LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-02-2015, 02:49 PM   #1
bioshock
LQ Newbie
 
Registered: May 2015
Location: UK
Distribution: Centos 7.1
Posts: 8

Rep: Reputation: Disabled
Unhappy Centos 7 - X11 forwarding


I've read quite a few articles on this now and I still don't seem to be able to do this so am hoping someone can tell me where I am going wrong...

Background:-
Centos v7 running in a VM
Cygwin installed on the desktop (fresh install)

I have amended the sshd_config on the VM to :-
X11Forwarding yes
X11UseLocalhost no
Disabled selinux and restarted the sshd daemon.

Within cygwin before making the connection I set:-
export DISPLAY=:0
Then run startxwin

Within Xwin.exe I run the following and get the error:-
$ ssh -XY root@192.168.246.130
root@192.168.247.131's password:
X11 forwarding request failed on channel 0
Last login: Tue Jun 2 20:40:44 2015 from 192.168.246.10

Is it something I'm missing?
I'll admit X11 is a weak area for me.
 
Old 06-02-2015, 03:04 PM   #2
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,912

Rep: Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513
X11UseLocalhost no

Should be yes - not because it is wrong, but because it is just a little bit better security (it prevents other hosts from making connections to your X server via the external IP number and port).

SELinux will not affect how sshd works for forwarding; and it provides a lot better security.

The "export DISPLAY=:0" should not be used... It may or may not be correct, as starting Xwin.exe should define what the display is... But I don't have Xwin to check that - so it may depend on how Xwin uses that.

Now, on the server, you still need to include the package "xauth". This is because of how sshd works with X forwarding. The sshd server creates a port (prefereably localhost:6010, or whatever the offset is specified - and is identified in the user environment as "DISPLAY=10:0"). Sshd also generates an authorization key that is local to the server and uses xauth to enter it into the users .Xauthority file.

Note: By default the xauth package isn't installed... And this may be the primary reason things don't work.

Last edited by jpollard; 06-02-2015 at 03:06 PM.
 
Old 06-02-2015, 03:24 PM   #3
bioshock
LQ Newbie
 
Registered: May 2015
Location: UK
Distribution: Centos 7.1
Posts: 8

Original Poster
Rep: Reputation: Disabled
Thanks for the reply, sorry I forgot to mention I installed that package although I haven't configured anything on it:-

[root@wibble etc]# xauth
xauth: file /root/.Xauthority does not exist
Using authority file /root/.Xauthority
xauth>

So I don't need to set the $DISPLAY variable within cygwin, do I need to set it on the VM to the IP of my desktop? As I have tried that too:-

[root@wibble etc]# grep -i display /etc/ssh/sshd_config
#X11DisplayOffset 10

[root@wibble etc]# echo $DISPLAY
192.168.246.10:0

A quick google tells me netstat has been deprecated and I should be using ss instead, however when I try that I don't see the results I expect:-

[root@wibble etc]# ss | grep -i xauth
[root@wibble etc]# ss | grep -i sshd
[root@wibble etc]# ss | grep -i 22
u_str ESTAB 0 0 * 15924 * 15922
u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 16123 * 16122
u_str ESTAB 0 0 * 17922 * 17992
u_str ESTAB 0 0 /run/systemd/journal/stdout 17992 * 17922
u_str ESTAB 0 0 * 15922 * 15924
u_str ESTAB 0 0 * 16122 * 16123
[root@wibble etc]# ss | grep -i 6010
[root@wibble etc]#

Last edited by bioshock; 06-02-2015 at 03:32 PM. Reason: more info
 
Old 06-02-2015, 03:41 PM   #4
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142
You're making this MUCH more complicated than it needs to be. There is literally zero setup you have to do to get X11 forwarding working, other than installing an X server on your Windows box and setting DISPLAY on cygwin.

I just installed a CentOS 7 VM this morning, and I just installed an X server on my Windows 7 VM to test it, works fine.

On CentOS 7 - DO NOTHING. Don't change anything, don't modify your sshd_config, you don't need to touch it

On Windows - Install XMing, in Cygwin run "export DISPLAY=localhost:0", and then just "ssh -Y" over and run your X application.
 
1 members found this post helpful.
Old 06-02-2015, 03:56 PM   #5
bioshock
LQ Newbie
 
Registered: May 2015
Location: UK
Distribution: Centos 7.1
Posts: 8

Original Poster
Rep: Reputation: Disabled
So I'm getting there...

I rebooted the VM which re-enabled selinux, uncommented the following lines from sshd_config:-
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes

Restarted sshd.
Checked xauth was working.
Removed the $DISPLAY variable from the Centos host.

Restarted cygwin and exported $DISPLAY=localhost:0.0
I then ran startxwin and connected to the VM using ssh:-

$ ssh -Y root@192.168.246.130
root@192.168.247.131's password:
Last login: Tue Jun 2 21:36:59 2015 from 192.168.246.10
/usr/bin/xauth: file /root/.Xauthority does not exist

Then ran virt-manager and success the GUI window opened.
However all the text is [][][][][] while the icons look OK, the banner across the window states a connection failure.
 
Old 06-02-2015, 04:02 PM   #6
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142
What type of installation did you do on your CentOS machine? If you did a minimal or other CLI installation, you may still need to install some of the X libraries, fonts, etc. for your GUIs to work correctly.
 
1 members found this post helpful.
Old 06-02-2015, 05:07 PM   #7
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,912

Rep: Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513
Quote:
Originally Posted by bioshock View Post
So I'm getting there...

I rebooted the VM which re-enabled selinux, uncommented the following lines from sshd_config:-
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes

Restarted sshd.
Checked xauth was working.
Removed the $DISPLAY variable from the Centos host.

Restarted cygwin and exported $DISPLAY=localhost:0.0
I then ran startxwin and connected to the VM using ssh:-

$ ssh -Y root@192.168.246.130
root@192.168.247.131's password:
Last login: Tue Jun 2 21:36:59 2015 from 192.168.246.10
/usr/bin/xauth: file /root/.Xauthority does not exist
That always happens at least the first time, and anytime after you delete the .Xauthority file. Though why you have changed the sshd service to allow root logins I don't understand. That is normally disabled.
Quote:
Then ran virt-manager and success the GUI window opened.
However all the text is [][][][][] while the icons look OK, the banner across the window states a connection failure.
That depends on xming... I believe you are missing some fonts. The connection failure may be due to not having the virtd service running to support VMs.
 
1 members found this post helpful.
Old 06-03-2015, 01:46 PM   #8
bioshock
LQ Newbie
 
Registered: May 2015
Location: UK
Distribution: Centos 7.1
Posts: 8

Original Poster
Rep: Reputation: Disabled
I changed the ssh access because it's a test VM (although I take your point about not allowing it in a production environment).

The install itself was a minimum server install, as I go along it appears to be missing quite a few packages.

Regardless I think I've fixed it by installing:- dejavu-lgc-sans-fonts.noarch

Thanks for you help!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] X11 Forwarding-X11 Applications Works but startx Not Works gonny95 Linux - Newbie 4 07-27-2014 08:00 PM
X11 Forwarding Twice Dodosaur Linux - Networking 9 06-14-2013 10:12 PM
X11 forwarding BigNate Linux - Software 16 06-21-2011 01:39 AM
X11 forwarding paul_mat Linux - Newbie 3 12-12-2004 06:30 PM
Need Help with X11 forwarding phatboyz Linux - General 3 04-16-2004 03:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration