This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Invoking GUI programs over SSH


On 10/14/2011 7:43 PM, Quang Ong wrote:
I found this previous discussion about this issue, but it doesn't appear to
work or maybe someone can elaborate on this issue.
http://cygwin.com/ml/cygwin/2011-01/msg00211.html

I'm trying to do the same thing, launch a GUI app over SSH on the "server",
not sending the display back to the ssh client.

I originally had openssh 5.8 and recently updated to 5.9. SSH to the windows
machine works fine for the most part, except for the fact when I try to
launch our build tool, which pops up a GUI, it doesn't work anymore. We have
a much older XP machine running Cygwin 1.5 which works, but this new machine
is running Win7 64-bit w/ Cygwin 1.7 openssh 5.9.

The quick test is to ssh into the cygwin machine and run notepad. Like the
previous poster, I can see the process running, but nothing on the
"console". I tried the recommended step of adding Interactive Logon rights
using the editrights tool, but I didn't see how the poster was able to use
the Services GUI to add "Allow service to interact with desktop" for a
"regular user". Only the LOCAL SERVICE user has that option in the GUI.
1) Is the "editrights -a SeInteractiveLogonRight -u ssh-admin " command the
same as checking the "Allow service to interact with desktop"?
2) The poster also didn't seem to indicate which version of openssh. I found
another discussion that mentioned that this capability worked with openssh 5.1:
http://lists.mindrot.org/pipermail/openssh-unix-dev/2011-April/029490.html

Is this capability no longer possible/suported?

MS has changed it support for this functionality. They feel this is a security hole (and it is not completely improper to view it this way) so they've changed how this works. In its current incarnation, it's much harder to get this to work the way it used to. There's an entire KB article that someday I'm going to look up and bookmark so that I have it available when these kinds of inquiries come up on the list. ;-) So if you really want to dive into the guts of the new implementation with all its new restrictions, I'd recommend looking for that KB article. Given the current support for this feature from MS, I think it's fair to say that making this work the way it used to for the limited cases where it may still be useful, even if it's possible, isn't a priority for Cygwin right now. I'd summarize the state of affairs this way - if you're looking for a simple recipe that will make this magically work the way that it used to, you're not going to find it here. If that's not entirely discouraging for you, then I'd say take a look around at what's in the mail archives and the details of how MS says this can work now. If you're willing to accept the new restrictions and if you're a bit savvy, you may find a way to make your situation work for you. If so, we'd be interested in hearing what you found. :-)

As for your first question, editrights != "Allow service to interact with
the desktop".  cygrunsrv's -i flag would be the closest matching control
in the Cygwin world, with the same caveats as I mentioned above.


-- Larry

_____________________________________________________________________

A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]