I use a chroot development environment for developing software for devices. The chroot dev environment isolates the rest of my system from my build-system hacking. The chroot environment is text-based, but I prefer to use a graphical text editor. Right now, I keep one terminal chrooted into the dev environment to build packages and one terminal pointed at the chroot environment from the outside to edit files.
I'm tired of constantly switching back and forth between these terminals, but I don't want to install X and Gnome on my compact dev environment for obvious reasons. I need a way to forward certain commands to the exterior environment, but I can't think of a simple solution. How can I execute a command on the exterior system from within a chroot environment?
Yes, SSH can be used, but without X forwarding, because you want to run the app outside of chroot, not inside. This means you have to tell the app where is its X server, because SSH won't do it for you. It is done by setting DISPLAY environment variable prior running any X app to the same value as your non-chrooted terminal has, usually it is:
export DISPLAY=:0
You could SSH into your own system, enabling X forwarding, and set it up with keys so no password is required. At minimum, something like:
ssh localhost -c my-graphical-editor
When an account is chrooted, everything that you need has to exist in the chroot / environment. That means /usr, /opt/, etc., has to be "local" and populated with whatever code is required. Graphical interfaces typically require a boatload of support code.
You may personally prefer a graphical interface but is it necessary? Or more correctly will it compromise the jail; make it easier to break out of jail?
You can su back and forth pretty quickly...
Related
I want to run a script on a remote machine without using ssh.. Is it possible?
If yes then what all available options are there in linux?
Here are few details regarding the same.
1) On my machine i have a script, say a.sh, which performs installation of few packages. (such as lsof, ntp, vim etc).
2) I need to copy this script to the remote machine, and i want to execute it over there. (So that those packages get installated on to those machines.
3) what i am trying to achieve is if i have to do these packages installation on n no of machines, then with this mechanism i can automate this part.
Is there any preexisting infrastructure in linux which can help me doing this without ssh? (ssh to these virtual machines/remote counterparts is not possible)
Cheers,
Placid/
Ubuntu one has this form of remote package management availible , although on a personal level I simply prefer to scp / ssh exec scripts like this when deploying a change set to multiple machines .
I'm using /bin/sh to execute some commands, but some of those commands require me to have a "graphical terminal" which I don't really know what that means, those commands give wrong output on my software, but correct output on the normal Gnome/KDE Terminal.
I was wondering if there is away to tell the underlying X Window Session that my software is a "graphical terminal"?
As #ugoren said, the DISPLAY variable is what is used to find the X Window System from applications. If X is not running in the background, the variable will be unset.
You can start a new X server using xinit from your script if you cannot talk to the old one; ideally, this would be something like Xvnc (which does not need hardware access).
If I understand correctly you are trying to run application on a remote machine or at least one that doesn't run any X Server. If that is the case you might try to use Xvfb which creates a virtual server which allows applications to connect to it and "draw" windows.
Normally, software that uses X windows relies on the DISPLAY environment variable.
It's value should be something like 10.0.0.1:0.0, where 10.0.0.1 is your IP address (I'm not sure what 0.0 is, but 0.0 normally works).
You also need some X server software to run on your PC, which would show the window.
I'm doing my development work on my Windows machine, but my compiling on a remote Linux machine. What I currently do is start an X server on Windows, ssh into the Linux machine, then do the development remotely.
What I'd like to do is edit my source on the Windows machine, and have it automatically copy files over to the Linux system when I save. I'd also like for my built-in compilation commands to perform a build on the remote system.
If it makes a difference, the source is all in C, using GCC. In descending order of preference, I have Emacs, Vi, and Netbeans on my desktop, and am willing to install another IDE for a last resort.
This is certainly doable in vim. You can use the scp:// protocol within vim to edit remote files, and set up a command that writes a local copy. You can also change what program vim uses for :make to do an ssh make instead on your server.
You'll need to set up your ssh-keys to keep this painless (otherwise you'll be entering your password all the time) but that's fairly easy.
Another alternative would be to push to a remote repos as part of your make command, instead of editing remotely.
EDIT:
First, using the scp:// protocol within vim. From :help netrw-start (or down the page from :help scp)
Netrw supports "transparent" editing of files on other machines using urls
(see |netrw-transparent|). As an example of this, let's assume you have an
account on some other machine; if you can use scp, try:
vim scp://hostname/path/to/file
Want to make ssh/scp easier to use? Check out |netrw-ssh-hack|!
You can also use scp:// paths in :edit commands, or really anywhere that you could use a normal path.
