Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Issues when Forwarding X via SSH
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
bsquared938
n00b
n00b


Joined: 27 Jun 2013
Posts: 32
Location: 3rd rock from Sol

PostPosted: Mon Feb 06, 2017 10:38 pm    Post subject: Issues when Forwarding X via SSH Reply with quote

Recently trying to set up X forwarding so that I can access the applications on my Gentoo computer using CygWin in Windows.

I have already configured port forwarding through the router that the Gentoo computer is connected to, and allowed SSH connections through the sshd_config file for my local user.

At this point, I can SSH into the computer via a terminal in CygWin or Putty, and can even use WinSCP to copy files between computers.




However I'm trying to take the "next step" and get X forwarding working. I had enabled "X11Forwarding" option in /etc/ssh/sshd_config but this doesn't seem to be working as intended. I have rebooted the computer multiple times and have enabled the relevant options in CygWin (or so I thought....).


(A big side note here: I previosly tried getting Desktop access using Google Remote Desktop but it's very hit-and-miss and I have since given up trying to use that. Maybe I'm making the same mistake twice)?


My system is running Gnome 3.20.

(Another big side note: TeamViewer used to be EASY TO USE with Gentoo until Gnome 3 became stable and it was installed by default -.-)
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1717

PostPosted: Mon Feb 06, 2017 11:25 pm    Post subject: Reply with quote

What command do you use to start ssh session? Did you remember to use -X or -Y switch?
Also, do you have X-server running inside your cygwin?
Did you set your DISPLAY variable? This may be required too.
Back to top
View user's profile Send private message
bsquared938
n00b
n00b


Joined: 27 Jun 2013
Posts: 32
Location: 3rd rock from Sol

PostPosted: Mon Feb 06, 2017 11:38 pm    Post subject: Reply with quote

Hi Szatox. Thanks for your reply! Answering your questions below:

szatox wrote:
What command do you use to start ssh session? Did you remember to use -X or -Y switch?

The command I use to start the ssh session from an xterm inside an X-session inside Cygwin is:
ssh -X [username]@[ip address of router] -p [port I'm running ssh on]

szatox wrote:
Also, do you have X-server running inside your cygwin?

Yes, am running x-server inside cygwin. Ran "startxwin" from the main cygwin terminal that comes up.
Maybe this isn't configured correctly? Apparently there is a "hosts" file for this from what I read...

szatox wrote:
Did you set your DISPLAY variable? This may be required too.

Ummm....this might be something I didn't do, can you elaborate?



Update: just remembered I saw this error just after ssh-ing in through the above command:
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
bbh
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13498

PostPosted: Tue Feb 07, 2017 2:23 am    Post subject: Reply with quote

What is the output of emerge --info net-misc/openssh? Is your sshd configured to permit the client to request X11 forwarding? Check /etc/ssh/sshd_config for option X11Forwarding.
Back to top
View user's profile Send private message
bsquared938
n00b
n00b


Joined: 27 Jun 2013
Posts: 32
Location: 3rd rock from Sol

PostPosted: Tue Feb 07, 2017 3:24 pm    Post subject: Reply with quote

Hu wrote:
What is the output of emerge --info net-misc/openssh? Is your sshd configured to permit the client to request X11 forwarding? Check /etc/ssh/sshd_config for option X11Forwarding.


Hi Hu,

Yes I have configured X11forwarding=yes option in the stated config file.

The output of the command you had asked for is here:

Code:

Portage 2.3.3 (python 3.4.5-final-0, default/linux/amd64/13.0/desktop/gnome/systemd, gcc-4.9.4, glibc-2.23-r3, 4.1.15-gentoo-r1 x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-4.1.15-gentoo-r1-x86_64-AMD_FX-tm-4100_Quad-Core_Processor-with-gentoo-2.3
KiB Mem:     8176048 total,   2602900 free
KiB Swap:    1052668 total,   1052668 free
Timestamp of repository gentoo: Mon, 06 Feb 2017 15:00:01 +0000
sh bash 4.3_p48-r1
ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1
app-shells/bash:          4.3_p48-r1::gentoo
dev-java/java-config:     2.2.0-r3::gentoo
dev-lang/perl:            5.22.3_rc4::gentoo
dev-lang/python:          2.7.12::gentoo, 3.4.5::gentoo
dev-util/cmake:           3.7.2::gentoo
dev-util/pkgconfig:       0.28-r2::gentoo
sys-apps/baselayout:      2.3::gentoo
sys-apps/openrc:          0.22.4::gentoo
sys-apps/sandbox:         2.10-r3::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69::gentoo
sys-devel/automake:       1.11.6-r1::gentoo, 1.14.1::gentoo, 1.15::gentoo
sys-devel/binutils:       2.25.1-r1::gentoo
sys-devel/gcc:            4.9.4::gentoo
sys-devel/gcc-config:     1.7.3::gentoo
sys-devel/libtool:        2.4.6-r2::gentoo
sys-devel/make:           4.2.1::gentoo
sys-kernel/linux-headers: 4.4::gentoo (virtual/os-headers)
sys-libs/glibc:           2.23-r3::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000

