Ssh – forward X11 over ssh on an rented host without forwarding support

sshx11xforwarding

I have a GUI program which has all necessary libraries to run on a rented Ubuntu host, but the host itself rejects attempt to set up X forwarding during the ssh connection using -X. strace shows the UI program can run, but stops when it has no DISPLAY. I do not have root access to the rented host, it is not configured to forward X11 for normal users, and support for the host says they do not support it for users.

Is there any way to do X forwarding anyway, as I need it for just one critical program? ssh -X -v merely reports:

OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g  1 Mar 2016
...
debug1: Remote: /usr/home/ipdb/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug2: x11_get_proto: /usr/bin/xauth  list unix:10.0 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 1
...
X11 forwarding request failed on channel 0

Is there any way to manually configure this, given that the local and remote hosts are both behind firewalls (so DISPLAY=$REMOTEHOST:0 won't work)? The host has an xauth and xhost that I copied from an Ubuntu host of the same dist version.

~/.ssh/rc runs during the connection, but does not have any arguments passed to it.

I suspect the reference to /usr/bin/xauth, which does not exist on the host, is the issue? Could I possibly run my own sshd and configure it with the correct xauth path?

Best Answer

Following the various guides, I copied the file /etc/ssh/sshd_config to a new directory, then ran the following command in the same directory to create a new key pair:

ssh-keygen -f myrsa -N ''

I copied an xauth executable from a similar Linux system and placed it in the same directory.

I then modified the sshd_config file with the following lines:

Port 22220

HostKey /path/to/directory/myrsa

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost no
XAuthLocation /path/to/directory/xauth

I could now start my own ssh server with X Forwarding enabled, on Port 22220 using the command:

/usr/sbin/sshd -d -D -f /path/to/directory/sshd_config

And connect to it using the ssh command:

ssh -X -p 22220 <hostname>

Once connected, I checked that the environment variable DISPLAY was set.

In order to run my X program on this host, I also needed to copy several library files, such as libxkbfile.so.1, into the same directory, from a similar Linux system with X support installed; I determined this by running ldd on the X program I was trying to run, looking for unresolved libraries, then I found them on the working system using ldconfig -p | fgrep libxkbfile.so.1 and used scp to copy them to the target system. Then I set

set LD_LIBRARY_PATH=/path/to/directory

so that the additional libraries could be found, and was able to run the X program and see the UI on my local system.

Related Solutions

SSH X11 Forwarding – How to Forward X11 Over SSH When Server Configuration Doesn’t Allow

@Demi 's answer is good but I think filling it out would be great help.

local -- the local machine serving an Xserver.
remote -- the remote machine serving the application which drives the data going to the Xserver

Remote /etc/ssh/sshd_config:

X11Forwarding no
X11DisplayOffset 10
X11UseLocalhost yes

Remote ~/.Xauthority is empty or does not exist

On local:

Xephyr -ac -screen 1280x800 -br -reset   :2 &
DISPLAY=:2 ssh  -fR 6010:/tmp/.X11-unix/X2  user@remote "DISPLAY=:10 xeyes"

In the test, local was running Ubuntu 18.05, remote was running Debian Jesse.

Ssh – Forwarding X11 not working – Error: Can’t open display: localhost:11.0

Since $DISPLAY is correctly set and the ~/.Xauthority file is not created, this can mean that, though X11 forwarding is taken into account, xauth is not run. One reason could be that it is not in the path (I had this problem under Mac OS X, but this would be strange under Linux). You may want to do the work yourself by creating a ~/.ssh/rc file. For instance, I have the following:

if [ -n "$DISPLAY" ]; then
  echo "DISPLAY: $DISPLAY" >&2
  if read proto cookie; then
    if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
      echo add unix:`echo $DISPLAY | cut -c11-` $proto $cookie
    else
      echo add $DISPLAY $proto $cookie
    fi | $HOME/.ssh/xauth.wrapper -q -
  fi
fi

where ~/.ssh/xauth.wrapper is a wrapper to xauth that implements the locking of the ~/.Xauthority file. But you can use just xauth or the full pathname to xauth just in case... This is much like what is described in the sshd(8) man page (see Section "SSHRC").

Be careful not to do any mistake.

Best Answer

Related Solutions

SSH X11 Forwarding – How to Forward X11 Over SSH When Server Configuration Doesn’t Allow

Ssh – Forwarding X11 not working – Error: Can’t open display: localhost:11.0

Related Question