And, from the mentioned :help netrw-ssh-hack, instructions on how to set up your ssh keys:
IMPROVING BROWSING *netrw-listhack* *netrw-ssh-hack* {{{2
Especially with the remote directory browser, constantly entering the password
is tedious.
For Linux/Unix systems, the book "Linux Server Hacks - 100 industrial strength
tips & tools" by Rob Flickenger (O'Reilly, ISBN 0-596-00461-3) gives a tip
for setting up no-password ssh and scp and discusses associated security
issues. It used to be available at http://hacks.oreilly.com/pub/h/66 ,
but apparently that address is now being redirected to some "hackzine".
I'll attempt a summary based on that article and on a communication from
Ben Schmidt:
(1) Generate a public/private key pair on the local machine
(ssh client):
ssh-keygen -t rsa
(saving the file in ~/.ssh/id_rsa as prompted)
(2) Just hit the when asked for passphrase (twice) for no
passphrase. If you do use a passphrase, you will also need to use
ssh-agent so you only have to type the passphrase once per session.
If you don't use a passphrase, simply logging onto your local
computer or getting access to the keyfile in any way will suffice
to access any ssh servers which have that key authorized for login.
(3) This creates two files:
~/.ssh/id\_rsa
~/.ssh/id\_rsa.pub
(4) On the target machine (ssh server):
cd
mkdir -p .ssh
chmod 0700 .ssh
(5) On your local machine (ssh client): (one line)
ssh {serverhostname} cat '>>' '~/.ssh/authorized\_keys2' < ~/.ssh/id_rsa.pub
or, for OpenSSH, (one line)
ssh {serverhostname} cat '>>' '~/.ssh/authorized\_keys' < ~/.ssh/id_rsa.pub
You can test it out with
ssh {serverhostname}
and you should be log onto the server machine without further need to type
anything.
If you decided to use a passphrase, do:
ssh-agent $SHELL
ssh-add
ssh {serverhostname}
You will be prompted for your key passphrase when you use ssh-add, but not
subsequently when you use ssh. For use with vim, you can use
ssh-agent vim
and, when next within vim, use
:!ssh-add
Alternatively, you can apply ssh-agent to the terminal you're planning on
running vim in:
ssh-agent xterm &
and do ssh-add whenever you need.
For Windows, folks on the vim mailing list have mentioned that Pageant helps
with avoiding the constant need to enter the password.
Kingston Fung wrote about another way to avoid constantly needing to enter
passwords:
In order to avoid the need to type in the password for scp each time, you
provide a hack in the docs to set up a non password ssh account. I found a
better way to do that: I can use a regular ssh account which uses a
password to access the material without the need to key-in the password
each time. It's good for security and convenience. I tried ssh public key
authorization + ssh-agent, implementing this, and it works! Here are two
links with instructions:
http://www.ibm.com/developerworks/library/l-keyc2/
http://sial.org/howto/openssh/publickey-auth/
For making on remote systems, you need to set your makeprg variable to
do an ssh make. From :help makeprg
Program to use for the ":make" command. See |:make_makeprg|.
This option may contain '%' and '#' characters, which are expanded to
the current and alternate file name. |:_%| |:_#|
Environment variables are expanded |:set_env|. See |option-backslash|
about including spaces and backslashes.
Note that a '|' must be escaped twice: once for ":set" and once for
the interpretation of a command. When you use a filter called
"myfilter" do it like this:
:set makeprg=gmake\ \\\|\ myfilter
The placeholder "$*" can be given (even multiple times) to specify
where the arguments will be included, for example:
:set makeprg=latex\ \\\\nonstopmode\ \\\\input\\{$*}
This option cannot be set from a |modeline| or in the |sandbox|, for
security reasons.
One option is to use the TRAMP remote-editing package (built into Emacs 22 and newer, and you can install it into older versions). Every time you save your file, Emacs sends its contents over ssh (by default; of course every detail is totally configurable) to the Linux machine. Commands like M-x compile and M-x grep are TRAMP-aware and execute on the remote host.
I would look into continuous integration for your environment. This way you can commit the changes to source control, and have the linux box act as a build server. You can have tests associated and other related interesting stuff you want to be run on the builds.
Update 1: Also this might work for you: http://metamod-p.sourceforge.net/cross-compiling.on.windows.for.linux.html (it is also worth a try doing some searches on similar tools)
Other have suggested SAMBA which may not be feasible on your Linux box. A good alternative is to use Dokan SSHFS on your Windows box to mount a remote directory over SSH.
You could try sharing a disk between your Linux and Windows machines using Samba or something like that. Then you could edit on your local machines and the files would be visible immediately on the remote machine since the drive would be visible to both.
