X11 forwarding from linux to linux

linux-notes.org

Настройка X11 forwarding используя ssh в Unix/Linux

X11 forwarding — это механизм, позволяющий отображать на локальном клиентском компьютере графические интерфейсы X11 программ, запущенных на удаленном Unix/Linux сервере. SSH имеет возможность безопасного туннелирования X11 соединений, так что сеансы X11 forwarding-а шифруются и инкапсулируются. Если вы хотите настроить X11 forwarding через SSH, то данная тема именно для вас.

Установка ПО для настройки X11 forwarding используя ssh в Unix/Linux

Для X11 forwarding-а на удаленном сервере не требуется полная система X11. Однако, серверу необходимо установить xauth. xauth — это утилита, которая поддерживает конфигурации Xauthority, используемые сервером и клиентом для аутентификации сеансов X11. Чтобы установить xauth, выполните следующие действия на удаленном сервере.

Установка xauth в Debian/Ubuntu

И так, выполняем команду:

Переходим к настройке.

Установка xauth в CentOS/RedHat

И так, выполняем команду:

Установка xauth в Fedora

И так, выполняем команду:

Установка xauth для других Unix/Linux ОС

Можно создать docker контейнер и запустить его.

Переходим к настройке.

Настройка X11 forwarding используя ssh в Unix/Linux

И прописываем (приводим к виду):

Так же, можно прописать:

Перезапуск SSH сервера:

• Если используете Debian 6, Ubuntu или Linux Mint:
• Если используете Debian 7, CentOS/RHEL 7, Fedora
• Если используете CentOS/RHEL 6

Вышеупомянутая настройка, позволяет X11 форвардинг на хост сервера. Если вы хотели бы включить X11 forwarding для отдельного пользователя, вы можете использовать пользовательский файл конфигурации ssh (т. е. $HOME/.ssh/config). Таким образом, вы можете использовать переадресацию X11 только тогда, когда вы используете ssh для учетной записи пользователя. Открываем:

Мой файл выглядит следующим образом:

Если используете Vagrant, то внутри его, можно пробросить следующие опции:

Ну и далее запускаем все это дело.

Использование X11 forwarding через ssh в Unix/Linux

На локальном хосте должна быть установлена система с X11, чтобы отображать удаленные программы. Для того чтобы выполнить форвардинг, выполните:

После входа в систему вы можете запускать любую X11 программу на удаленном сервере, как обычно, и ее отображение будет отображаться на локальной клиентской машине.

Можно еще опции, передавать через коммандную строку:

Безопастность при использовании X11 forwarding через ssh

Обычно, не рекомендуется всегда работать с «ForwardX11 yes». Поэтому, если вы хотите использовать свои SSH-соединения с пвыщенной безопасностью, лучше всего сделать следующее:

• Не прописывать «ForwardX11 yes» в ваш «$HOME/.ssh/confi»g файл.
• Используйте «ForwardingX11» только когда вам это необходимо, используя «ssh -X your_user@your_server».
• Если вы можете, полностью отключите «X11Forwarding» на вашем сервере.

Вот и все, статья «Настройка X11 forwarding используя ssh в Unix/Linux» завершена.

Источник

How to enable X11 forwarding from Red Hat Enterprise Linux (RHEL), Amazon Linux, SUSE Linux, Ubuntu server to support GUI-based installations from Amazon EC2

This post was written by Sivasamy Subramaniam, AWS Database Consultant.

In this post, I discuss enabling X11 forwarding from Red Hat Enterprise Linux (RHEL), Amazon Linux, SUSE Linux, Ubuntu servers running on Amazon EC2. This is helpful for system and database administrators, and application teams that want to perform software installations on Amazon EC2 using GUI method. This blog provides detailed steps around SSH and x11 tools, various network and operating system (OS) level settings, and best practices to achieve the X11 forwarding on Amazon EC2 when installing databases like Oracle using GUI.

There are several techniques to connect Amazon EC2 instances to manage OS level configurations. Typically, you use SSH clients (such as PuTTY or SSH client) to establish the connection from the Windows OS-based bastion or jump servers to connect with Amazon EC2 instances running linux-based OS. Most commonly, database administrators use a common Database Management, bastion host, or jump servers to connect database servers. They do this instead of directly using their laptops connecting to the database servers. They can install all the needed tools in one server to perform database administrative or support activities. During the application installation or configuration, you might need to install software such as an Oracle database or a third-party database using GUI methods. This blog talks about steps that must be done in order to forward the X11 screen to your highly secure Windows OS-based bastion hosts. You can consider using NICE DCV as an alternative option for running GUI-based applications. Please refer to the prior link for more details and steps to enable NICE DCV.

Prerequisites

To complete this walkthrough the following is required:

• Ensure that you have a bastion host running on Amazon EC2 with Windows OS for this blog. This OS must have access to the EC2 machines running Linux such as RHEL, Amazon Linux, SUSE Linux, and Ubuntu servers. If not, please configure a bastion host using Windows operating system with needed SSH access via port 22 to EC2 instance running linux-based operating systems. You can use any OS-based systems as a bastion host as long you have corresponding client tools installed or X11 supported by that OS.
• I recommend having bastion hosts in the same Availability Zone or Region as the EC2 Linux hosts that you plan to connect and forward X11 to. This is to avoid any high latency in X11 forwarding during your application installations.
• Install tools such as PuTTY and Xming on the Windows-based bastion host from which you want to SSH to Linux EC2 host and X11 forwarding.
• In order to securely configure or install PuTTY, refer to the section Configuring ssh-agent on Windows in the blog post Securely Connect to Linux Instances Running in a Private Amazon VPC.
• You may need sudo permission to run X11 forwarding commands as a root user in order to complete the setup.

Solution

Connect to your EC2 instance using SSH client, and perform following setup as needed.

Step 1: Install required X11 packages

Install X11 packages with following command based on your operating system release and version:

Installing xclock or xterm packages are optional as this is installed in this post to test the X11 forwarding using xclock or xterm commands.

Amazon Linux 2:

To install X11 related packages:

$ sudo yum install xorg-x11-xauth

To install X11 testing tools:

$ sudo yum install xclock xterm

Red Hat Enterprise Linux 8:

To install X11 related packages:

$ sudo yum install xorg-x11-xauth

To install X11 testing tools:

$ sudo yum install xterm

Note: The xorg-x11-apps package has been provided in the CodeReady Linux Builder Repository for RHEL8. So, I skipped installing this package, which has xclock and I used only xterm to test the X11 forwarding.

SUSE Linux Enterprise Server 15 SP1:

To install X11 related packages:

$ sudo zypper install xauth

To install X11 testing tools:

$ sudo zypper install xclock

Ubuntu Server 18:

To install X11 related packages and tools:

$ sudo apt install x11-apps

Step 2: configure X11 forwarding

To enable X11 Forwarding, change the “X11Forwarding” parameter using vi editor to “yes” in the /etc/ssh/sshd_config file if either commented out or set to no.

$ sudo vi /etc/ssh/sshd_config

To Verify X11Forwarding parameter:

$ sudo cat /etc/ssh/sshd_config |grep -i X11Forwarding

You should see similar output as the following:

To restart ssh service if you changed the value in /etc/ssh/sshd_config:

Amazon Linux 2, RHEL 8 and SUSE Linux OS:

$ sudo service sshd restart

Ubuntu Servers:

$ sudo service ssh restart

Step 3: Configure putty and Xming to perform X11 forwarding connect and verify X11 forwarding

Log in to your Windows bastion host. Then, open a fresh PuTTY session, and use a private key or password-based authentication per your organization setup. Then, test the xclock or xterm command to see x11 forwarding in action.

• Click the xming utility you installed on Windows bastion host and have it running.

• Select Session from the Category pane on left. Set Host Name as your private IP, port 22, and Connection Type as SSH. Please note that you use the Private IP of EC2 instance later when you connect inside from the VPC/network.

• Go to Connection, and click Then, set Auto-login username as ec2-user, Ubuntu (Ubuntu OS), or whichever user you are allowed to logging in as.
• Go to Connection, select SSH, and then click Then, click on Browse to select the private key generated earlier If you are using key based authentication.
• Go to Connection, select SSH, and then click on Then, select enable X11 forwarding.
• Set X display location as localhost:0.0

• Go back to Session and click on Save after creating a session name in Saved session.

Now that you set up PuTTY, xming, and configured the x11 settings, you can click on load button and then Open button. This opens up a new SSH terminal with x11 forwarding enabled. Now, I move on to the testing X11 forwarding.

Test the X11 from the use you logged in:

$ xclock or xterm

You should see the sample output and xclock or xterm window opened similar to the following image. This means your x11 forwarding setup working as expected, and you can start using GUI-based application installation or configuration by running the installer or configuration tools.

Step 4: Configure the EC2 Linux session to forward X11 if you are switching to different user after login to run GUI-based installation / commands

In this example: ec2-user is the user logged in with SSH and then switched to oracle user.

From the Logged User to identify the xauth details:

$ xauth list | grep unix`echo $DISPLAY | cut -c10-12` > /tmp/xauth

Switch to the user where you want to run GUI-based installation or tools:

$ sudo su — oracle

$ xauth add `cat /tmp/xauth`

You should see the sample output and xclock or xterm window opened similar to the following image. This means your x11 forwarding setup is working as expected even after switched to different user. You can start using GUI-based application such as running the installer or configuration tools.

Conclusion

In this blog, I demonstrated how to configure Amazon EC2 instances running on various linux-based operating systems to forward X11 to the Windows OS-based bastion host. This is helpful to any application installation that requires GUI-based installation methods. This is also helpful to any bastion hosts that provide highly secure and low latency environments to perform SSH related operations including GUI-based installations as this does not require any additional network configuration other than opening the port 22 for standard SSH authentication. Please try this tutorial for yourself, and leave any comments following!

Источник

Enabling X11 forwarding on Linux

To enable GUIs on LINUX you have to setup X11 forwarding with putty. The instructions below are for Windows.

At the OS level confirm that the X11FORWARDING has been set to YES in /etc/ssh/sshd_config. This might vary depending upon your linux distro. the below screens are from SUSE Linux 12

You will require

1. XMING server – download from https://sourceforge.net/projects/xming/. Choose the defaults during installation. Make sure the XMING server is running.

. Configure putty to use X11 forwarding

leave the remote X11 authentication protocol as the MIT-magic-Cookie-1

Check if you have xeyes by typing ‘xeyes’. if not Install xeyes. Not mandatory but useful in troubleshooting. Download from https://software.opensuse.org/download.html?project=openSUSE%3ALeap%3A42.1&package=xeyes

Now if everything is right – typing xeyes on your putty prompt should bring up the ROLLING eyes

Now often after logging in to linux – folks have to do a sudo and if you try xeyes after a sudo you get

this error is because the display is not available after sudo and you have to export it. Check the value of $DISPLAY within sudo

get out of sudo and check the value of $DISPLAY.

get back in and export $DISPLAY

now the error has change to authorization. this is because the xauths magic cookies are not available within sudo. so one or two more steps

Do an xauth list while in sudo

here since the xauth file does not exist. We have to create it first. This can be accomplished by a simple touch command. Then we add the xauth to this while in sudo.

add the complete MIT-MAGIC-COOKIE-1 available outside of sudo within sudo using the xauth add ‘cookie’ command

finally we are ready to run xeyes again

Once this works – you should be able to invoke all BI/HANA shell scripts which can give you a GUI. You may need GTK2 fonts too if there are further issues with invoking BI clients. talk to your linux administrator about those if you get an error…however you should be good with X11 forwarding with the above.

Источник