Is there a way that I can enable X11 forwarding via ssh's tunneling when I ssh into a shell that is chroot'ed? I have been messing around with chroot as a sort of "poor man's" virtual machine. I am able to access X based programs running in the chroot'ed environment across computers. I can do this now, but I can only do it using the unsecured "xhost +" method of sending naked X packets across computers.
I can accomplish the unsecured way only by starting a new X server from with root permissions with a command like "X :2". My distro nullifies the effects of an "xhost +" when X is started in the normal way (most likely to avoid unwanted security concerns). Once this risky X server is started, I can set the DISPLAY environmental variable to "IP_NUMBER:2" allowing graphic enabled programs to appear on in that X server.
To avoid having to run two X servers on my main computer, I would like to just send X over the secure ssh tunnel. Also I would like the proper security. When I ssh into I computer using "ssh -X ..." or "ssh -Y ..." $DISPLAY is set to "localhost:10.0" or a similar value. This makes the program think that it is being displayed on the local computer when it is acutely going through the tunnel.
Looking through the ssh man page, I found that using the command "ssh -v -y -Y ssh user@server" to start ssh gives me more information pertaining to what is happening with the tunnel.
I can of course tunnel before issuing the chroot when DISPLAY is set to "localhost:10.0". But once I use the chroot command, I can not tunnel to the X server, even when DISPLAY is set to "localhost:10.0". An attempt to to so results in the following error
Code:
May 5 11:04:14 harrier ssh[30036]: debug1: client_input_channel_open: ctype x11 rchan 3 win 87380 max 16384
May 5 11:04:14 harrier ssh[30036]: debug1: client_request_x11: request from 127.0.0.1 47846
May 5 11:04:14 harrier ssh[30036]: debug1: channel 1: new [x11]
May 5 11:04:14 harrier ssh[30036]: debug1: confirm x11
May 5 11:04:14 harrier ssh[30036]: X11 connection rejected because of wrong authentication.
May 5 11:04:14 harrier ssh[30036]: debug1: channel 1: free: x11, nchannels 2
Looking into the log generated by ssh in debug mode I noticed that it makes an attempt to use the files id_rsa, id_dsa and id_ecdsa from the ~/.ssh directory for the private keys. I however don't have those files in my ~/.ssh directory. At this point, I am sort of guessing, but I am thinking, if I can get the properly generated files in my ~/.ssh directory, I can use those for the authentication. If my idea is correct, I could simply copy those files from the greater environment into the chroot'ed environment.
What do you think, Am I on the right track? Thanks in advance for any advice.