Installed sets: @fontRelatedPackages, @gnomeMyPackages, @latexStuff
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=k8 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://mirror.csclub.uwaterloo.ca/gentoo-distfiles/"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="X a52 aac acl acpi alsa amd64 berkdb branding bzip2 cairo cdda cdr cleartype cli colord corefonts cracklib crypt cups cxx dbus dri dts dvd dvdr eds emboss encode evo exif fam firefox flac fortran gdbm gif glamor gnome gnome-keyring gnome-online-accounts gpm gstreamer gtk iconv introspection ipv6 jpeg lcms ldap libnotify libsecret mad mmx mng modules mp3 mp4 mpeg multilib nautilus ncurses nls nptl ogg opengl openmp pam pango pcre pdf png policykit ppds pulseaudio qt3support qt4 readline sdl seccomp session spell sse sse2 ssl startup-notification svg systemd tcpd tiff tracker truetype type1 udev udisks unicode upower usb vorbis wxwidgets x264 xattr xcb xml xv xvid zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx fma4 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 xop" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python3_4" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby21" USERLAND="GNU" VIDEO_CARDS="radeon r600" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON

=================================================================
                        Package Settings
=================================================================

net-misc/openssh-7.3_p1-r7::gentoo was built with the following:
USE="X hpn ldap pam pie ssl -X509 -bindist -debug -kerberos -ldns -libedit (-libressl) -livecd -sctp (-selinux) -skey -ssh1 -static -test" ABI_X86="64"

Back to top
View user's profile Send private message
arackhaen
n00b
n00b


Joined: 04 Jan 2013
Posts: 29
Location: Turku, Finland

PostPosted: Tue Feb 07, 2017 3:29 pm    Post subject: Reply with quote

Quote:
szatox wrote:
What command do you use to start ssh session? Did you remember to use -X or -Y switch?

The command I use to start the ssh session from an xterm inside an X-session inside Cygwin is:
ssh -X [username]@[ip address of router] -p [port I'm running ssh on]

Update: just remembered I saw this error just after ssh-ing in through the above command:
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
bbh


Try with -Y switch, at least in my environment it makes a world of difference. Your warning is same kind that I received, before switched from -X to -Y.
Hope it helps...
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1717

PostPosted: Tue Feb 07, 2017 7:49 pm    Post subject: Reply with quote

Yup, try -Y. I assume you control this machine and you consider it trusted.
-Y is considered insecure, but with a your own machines there is nothing to worry about. Not sure how those vulnerabilities could be exploited by a rogue client. (The machine you connect to via SSH is the X client. Server is running in cygwin. Counter-intuitive, but pretty obvious once you think about it )

DISPLAY is required for applications to find the Xserver they are supposed to talk to. First things first, if your X is running, there's a good chance it's already set and failed forwarding was the only roadblock out there.
Back to top
View user's profile Send private message
bsquared938
n00b
n00b


Joined: 27 Jun 2013
Posts: 32
Location: 3rd rock from Sol

PostPosted: Thu Feb 09, 2017 10:49 pm    Post subject: Reply with quote

szatox wrote:
Yup, try -Y. I assume you control this machine and you consider it trusted.
-Y is considered insecure, but with a your own machines there is nothing to worry about. Not sure how those vulnerabilities could be exploited by a rogue client. (The machine you connect to via SSH is the X client. Server is running in cygwin. Counter-intuitive, but pretty obvious once you think about it )

DISPLAY is required for applications to find the Xserver they are supposed to talk to. First things first, if your X is running, there's a good chance it's already set and failed forwarding was the only roadblock out there.


Hi guys,

Sorry for the delay in responding.

Okay here's a summary of things I tried, in this order:

1) started CygXwin and issued "startxwin" command in main terminal of that.

2) in an xterm, issued these commands in order:
Code:

$ DISPLAY=localhost:10.0
$ export DISPLAY


3) Then ssh'd in with the command as I'd stated before:
Code:

ssh -Y [username]@[ip address of router] -p [port I'm running ssh on]


This gets me in successfully. I was actually doing this before, I put an X instead of a Y in my previous post. :D


4) Check that DISPLAY is same as what my display setting is as used in step 1
Code:

$ echo $DISPLAY



5) Try to start some application that contains a window, like firefox:
Code:

$ firefox &


Aaaaaaaaaaaaannnnnd the error I get is now:
Code:

connect localhost port 6010: connection refused
connect localhost port 6010: connection refused
Error: cannot open display: localhost:10.0



At this point I'm thinking it's one of the following:
- Need to forward another port in the 6000-6010 range (these are the only 2 ports it seems to bounce between for that error)
- Display is set incorrectly
- ....something else?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13498

PostPosted: Fri Feb 10, 2017 2:25 am    Post subject: Reply with quote

When X forwarding works correctly, you do not specify any port forwards explicitly. X needs special handling to make the magic cookie authentication worm seamlessly, so ssh has special support for it.

In the xterm from which you ran the ssh, if you instead of ssh ran another xterm, would it appear correctly? If not, then why would an X program forwarded from the peer appear if locally started X programs do not? Generally, you should not change $DISPLAY from inside an X terminal unless you know why the current value is inappropriate.

Did you ever fix the error you quoted above ("xauth key data not generated")? If that is still appearing, I would expect X forwarding not to work well.

Otherwise, I can only suggest running ssh with one or more -v in the hope that the debug output will point you to an error that is not reported when running normally.
Back to top
View user's profile Send private message
bsquared938
n00b
n00b


Joined: 27 Jun 2013
Posts: 32
Location: 3rd rock from Sol

PostPosted: Mon Feb 13, 2017 10:17 pm    Post subject: Reply with quote

Hi Hu,

Not sure why I didn't get any email telling me that there was a response...hence me not reponding...

Will try out some things you suggested and get back to you...
Back to top
View user's profile Send private message
Mgiese
Veteran
Veteran


Joined: 23 Mar 2005
Posts: 1435
Location: indiana

PostPosted: Sat Feb 18, 2017 9:19 pm    Post subject: Reply with quote

if you are on googlemail, check all your subfolders :D spam / social / forums ect
_________________
I do not have a Superman complex, for I am God not Superman :D
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum