[slurm-users] X11 forwarding and VNC?

[Michael Jennings]

On Monday, 25 March 2019, at 12:57:46 (+0000),
Ryan Novosielski wrote:

> If the error message is accurate, the fix may be having the VNC
> server not set DISPLAY equal to localhost:10.0 or similar as SSH
> normally does these days, but to configure it to set DISPLAY to
> fqdn:10.0. We had to do something similar with FastX.

Getting X11 forwarding to work with newer versions of Slurm and its
built-in X support often requires the SSH daemon configuration to
specify "X11UseLocalhost no" which accomplishes exactly the above.

Keep in mind that this directive also means that the X forwarding
listeners will listen on the wildcard address (0.0.0.0) rather than
localhost (127.0.0.1) and will therefore accept remote connections
(which is, after all, the whole point).  There are (hopefully well
understood) security implications of doing that.

If you use this, just make sure that the client display listening
ports (these typically start at port 6010/tcp and go up from there,
depending on how many X11 forwarding sessions there are) are properly
protected by the appropriate firewall rules to prevent unauthorized
listening or manipulation of users' X servers/events!

Michael

-- 
Michael E. Jennings <mej at lanl.gov>
HPC Systems Team, Los Alamos National Laboratory
Bldg. 03-2327, Rm. 2341     W: +1 (505) 606-0605