LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-29-2016, 09:21 AM   #1
donald3.heckel
Member
 
Registered: Aug 2014
Posts: 60

Rep: Reputation: Disabled
Arrow Unable to use X11 forwarding after Decrypting Encrypted Home Directory


Hello Everyone,

I am experiencing issues using SSH and X11 Forwarding. My setup is an Ubuntu Server running Ubuntu 15.10 (Server) soon to be upgraded to 16.04 (with DEs and applications for forwarding), a Dell Inspiron Mini netbook (Client) (Mainly used for WAN), and other Linux Machines (Used mainly on LAN/WLAN). My question is, how do I use X11 forwarding with an encrypted home directory? The server is headless.

The error Message upon starting the Graphical UI is:

"xrdb: Resource temporarily unavailable"
"X11 Connection Rejected: Wrong Authentication"
"Cannot Open Display"
"Connection to |------Host------| Closed."

I currently use RSA keys for authentication. I have moved my authorized keys file to /etc/ so I can login (given that the home directory is encrypted).

All help is greatly appreciated.

Sincerely,

d3h

Last edited by donald3.heckel; 04-29-2016 at 09:23 AM.
 
Old 04-29-2016, 09:46 AM   #2
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
You can login to the server using your keys without issue?

Do you have X11Forwarding set to yes in /etc/ssh/sshd_config ?
 
Old 04-29-2016, 11:52 AM   #3
donald3.heckel
Member
 
Registered: Aug 2014
Posts: 60

Original Poster
Rep: Reputation: Disabled
Hello Keefaz,

Thank you for your reply.

I am able to log in successfully without issue. I have X11 Forwarding enabled on the server side in my sshd_config. I cannot forward it at this time even after decrypting my home directory. I would like to mention that there is a timeout in locking .Xauthority upon connecting.

(X11Forwarding = yes).

Sincerely,

donald3.heckel

Last edited by donald3.heckel; 04-29-2016 at 11:54 AM.
 
Old 04-29-2016, 12:02 PM   #4
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
Did you try ssh in verbose mode, like: ssh -X -v <server>
 
Old 04-29-2016, 12:38 PM   #5
donald3.heckel
Member
 
Registered: Aug 2014
Posts: 60

Original Poster
Rep: Reputation: Disabled
Reply

Hello Keefaz,

I just tested SSH using verbosity. The output is as follows:

Code:
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 39574
debug1: channel 1: new [x11]
debug1: confirm x11
X11 connection rejected because of wrong authentication.
debug1: channel 1: free: x11, nchannels 2
Error: Can't open display: |------Host------|:10.0
Still no X11 here

Sincerely,

donald3.heckel
 
Old 04-29-2016, 12:43 PM   #6
donald3.heckel
Member
 
Registered: Aug 2014
Posts: 60

Original Poster
Rep: Reputation: Disabled
Post

Update: I also tried login -p USER with the following results after decrypting...

Code:
client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 39582
debug1: channel 1: new [x11]
debug1: confirm x11
X11 connection rejected because of wrong authentication.
debug1: channel 1: free: x11, nchannels 2
Error: Can't open display: |------Host------|:10.0
Sincerely,

donald3.heckel
 
Old 04-29-2016, 03:48 PM   #7
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
What is this -p USER option I haven't it (-p is for setting a port to connect here), is it standard ssh client?

When you login, could you check permission of .Xauthority?
ls -l .Xauthority

Last edited by keefaz; 04-29-2016 at 03:49 PM.
 
Old 05-01-2016, 04:37 PM   #8
donald3.heckel
Member
 
Registered: Aug 2014
Posts: 60

Original Poster
Rep: Reputation: Disabled
Hello Keefaz,

In regards to the "login -p" option, I was utilizing the login command in order to login on top of the SSH connection to try X11 forwarding as such. I believe the -p flag is for "prompt" I believe as in some sort of virtual TTY (Please correct me if I am wrong). The .Xauthority file should be well in place to execute the X11 environment.

I am using the stock OpenSSH client for Linux (Linux distributions mainly involving Ubuntu variants) to log in to my aforementioned server.

Let me know if there is anymore information you need.

Sincerely,

donald3.heckel

Last edited by donald3.heckel; 05-01-2016 at 04:39 PM. Reason: Adding/Updating Information/Scenario
 
Old 05-01-2016, 05:34 PM   #9
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
Could you just login via ssh with no option and from your user dir, check .Xauthority permissions?

Code:
ls -l ~/.Xauthority
 
Old 05-01-2016, 07:53 PM   #10
donald3.heckel
Member
 
Registered: Aug 2014
Posts: 60

Original Poster
Rep: Reputation: Disabled
Hello Keefaz,

I checked for a permissions issue and changed it to be under the proper user. I will let you know of my progress.

My permissions currently read:

Code:
-rw------- 1 [------User------] [------User------] 161 May  1 13:33 .Xauthority
with 600 permissions on the Xauth file.

Sincerely,

donald3.heckel
 
Old 05-01-2016, 07:55 PM   #11
donald3.heckel
Member
 
Registered: Aug 2014
Posts: 60

Original Poster
Rep: Reputation: Disabled
Update:

I am still getting the same error messages.

Also,

Code:
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
Failed to connect to Mir: Failed to connect to server socket: No such file or directory
Unable to init server: Broadway display type not supported: |------Host------|:10.0
Error: cannot open display: |------Host------|:10.0
with the .Xauthority intact.

Sincerely,

donald3.heckel

Last edited by donald3.heckel; 05-01-2016 at 08:04 PM. Reason: Redacted the host for security purposes.
 
Old 05-01-2016, 08:00 PM   #12
donald3.heckel
Member
 
Registered: Aug 2014
Posts: 60

Original Poster
Rep: Reputation: Disabled
Update:

X11 forwarding works when I log into the local machine to decrypt the home directory. I also have the server running on runlevel 3 because my goal is to have a headless, command line only interface that can forward applications. Would it be possible to accomplish that? Or would it need to be in runlevel 5 to forward applications?

If I have to have runlevel 5 for application forwarding, then I would like to do it without a display manager.

Sincerely,

donald3.heckel

Last edited by donald3.heckel; 05-01-2016 at 08:08 PM.
 
Old 05-02-2016, 03:53 AM   #13
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 6,552

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
Runlevel 3 should be fine to forward X, assuming X is started on server (use startx as regular user, not root)

With the correct permission set in .Xauthority could you try to log in remotely with:

Code:
ssh -Xv youruser@server
and with:

Code:
ssh -Yv youruser@server
 
Old 05-02-2016, 07:17 AM   #14
donald3.heckel
Member
 
Registered: Aug 2014
Posts: 60

Original Poster
Rep: Reputation: Disabled
Hello Keefaz,

In regards to the X11 forwarding,

it seems as if it will only forward if I am logged in to a TTY or something to that effect. It keeps giving me those messages. It would be nice to be able to forward over SSH without having to log in locally on the machine.

The messages are as follows:

Code:
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 51440
debug1: channel 1: new [x11]
debug1: confirm x11
X11 connection rejected because of wrong authentication.
debug1: channel 1: free: x11, nchannels 2
Error: Can't open display: |------HOST------|:10.0
Anymore suggestions?

It shows x11 is there, but it rejects authentication. When I switch runlevels, I get the following:

Code:
sudo telinit 3

PolicyKit daemon disconnected from the bus.
We are no longer a registered authentication agent.
Code:
sudo telinit 5

PolicyKit daemon disconnected from the bus.
We are no longer a registered authentication agent.
PolicyKit daemon reconnected to bus.
Attempting to re-register as an authentication agent.
We are now a registered authentication agent.
and yet... Still no forwarding even on runlevel 5

I hope my server can ubuntu serve me some ubuntu grade espresso before too long.

Sincerely,

d3h
 
Old 05-02-2016, 07:33 AM   #15
Emerson
LQ Sage
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~amd64
Posts: 7,661

Rep: Reputation: Disabled
Are you in your LAN? Then you could use native feature of X to run in one machine and display on another as workaround, it does not require SSH. I wouldn't do it over internet, though.
 
  


Reply

Tags
auth, server, ssh, x11


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Decrypting my home directory ffolder fagin Linux - Security 5 12-24-2012 12:00 PM
How to recover my encrypted Home directory pazzport Linux - Desktop 7 05-14-2012 11:30 PM
Cannot mount unencrypted directory to encrypted home directory with fstab? Daravon Ubuntu 35 09-14-2010 03:50 AM
Unable to get X11 port forwarding to work in SSH Windowns Solaris / OpenSolaris 19 09-28-2006 05:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration