Windows下通過Xmanager遠(yuǎn)程桌面控制Linux
?
??? 要在遠(yuǎn)程對Linux服務(wù)器桌面進(jìn)行控制,一般都要用到Xmanager,但是要使用這個(gè)東東是要經(jīng)過一定的配置才可以的,下面針對RedHat AS4|AS5兩個(gè)不同的環(huán)境����,對系統(tǒng)的配置來說明一下使用遠(yuǎn)程桌面控制的過程:
?
?
一、系統(tǒng)配置
?
1����、修改/etc/X11/xdm/Xaccess文件
?
??? 找到其中的
# *????? #any host can get a login window
??? 這句代碼中����,去掉前面的#使其生效����。
??? 該文件是X窗口的配置文件,目的是允許所有用戶登錄
?
??? 注:AS5中的對應(yīng)文件是/usr/share/config/kdm/Xaccess����,且經(jīng)驗(yàn)證并不一定需要修改
?
2����、修改etc/X11/gdm/gdm.conf文件
?
??? 找到
?
# XDMCP is the protocol that allows remote login.? If you want to log into
# gdm remotely (I'd never turn this on on open network, use ssh for such
# remote usage that).? You can then run X with -query <thishost> to log in,
# or -indirect <thishost> to run a chooser.? Look for the 'Terminal' server
# type at the bottom of this config file.
[xdmcp]
# Distributions: Ship with this off.? It is never a safe thing to leave
# out on the net.? Setting up /etc/hosts.allow and /etc/hosts.deny to only
# allow local access is another alternative but not the safest.
# Firewalling port 177 is the safest if you wish to have xdmcp on.# Read the manual for more notes on the security of XDMCP.
Enable=false
?
??? 這一段����,將其中的false修改為true或1
?
??? xdmcp的功能上面的這段話中已經(jīng)講的很清楚了,基本上就是Linux的圖形界面的一個(gè)監(jiān)聽端口����,端口號為177
?
??? 所以同時(shí)在該文件中����,需要確保177端口打開����,即如下代碼:
# The port.? 177 is the standard port so better keep it that way
#Port=177
??? 去掉前面的#使該句生效
?
??? 注:AS5中對應(yīng)文件是/usr/share/gdm/defaults.conf����,這個(gè)必須要修改����。
???????????????????? 以上內(nèi)容修改于:20090814
?
3����、修改/etc/inittab文件
?
??? 找到以下代碼段:
?
# Default runlevel. The runlevels used by RHS are:
#?? 0 - halt (Do NOT set initdefault to this)
#?? 1 - Single user mode
#?? 2 - Multiuser, without NFS (The same as 3, if you do not have networking)
#?? 3 - Full multiuser mode
#?? 4 - unused
#?? 5 - X11
#?? 6 - reboot (Do NOT set initdefault to this)
#
id:5:initdefault:
??? 若低于5時(shí),需要設(shè)置該級別為5
?
??? 再找到以下代碼段:
?
# Run xdm in runlevel 5
x:5:respawn:/etc/X11/prefdm -nodaemon
h1:35:respawn:/etc/init.d/init.cssd run >/dev/null 2>&1 </dev/null
??? 將中間那句修改為:
?
x:5:respawn:/usr/bin/gdm
?
??? 注:這個(gè)文件在AS4和AS5中都是一樣的����,但是后面的部分不知道是什么意思����,可以不改����。
?
4、修改/etc/X11/xdm/xdm-config文件
?
??? 找到最后一行����,在前面加上一個(gè)!
?
! SECURITY: do not listen for XDMCP or Chooser requests
! Comment out this line if you want to manage X terminals with xdm
!DisplayManager.requestPort:??? 0
?
??? 注:不知道什么意思����,也沒有找到在AS5里對應(yīng)的文件……
?
5����、在/etc/hosts文件中添加機(jī)器名解析
?
??? 如果是域中的機(jī)器,為了方便起見����,可以在/etc/hosts文件中加入IP和機(jī)器名����,以便直接登錄
?
10.11.6.220???? XXXXXX
10.11.6.91????? YYYYYY
?
?
二����、Xmanager的使用
?
1����、打開Xmanager文件夾中的Xbrowser,選擇New新建
?
2、選擇XDMCP類型����,然后Next
?
3����、Method不管����,Host填目標(biāo)服務(wù)器IP,Port是177,Next
?
4����、一路Next����,最后勾選 Execute the session when this new session wizard����,然后Finish
?
OVER...
?
?
?
?
?
?
?
最后還有一個(gè)問題:
以上設(shè)置的機(jī)器是不能用ROOT用戶進(jìn)行登陸的,如果需要以ROOT用戶登陸,則設(shè)置比較麻煩����,詳見:
----------------------------------------------------------------------------------------------
?
?
一、 XMANAGER 連接到REDHAT AS 5 需要修改的地方。
?
rhel5與rhel4不同的地方是����,rhel5裡沒有/etc/X11/gdm/這個(gè)目錄����,rhel5的gdm的配置文件放在這裡/usr/share/gdm/defaults.comf,這一點(diǎn)可能是困擾大家的地方。
?
在/usr/share/gdm/defaults.conf裡確保有以下幾句配置:
?
?
?
Enable=true
DisplaysPerHost=10
Port=177
在/etc/inittab裡把默認(rèn)級別改為5:
id:5:initdefault:
?
再在這個(gè)文件裡加一句:
x:5:respawn:/etc/X11/prefdm -nodaemon
?
然后重啟系統(tǒng)。然后在windows系統(tǒng)上運(yùn)行xmanager2裡的Xbrowser程序����,在裡面新建一個(gè)Xmanager Session����,在Host這裡輸入ip地址����,其它配置都不要改變(包括端口號),確定退出。然后雙擊這個(gè)New Xmanager Session����,看到登錄界面:
?
?
?
二����、 如果允許Root用戶連接到XMANAGER 需要修改以下內(nèi)容:
?
# vi defaults.conf
?
[security]
# Allow root to login. It makes sense to turn this off for kiosk use, when
# you want to minimize the possibility of break in.
AllowRoot=true
# Allow login as root via XDMCP. This value will be overridden and set to
# false if the /etc/default/login file exists and contains
# "CONSOLE=/dev/login", and set to true if the /etc/default/login file exists
# and contains any other value or no value for CONSOLE.
AllowRemoteRoot=true
# This will allow remote timed login.
AllowRemoteAutoLogin=false
# 0 is the most restrictive, 1 allo
?
#vi /etc/securetty
......
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
pts/0
pts/1
pts/2
pts/3
pts/4
?
添加這一些����。
?
# vi /etc/pam.d/login
?
#%PAM-1.0
#auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
~
?
#vi /etc/pam.d/remote
?
#%PAM-1.0
#auth required pam_securetty.so
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
~
~
?
#vi /etc/xinetd.d/telnet
?
# default: on
# description: The telnet server serves telnet sessions; it uses
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
}
~
?
?