ones contain an X server.
-
I believe, given the design of SSH, it's literally impossible. (Since you have to do that key exchange bullshit before you can connect.)
Bzzt! Wrong! SSH supports usernames and passwords just fine TYVM!
Ok; so I boot up a new Linux VM on AWS, and I log into it using X11-over-SSH... how? What application do I even need? I've never heard of one, and I work with computers quite a bit.
You're claiming this is possible, but given that AWS doesn't actually do it (while they do for Windows), I'm guessing you're just full of shit.
Sounds like AWS is just not doing it because they decided not to. The application you need is your nearest, handy-dandy SSH client, btw:ssh -Xis the correct option for OpenSSH, while PuTTY has a checkbox for it under Connection->SSH->X11, although you need a Windows X11 server such as Xming on your Windows box to use it. (GUIed Linux boxes come with a SSH client and an X11 server, though the box you're connecting to does not need to have an X server running on it)
-
If I'm following correctly, PuTTY: https://wiki.utdallas.edu/wiki/display/FAQ/X11+Forwarding+using+Xming+and+PuTTY
Wow, that sounds like a really shitty process.
Can you see how this is a different thing than what you were asking about before?
I'm making the assumption that it if can be done, there's be a provider of Linux VM's who's doing it. If only to compete with Windows.
-
@boomzilla said:
Can you see how this is a different thing than what you were asking about before?
I'm making the assumption that it if can be done, there's be a provider of Linux VM's who's doing it. If only to compete with Windows.
You're also making the assumption that a key-pair auth is less secure than a password auth.
-
He's making the assumption that you're using unencrypted VNC with cleartext 8-char authentication.
If you're saying "use SSH with key-pair authentication and tunnel your GUI", that's a hell of a lot more painful than password auth, both to set up, and (from a Windows client) to use. Fuck Pageant with a rusty spork.
-
I'm making the assumption
Are you telepathic or something now?
He's making the assumption that setting up and using key-pair auth is more painful than password auth. And it is. Fuck Pageant with a rusty spork.
Ugh, yeah that stuff sucks. But if you're coming from, e.g., Linux it's not that big a deal.
-
So this is now a thread about applying lots of duct tape, just because @blakeyrat is a fucking brain-deficient clueless cretin who cannot into CLI?
-
@blakeyrat is a fucking brain-deficient clueless cretin
I think that summarizes it quite well enough.
-
Right; obviously I am just stupid. That is the problem.
-
Right; obviously I am just stupid. That is the problem.
The first step to fixing a problem is acknowledging it; glad to see you've made that step ;)
-
An argument could be made that the SSH key-management client on Windows could be better. (That's a native Windows application; no real relation to what other platforms do.)
However, forcing the use of an RSA key to identify users when they connect via SSH is substantially more secure than using a password because it basically slams the door in the face of anyone doing drive-by cracking by password guessing. (Stealing an RSA key is rather more complex than stealing a password.) This is an approach that's equivalent to using client-authenticated SSL in HTTPS: somewhat fiddly to set up, but much more secure than the alternatives and really easy to use once that one-time setup is done.
For contrast, when I use SSH from my Mac, I have a system-provided key management utility already loaded with my key and then I can just connect to my servers without having to fuck around with typing passwords at all. It's not technically single-sign-on but it has the same user experience, which is what matters day-to-day. And my servers will only be that nice to me (or certain trusted colleagues); everyone else just gets the finger automatically.
-
And my servers will only be that nice to me (or certain trusted colleagues); everyone else just gets the finger automatically.
You can even set things up so that your servers will be selectively nice to different people based on what keys they use to connect. I use this to let staff set up ssh connections into the school's VM host server from home, over which the only thing they can do is forward TCP connections to port 445 on the curric file server; my own key lets me forward anything to anywhere.
-
I've never delved that deeply into configuring sshd; I usually just set it to aggressively require RSA keys (with only a very few accounts having the credential stored) and leave it at that. It's locked down and it's convenient for me.
-
Have a look at all the optional stuff you can wedge into ~/.ssh/authorized_keys. Fun for all the family!
-
No Linux is installed with X11-over-SSH available by default. I believe, given the design of SSH, it's literally impossible. (Since you have to do that key exchange bullshit before you can connect.)
What does authentication have to do with the connection type? That's akin to saying "Javascript can't run over SSL because you have to do that key exchange bullshit before you can connect"
-
What does authentication have to do with the connection type?
absolutely nothing...
unless blakey knows something about SSH on Lunix that i don't
-
Blakey knows lots of things about SSH on Lunix that you don't.
He's been making them up for years.
-
An argument could be made that the SSH key-management client on Windows could be better. (That's a native Windows application; no real relation to what other platforms do.)
However, forcing the use of an RSA key to identify users when they connect via SSH is substantially more secure than using a password because it basically slams the door in the face of anyone doing drive-by cracking by password guessing. (Stealing an RSA key is rather more complex than stealing a password.) This is an approach that's equivalent to using client-authenticated SSL in HTTPS: somewhat fiddly to set up, but much more secure than the alternatives and really easy to use once that one-time setup is done.
For contrast, when I use SSH from my Mac, I have a system-provided key management utility already loaded with my key and then I can just connect to my servers without having to fuck around with typing passwords at all. It's not technically single-sign-on but it has the same user experience, which is what matters day-to-day. And my servers will only be that nice to me (or certain trusted colleagues); everyone else just gets the finger automatically.
+ጣ
Key-based authentication is A Good Thing.
On Windows I'm using PUTTY-CAC's pageant.exe combined with Cygwin SSH or PUTTY. It integrates nicely into Windows' crypto API and allows me to use a smartcard key, defeating pretty much any attempt to break in.