Where I work we have all files on NFS that is accessible from all Linux machines and Windows machines. I don't know how hard it is to set that up since I work in a large corporation and IT is abstracted away from me, but simple disk sharing should be pretty straightforward.
Why do you start an X server on Windows? Personally, I would set up a Linux VM with VMware or whatever your favorite VM technology is (VMware is free and works well). Then choose any Linux distribution you want. You just need very basic functions, mostly the standard "toolchain." You could pick Centos, Ubuntu, Fedora, Debian, whatever. I usually use Centos or Debian. Set it up, and just use PuTTY into your VM. From there, you can scp files to your remote server and so forth. This way you don't have to bother with cygwin or an X server or any of that.
Can you just use a samba share to save the files directly on the remote machine? I often do PHP this way.
Then just have a putty window open to run commands on the remote box.
Or am I missing something?
Set a source control system and use it. Then you can just make a commit after saving in your IDE, and on server you can have something happening on-commit.
This can trigger tests, build, mail any errors to you...
One solution might be to have some sort of polling app that checks the timestamp on the files to see if they have changed. If they have then get it to save and then compile. Kinda hackish this way but it would be workable.
I personally use XMing with PuTTY. I ssh using PuTTY while XMing is running. I can open up any editor (gvim, emacs, gedit, etc) and it will appear.
You will need to do some setup on PuTTY though:
Expand Connection
Expand SSH
Click on X11
Check the "Enable X11 Forwarding"
In the text field for display location, enter (without quotes): "localhost:0"
Save session and connect.
I do this all the time using VNC and it is very easy, but I am curious about a few things like XDMCP. As I understand it, this is a way of creating the entire desktop on a remote X-Server which seems fairly elegant.
Several years ago, I worked on a Solaris server and multiple developers had X-Servers running in Windows and we were able to access a full remote X-desktop. All my efforts so far in X based systems seem to indicate that only one instance, remote or local, of the desktop can be loaded, so I guess this Solaris thing was an actual application that "emulated" a desktop, but who knows....
Any input ?
From Windows I've found the best way to do this is using the Xwin command in cygwin.
Steps:
Install Cygwin, making sure to install X11. (Do this by scrolling to the bottom of the list on the "select packages" screen and click on the word "default" to the right of "X11". Give it a second or two and it will change to "install".)
Then, just run the Xwin command like this:
Xwin -query your.unix.system.name
You'll get a full-screen login window from you unix box. That's it!
Btw, sometimes firewalls get in the way of the UDP protocol for XDMCP. If that happens, look up the port numbers (one UDP outgoing, and one TCP incomming) and unblock them. Other xdmcp troubleshooting tips here.
NX will allow you to use a complete remote desktop environment locally, and most Linux distros already have the server available.
As an alternative to full cygwin install you might want to look at Xming. It is quite a bit lighter and should provide the same functionality.
In Xorg/GDM/LightDM options : "listen" should be activated (disabled by default)
In windows, try Xwin32.
In Linux, try Xnest (windowed) or X with "-query" command.
Be careful: it's slow and everything (passwords included) is transmitted in clear. So keep it on local network, tunnel it in SSH or better don't use it.
I found an additional remote desktop implementation which works quite nicely with LXDE:
x2go
Has clients for Windows, Linux and MacOS X.
How can I set Linux environment variables remotely from a Windows application?
You can't directly. Environment variables are just a table of values associated with the process, and inhereted when you fork(2) a process.
If you want to set them, you need some kind of code at the Linux side doing it. The simplest is probably to run your remote programs through a shell, and set them on the command line.
Otherwise, you need a way to get your Linux-side client to put them into the environment with setenv(3).
Taking your rather terse question at face-value, you could have your Windows application ftp to the linux system as the user who is going to run the linux app and modify their .cshrc or .bashrc, adding the desired environment variables to the shell script. This won't modify already-running shells, though.
At an abstract level, you're talking about inter-process communication. You have information in the Windows application you want to communicate to communicate to some Linux application. I'm not sure environment variables are the best way to communicate this data. Perhaps opening a socket between your Windows app and Linux app would be best.
Two ways I can think of - in probable order of simplicity:
Write a Linux program that listens on a network socket for commands. Your Windows app sends the appropriate command. The Linux program runs the command to set the environment variable - something like system(export MY_ENV_VAR=abc). This won't be secure over the network unless you make it so.
Use SSH to login to the Linux system, then run a script to set the variable. I don't know if there are SSH libraries around for Windows but I'd be surprised if there aren't. PuTTY is an excellent open-source Windows SSH client so you may be able to use code from there but you should check the license first - depending on how you plan to use your application. This option has the benefit that you can use PKI to secure the network connection, if necessary.