Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - General
User Name
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.


  Search this Thread
Old 06-16-2008, 06:52 PM   #1
LQ Newbie
Registered: Jul 2007
Posts: 1

Rep: Reputation: 0
DisallowTCP and how it affects XDMCP

Hello all, first post, apologies if not the right forum for my question.

I am using Xming to connect to a Fedora Core 6 headless machine from Windows XP for a few months now. I am able to choose from full Gnome desktops to single apps (from Xterm to gnome-system-monitor) running on my Windows desktop - mind-blowing stuff. Yet, it's only recently that I discovered that the setting "Deny TCP connections to Xserver", subtitled "Disables X forwarding, but does not affect XDMCP", at System | Administration | Login Screen | Remote, is checked. As far as I understand, this affects the DisallowTCP option, setting it to true. That made me feel (once more) that I don't rly understand what's going on to the extent I'd like to. So, I'd appreciate any explanation of how, given the above setting (of DisallowTCP=true) I can nonetheless connect to the Fedora machine through XDMCP (isn't X11 forwarding needed *as well* for that?), as well as any pointers as to where I can read about X11 forwarding, XDMCP and (what rly eludes me) how those two interoperate to allow remote operation (I know I can search for that, but I've always prefered a nice discussion instead).

Thanks in advance.
Old 06-20-2008, 12:44 PM   #2
Senior Member
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
I don't have a really solid understanding of all of this myself, but since nobody has replied, I'll give it a shot.

First some basics. Pardon me if you already know this. The X windowing system consists of two parts: 1) the server which actually displays the image, and 2) a client which connects to the server, such as gnome. Frequently the server and the client are on the same machine, but communications can be over a network. Unless it is told not to, in addition to the unix sockets (one area I'm shaky in) the server will listen to TCP. I am not totally sure what the consequences of this are but I believe it can have some security implications. The way the server is told not to listen is with the --nolisten tcp option.

For example, on a machine running Ubuntu sitting at its GUI login screen (nobody logged on locally -- I am running these commands over ssh):

user@pangolin:~$ ps -wwef | grep X
root      6423  6420  0 09:56 tty7     00:00:00 /usr/X11R6/bin/X :0 -br -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten tcp vt7
user      6714  6654  0 10:00 pts/1    00:00:00 grep X
This is with the Deny TCP connections to Xserver box checked. However, when it connects to another box via XDMCP (with the box still checked) it drops the --nolisten option:

user@pangolin:~$ ps -wwef | grep X
root      6770  6767  1 10:03 tty7     00:00:00 /usr/X11R6/bin/X :0 -br -audit 0 -auth /var/lib/gdm/:0.Xauth -terminate -query ratel vt7
user      6779  6654  0 10:03 pts/1    00:00:00 grep X
So apparently XDMCP does require the server to listen on TCP. In fact netstat will allow you to see what sockets are in use. This same machine shows a connection established on TCP/6000 when I am connected to another machine via XDMCP. That connection goes away when I am not using XDMCP. There are one or more other sockets that are used when establishing the XDMCP connection that don't continue in use once established. I have forgotten what it(they) is(are).

gdm (for Ubuntu, presumably for Fedora) is what controls the options X gets called with. If you check that box then gdm will use the --nolisten option except when you tell it to connect via XDMCP.

X forwarding over ssh is a different matter entirely. The only connection between the computers in that case is over the encrypted tunnel. At the calling end, I think the communications with the X server is over unix sockets, just like when you have a local client. At the remote end the communicationis with some kind of pseudo X server over localhost port 6010 (6011, 6012, etc. as needed depending on number of such connections that machine is running).

So I hope this clarifies things. A suggest you poke around a little with the ps and netstat commands to see what is going on. Further info is in man pages and, of course, on the Internet.

EDIT: Since you asked about both ssh and XDMCP, maybe I should point out that (TMK) there is no encryption involve with XDMCP. So if you wanted to run it over an insecure network you would probably want to do it over a VPN.

Last edited by blackhole54; 06-20-2008 at 12:50 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Remote Kernel Vulnerability affects 2.6.9 TruckStuff Linux - Security 1 12-16-2004 10:21 AM
Suse 9.0/.1 GFX affects IDE Duren Linux - Hardware 0 05-22-2004 04:16 AM
mouse affects direct rendering buboleck Slackware 0 01-25-2004 02:13 PM
The cause and affects of boot loaders? win13 Linux - Newbie 4 01-06-2004 07:39 PM
setting umask that affects all programs in X...? apeekaboo Linux - Security 7 06-12-2003 05:48 PM > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 10:37 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration