Unable to use X11 forwarding after Decrypting Encrypted Home Directory
Hello Everyone,
I am experiencing issues using SSH and X11 Forwarding. My setup is an Ubuntu Server running Ubuntu 15.10 (Server) soon to be upgraded to 16.04 (with DEs and applications for forwarding), a Dell Inspiron Mini netbook (Client) (Mainly used for WAN), and other Linux Machines (Used mainly on LAN/WLAN). My question is, how do I use X11 forwarding with an encrypted home directory? The server is headless. The error Message upon starting the Graphical UI is: "xrdb: Resource temporarily unavailable" "X11 Connection Rejected: Wrong Authentication" "Cannot Open Display" "Connection to |------Host------| Closed." I currently use RSA keys for authentication. I have moved my authorized keys file to /etc/ so I can login (given that the home directory is encrypted). All help is greatly appreciated. Sincerely, d3h |
You can login to the server using your keys without issue?
Do you have X11Forwarding set to yes in /etc/ssh/sshd_config ? |
Hello Keefaz,
Thank you for your reply. I am able to log in successfully without issue. I have X11 Forwarding enabled on the server side in my sshd_config. I cannot forward it at this time even after decrypting my home directory. I would like to mention that there is a timeout in locking .Xauthority upon connecting. (X11Forwarding = yes). Sincerely, donald3.heckel |
Did you try ssh in verbose mode, like: ssh -X -v <server>
|
Reply
Hello Keefaz,
I just tested SSH using verbosity. The output is as follows: Code:
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384 Sincerely, donald3.heckel |
Update: I also tried login -p USER with the following results after decrypting...
Code:
client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384 donald3.heckel |
What is this -p USER option I haven't it (-p is for setting a port to connect here), is it standard ssh client?
When you login, could you check permission of .Xauthority? ls -l .Xauthority |
Hello Keefaz,
In regards to the "login -p" option, I was utilizing the login command in order to login on top of the SSH connection to try X11 forwarding as such. I believe the -p flag is for "prompt" I believe as in some sort of virtual TTY (Please correct me if I am wrong). The .Xauthority file should be well in place to execute the X11 environment. I am using the stock OpenSSH client for Linux (Linux distributions mainly involving Ubuntu variants) to log in to my aforementioned server. Let me know if there is anymore information you need. ;) Sincerely, donald3.heckel |
Could you just login via ssh with no option and from your user dir, check .Xauthority permissions?
Code:
ls -l ~/.Xauthority |
Hello Keefaz,
I checked for a permissions issue and changed it to be under the proper user. I will let you know of my progress. My permissions currently read: Code:
-rw------- 1 [------User------] [------User------] 161 May 1 13:33 .Xauthority Sincerely, donald3.heckel |
Update:
I am still getting the same error messages. Also, Code:
X11 connection rejected because of wrong authentication. Sincerely, donald3.heckel |
Update:
X11 forwarding works when I log into the local machine to decrypt the home directory. I also have the server running on runlevel 3 because my goal is to have a headless, command line only interface that can forward applications. Would it be possible to accomplish that? Or would it need to be in runlevel 5 to forward applications? If I have to have runlevel 5 for application forwarding, then I would like to do it without a display manager. Sincerely, donald3.heckel |
Runlevel 3 should be fine to forward X, assuming X is started on server (use startx as regular user, not root)
With the correct permission set in .Xauthority could you try to log in remotely with: Code:
ssh -Xv youruser@server Code:
ssh -Yv youruser@server |
Hello Keefaz,
In regards to the X11 forwarding, it seems as if it will only forward if I am logged in to a TTY or something to that effect. It keeps giving me those messages. It would be nice to be able to forward over SSH without having to log in locally on the machine. The messages are as follows: Code:
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384 It shows x11 is there, but it rejects authentication. When I switch runlevels, I get the following: Code:
sudo telinit 3 Code:
sudo telinit 5 I hope my server can ubuntu serve me some ubuntu grade espresso before too long. Sincerely, d3h |
Are you in your LAN? Then you could use native feature of X to run in one machine and display on another as workaround, it does not require SSH. I wouldn't do it over internet, though.
|
All times are GMT -5. The time now is 09:33 PM. |