-
You know exactly what I'm talking about, stop acting dumb.
-
-
Ok well then I'll repeat myself.
When you start up a new Windows server, it has a GUI environment waiting behind an easy-to-use client and a username/password combo.
When you start up a new Linux server, it has no GUI anything and you need to use the CLI to set one up.
Thus Linux is inferior and sucks.
-
No, actually I don't.
No-one does. Mainly because it changes every three posts ;)
-
When you start up a new Windows server, it has a GUI environment waiting behind an easy-to-use client and a username/password combo.
Unless you install Server Core, which has no UI.
@blakeyrat said:When you start up a new Linux server, it has no GUI anything and you need to use the CLI to set one up.
Unless you install a server distro with a GUI packed in. No idea if one exists, but it wouldn't surprise me if there is one.
-
Unless you install Server Core, which has no UI.
Right; but you don't do that because it's stupid.
Unless you install a server distro with a GUI packed in.
None exist.
No idea if one exists, but it wouldn't surprise me if there is one.
Considering the question I originally asked was, "does this exist?" and you Linux people have been hemming and hawing for like 47 posts without answering it, I'm now confident in saying: it does not exist.
Server Linux has fewer features than server Windows. Therefore, sucks.
Guess when? When I'm evaluating product, hypothetical features don't fucking count.
-
Ok well then I'll repeat myself.
When you start up a new Windows server, it has a GUI environment waiting behind an easy-to-use client and a username/password combo.
When you start up a new Linux server, it has no GUI anything and you need to use the CLI to set one up.
Thus Linux is inferior and sucks.
False.
I just set up 3 Linux servers at home, each one from the latest Ubuntu LTS CD. All three have a GUI that's completely accessible if I ever had a need to. However, because SSH is a thing, I don't.Incidentally, one of the three servers is a ~2003 Dell Inspiron desktop. The only version of Windows Server that could run with any semblance of speed is Server 03. Which is unsupported. Right now it's serving as a SSH VPN-style gateway and a small web server. Which it handles just fine. Couldn't do that with Windows server.
None exist.
False, see above
-
I just set up 3 Linux servers at home, each one from the latest Ubuntu LTS CD. All three have a GUI that's completely accessible if I ever had a need to.
Liar.
You either are talking about using the GUI directly on the server hardware yourself, or having one available remotely after you spent time setting it up in a CLI.
Notice that you weasel-worded it to "have a GUI" without bothering to say whether the GUI they "have" came with the OS or not. For all I know, you had to log in with a CLI and install 47 packages to make it work.
-
Liar.
Oh?
I'll take a picture if you want. I can't do that now, since I'm not actually at home, but I'd be happy to when I get home.
-
Right; but you don't do that because it's stupid.
Or because you don't want the load of a GUI wasting CPU time.
@blakeyrat said:None exist.
I shall redirect you to
@sloosecannon said:False.I just set up 3 Linux servers at home, each one from the latest Ubuntu LTS CD. All three have a GUI that's completely accessible if I ever had a need to.
@blakeyrat said:you Linux people
Only my Nexus 7 runs Linux, and that's because it's an Android tablet. My PC, laptop, and phone all run Windows; after all, I am a Windows girl ;)
-
I'll take a picture if you want. I can't do that now, since I'm not actually at home, but I'd be happy to when I get home.
If you had a remote control GUI on the servers, you'd be able to take a picture from here. This only confirms your lie.
-
I'm now confident in saying: it does not exist.
Yes, but you're always confident when you say something wrong.
-
You either are talking about using the GUI directly on the server hardware yourself, or having one available remotely after you spent time setting it up in a CLI.
I am. You said GUI. I'm not belgiuming psychic. If I wanted to, I could do X11-over-SSH though. Just as easily as RDP. Easier, actually, because I don't need to check the "allow remote access" checkbox.
@blakeyrat said:Notice that you weasel-worded it to "have a GUI" without bothering to say whether the GUI they "have" came with the OS or not. For all I know, you had to log in with a CLI and install 47 packages to make it work.
Nope. Came with Unity preinstalled.Only my Nexus 7 runs Linux, and that's because it's an Android tablet. My PC, laptop, and phone all run Windows; after all, I am a Windows girl
For me it's phone and tablet, but same. Linux on servers, but I have a few Windows server installs and all my computers run on Windows
-
If you had a remote control GUI on the servers, you'd be able to take a picture from here. This only confirms your lie.
False. I'm at school and they block SSH. Funny how stuff like that works.
-
@RaceProUK said:
Only my Nexus 7 runs Linux, and that's because it's an Android tablet. My PC, laptop, and phone all run Windows; after all, I am a Windows girl
For me it's phone and tablet, but same. Linux on servers, but I have a few Windows server installs and all my computers run on Windows
Technically, I do have a Linux server, but since that's on Amazon's EC2, it doesn't really count.
-
Liar.
You either are talking about using the GUI directly on the server hardware yourself, or having one available remotely after you spent time setting it up in a CLI.
When
, try to at least keep them in the same stadium.
-
@sloosecannon said:
For me it's phone and tablet, but same. Linux on servers, but I have a few Windows server installs and all my computers run on Windows
Technically, I do have a Linux server, but since that's on Amazon's EC2, it doesn't really count.Oh yeah I've got like 4 DigitalOcean droplets. Physically, I have
- Dell Poweredge something or other, running Ubuntu
- Inspiron running Ubuntu
- Another Inspiron running Ubuntu
- Inspiron running Server 08 (very slowly), ADDS
- HP ProLiant running Server 2012
- better HP ProLiant running Server 2012
And a Raspberry Pi
