Centos 7 - X11 forwarding
I've read quite a few articles on this now and I still don't seem to be able to do this so am hoping someone can tell me where I am going wrong...
Background:- Centos v7 running in a VM Cygwin installed on the desktop (fresh install) I have amended the sshd_config on the VM to :- X11Forwarding yes X11UseLocalhost no Disabled selinux and restarted the sshd daemon. Within cygwin before making the connection I set:- export DISPLAY=:0 Then run startxwin Within Xwin.exe I run the following and get the error:- $ ssh -XY root@192.168.246.130 root@192.168.247.131's password: X11 forwarding request failed on channel 0 Last login: Tue Jun 2 20:40:44 2015 from 192.168.246.10 Is it something I'm missing? I'll admit X11 is a weak area for me. |
X11UseLocalhost no
Should be yes - not because it is wrong, but because it is just a little bit better security (it prevents other hosts from making connections to your X server via the external IP number and port). SELinux will not affect how sshd works for forwarding; and it provides a lot better security. The "export DISPLAY=:0" should not be used... It may or may not be correct, as starting Xwin.exe should define what the display is... But I don't have Xwin to check that - so it may depend on how Xwin uses that. Now, on the server, you still need to include the package "xauth". This is because of how sshd works with X forwarding. The sshd server creates a port (prefereably localhost:6010, or whatever the offset is specified - and is identified in the user environment as "DISPLAY=10:0"). Sshd also generates an authorization key that is local to the server and uses xauth to enter it into the users .Xauthority file. Note: By default the xauth package isn't installed... And this may be the primary reason things don't work. |
Thanks for the reply, sorry I forgot to mention I installed that package although I haven't configured anything on it:-
[root@wibble etc]# xauth xauth: file /root/.Xauthority does not exist Using authority file /root/.Xauthority xauth> So I don't need to set the $DISPLAY variable within cygwin, do I need to set it on the VM to the IP of my desktop? As I have tried that too:- [root@wibble etc]# grep -i display /etc/ssh/sshd_config #X11DisplayOffset 10 [root@wibble etc]# echo $DISPLAY 192.168.246.10:0 A quick google tells me netstat has been deprecated and I should be using ss instead, however when I try that I don't see the results I expect:- [root@wibble etc]# ss | grep -i xauth [root@wibble etc]# ss | grep -i sshd [root@wibble etc]# ss | grep -i 22 u_str ESTAB 0 0 * 15924 * 15922 u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 16123 * 16122 u_str ESTAB 0 0 * 17922 * 17992 u_str ESTAB 0 0 /run/systemd/journal/stdout 17992 * 17922 u_str ESTAB 0 0 * 15922 * 15924 u_str ESTAB 0 0 * 16122 * 16123 [root@wibble etc]# ss | grep -i 6010 [root@wibble etc]# |
You're making this MUCH more complicated than it needs to be. There is literally zero setup you have to do to get X11 forwarding working, other than installing an X server on your Windows box and setting DISPLAY on cygwin.
I just installed a CentOS 7 VM this morning, and I just installed an X server on my Windows 7 VM to test it, works fine. On CentOS 7 - DO NOTHING. Don't change anything, don't modify your sshd_config, you don't need to touch it On Windows - Install XMing, in Cygwin run "export DISPLAY=localhost:0", and then just "ssh -Y" over and run your X application. |
So I'm getting there...
I rebooted the VM which re-enabled selinux, uncommented the following lines from sshd_config:- X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes Restarted sshd. Checked xauth was working. Removed the $DISPLAY variable from the Centos host. Restarted cygwin and exported $DISPLAY=localhost:0.0 I then ran startxwin and connected to the VM using ssh:- $ ssh -Y root@192.168.246.130 root@192.168.247.131's password: Last login: Tue Jun 2 21:36:59 2015 from 192.168.246.10 /usr/bin/xauth: file /root/.Xauthority does not exist Then ran virt-manager and success the GUI window opened. However all the text is [][][][][] while the icons look OK, the banner across the window states a connection failure. |
What type of installation did you do on your CentOS machine? If you did a minimal or other CLI installation, you may still need to install some of the X libraries, fonts, etc. for your GUIs to work correctly.
|
Quote:
Quote:
|
I changed the ssh access because it's a test VM (although I take your point about not allowing it in a production environment).
The install itself was a minimum server install, as I go along it appears to be missing quite a few packages. Regardless I think I've fixed it by installing:- dejavu-lgc-sans-fonts.noarch Thanks for you help! |
All times are GMT -5. The time now is 01:16 AM. |