No more trying to remember "what did I do the last time" every time I deploy yet another real or virtual Unix/Linux system with X11 graphical gizmos! Here is how to enable X11 display forwarding over a SSH login session.
The local machine runs a SSH client and a X server. The remote machine runs a SSH server and a X client application (e.g. xeyes). From the local SSH client, we log on to the remote SSH server, and forward X11 graphics from clients running on the remote machine to the local X Windows server.
1) The remote machine needs to have xauth installed. This is accomplished with the usual package management commands. For remote systems running Linux, the package managers are invoked using "apt-get install xauth" on Debian-based systems (including ubuntu) or "yum install xauth" on Fedora/RedHat/CentOS based systems.
2) The remote machine needs to have IP forwarding enabled in the kernel. This is achieved by making sure /etc/sysctl.conf has the line "net.ipv4.ip_forward = 1". If not, add this line and execute "sysctl -p" for the kernel to re-read sysctl.conf without rebooting the remote system.
3) The remote machine needs to have the following lines in its SSH server daemon's configuration file /etc/ssh/sshd_config :
AllowTcpForwarding yes
X11Forwarding yes
X11UseLocalhost no
Make sure these lines are there with the indicated parameters and not commented out. If not, edit /etc/ssh/sshd_config accordingly and restart the SSH server on the remote using "systemctl restart ssh", "/etc/init.d/sshd restart" or whatever restarts the sshd daemon on the remote system.
5) Open a terminal on the local machine and allow all remote X clients to connect to the local X server using "xhost +"
ssh -X <remote-user>@<remote-host>
7) In the SSH session just established, make sure "X11 forwarding request failed on channel 0" is NOT displayed when you entered the password. Only the ssh banner, or motd, or whatever is configured to be shown when logging on to the remote system is displayed. Also, "Warning: No xauth data; using fake authentication data for X11 forwarding." should NOT be displayed since we installed xauth on the remote system. If either is displayed, something went wrong and you need to delve deeper.
That is all that should be needed. In the established ssh session to the remote system, type in "xclock" or "xeyes" or whatever command you want that needs an X11 windows server and the X Windows application should start up. If you get a "cannot open display", again something went wrong and you need to delve deeper. You should not need to export the DISPLAY environment variable containing <your local IP>:0.0 if X11 forwarding works correctly.
No comments:
Post a Comment
"SEO" link builders: move on, your spam link will not get posted.
Note: Only a member of this blog may post a comment.