You are not logged in.

#1 2015-09-07 00:27:01

kozaki
Member
From: London >. < Paris
Registered: 2005-06-13
Posts: 671
Website

Troubleshouting X11 Forwarding with SSH

Hi, are you X11 forwarding over SSH? Hopefully you'll find a minute to share your knowledge.

Getting X11 Forwarding to work, between two machines with Arch, has got me crying. I thought I'd share my checklist, and request your input to improve it as we can. So that we make it better, avoiding some of us to scratch most of their hair, or the later to grow up to making them look like Starsky or (young) Joan Baez while they postpone the hair dresser to get X11Forwarding to work wink

Setting up SSH X11 forwarding
1) On the SSH side

  • Does the client connect to the SSH server (console)
    Note: If using systemd, the port defined in sshd.socket overrides sshd_config, na.

  • /etc/ssh/sshd_config:
        1. verify that AllowTcpForwarding and X11UseLocalhost options are set to yes, and that X11DisplayOffset is set to 10 (those are the default values if nothing has been changed, see man sshd_config)
        2. set X11Forwarding to yes

    $ grep X11 /etc/ssh/sshd_config 
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
  • then restart the sshd daemon.

    systemctl restart sshd.socket

2) On the X server side

  • Make sure you have xauth installed on server.             

    which xauth
    /usr/bin/xauth
  • The X server must also be running on the remote system.

    :~SSH$ ps aux|grep X
    kozaki     727  0.0  0.0  15928  1940 tty1     S+   sept.05   0:00 xinit /home/USER/.xinitrc -- /etc/X11/xinit/xserverrc :0 vt1 -auth /tmp/serverauth.Yva3FKUMyr
    kozaki     728  0.2  1.0 197172 39676 tty1     S<l  sept.05   4:40 /usr/lib/xorg-server/Xorg -nolisten tcp :0 vt1 -auth /tmp/serverauth.Yva3FKUMyr

On the client's side, enable the ForwardX11 option by either specifying the -X switch on the command line for opportunistic connections, or by setting ForwardX11 to yes in openSSH client's configuration file.

  • Confirm that ssh is forwarding X11, check for a line containing Requesting X11 forwarding in the ssh -v -X output

    debug1: Requesting X11 forwarding with authentication spoofing.

You can now start any X program on the remote server, the output will be forwarded to your local session.

Well, unless you get the dreaded 'Can't open $DISPLAY' message:

$ ssh -Xv user@server
<SNIP SNIP>                                                                
~SSH$ xclock                                                               
debug1: client_input_channel_open: ctype x11 rchan 2 win 65536 max 16384   
debug1: client_request_x11: request from 127.0.0.1 45404                   
debug1: channel 2: new [x11]                                               
debug1: confirm x11                                                        
X11 connection rejected because of wrong authentication.                   
debug1: channel 2: free: x11, nchannels 3                                  
Error: Can't open display: localhost:10.0                                  
~SSH$ echo $DISPLAY                                                        
localhost:10.0

Same with <any graphical app>: "Error: Can't open display: localhost:XX.XX".

3) Further steps

  • If you receive errors trying to run graphical applications, try ForwardX11Trusted instead:

    $ ssh -Y user@host
    debug1: client_request_x11: request from 127.0.0.1 42984  
    debug1: channel 2: new [x11]
    debug1: confirm x11         
    X11 connection rejected because of wrong authentication.  
    debug1: channel 2: free: x11, nchannels 3  
    Error: Can't open display: localhost:10.0
  • Make sure you delete ~/.ssh/known_host after you make changes to your sshd_config file for the daemon.
    Done.

  • Is there an entry for localhost in [local? server?] /etc/hosts?         

    $ grep localhost /etc/hosts
    127.0.0.1		localhost.localdomain	localhost HOSTNAME
    127.0.0.1 localhost
  • If an old [local? server?] ~/.Xauthority is present it can have the wrong $DISPLAY value.
    Check the datestamp of the file.  If it not recent, try deleting ~/.Xauthority before logging in again so

    $ rm ~/.Xauthority && exit && ssh -X HOST
  • Try with /etc/ssh/sshd_config 'X11UseLocalhost no'  (on the server).
    Same output hmm

  • Try to ssh on localhost (on the client) with X11 Forwarding activated; does it work?
    Yeap

  • Have you disabled the "--nolisten tcp" option on your laptop? (check /etc/X11/xinit/xserverrc)
    Client: exec /usr/bin/X -nolisten tcp "$@"
    Server: ibid
    Is that true (just found)? As I understand this option from 'man Xserver', this option disables any TCP/IP based access to the X server. Or not: X Over SSH2 - A Tutorial #4 #-|

  • Check for 'xhost +*' in your user's and X11 config files

    ~SSH$ grep xhost ~/.Xclients* ~/.xinitrc ~/.xsession
    grep: /home/kozaki/.Xclients*: Aucun fichier ou dossier de ce type
    /home/USER/.xinitrc:xhost +local: &		    # GUI ($DISPLAY) for users who do not start X themselves
    /home/USER/.xsession:xhost +local: &		    # GUI ($DISPLAY) for users who do not start X themselves

    Same thing for /usr/X11R6/{bin/startx,lib/X11/xdm/Xsession} (not present on my machines running Arch).

Even while

$ ssh -t HOST 'xclock'

works beautifuly, between the same two machines.

Some more refs:
how-to-forward-x-over-ssh
Enabling X11 Access Control (Fixing xhost +)
[SOLVED] Trouble with X forwarding


Seeded last month: Arch 50 gig, derivatives 1 gig
Desktop @3.3GHz 8 gig RAM, linux-ck
laptop #1 Atom 2 gig RAM, Arch linux stock i686 (6H w/ 6yrs old battery smile) #2: ARM Tegra K1, 4 gig RAM, ChrOS
Atom Z520 2 gig RAM, OMV (Debian 7) kernel 3.16 bpo on SDHC | PGP Key: 0xFF0157D9

Offline

#2 2015-09-09 23:39:43

kozaki
Member
From: London >. < Paris
Registered: 2005-06-13
Posts: 671
Website

Re: Troubleshouting X11 Forwarding with SSH

Anyone on this? it's uneasy to stay with a broken X11Forwarding setup with all troubleshouting tests I know passed :-|
I'm thinking taht it might be profile related; will test ASAP.


Seeded last month: Arch 50 gig, derivatives 1 gig
Desktop @3.3GHz 8 gig RAM, linux-ck
laptop #1 Atom 2 gig RAM, Arch linux stock i686 (6H w/ 6yrs old battery smile) #2: ARM Tegra K1, 4 gig RAM, ChrOS
Atom Z520 2 gig RAM, OMV (Debian 7) kernel 3.16 bpo on SDHC | PGP Key: 0xFF0157D9

Offline

#3 2015-09-10 12:25:51

R00KIE
Forum Fellow
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: Troubleshouting X11 Forwarding with SSH

Try 'ssh -Xvvv user@server' and check all the messages, there may be some hint there as to why it doesn't work.


R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

#4 2015-09-20 01:50:08

kpiche
Forum Fellow
From: Ottawa, ON, Canada
Registered: 2004-03-30
Posts: 246
Website

Re: Troubleshouting X11 Forwarding with SSH

An X server does not need to be running on the remote end or even be installed.  The whole point is to have remote X programs using the local client X server.

Offline

Board footer

Powered by FluxBB