-1

I've been getting some problems with the X11 forwarding feature. Basically, I have a Manjaro machine with SSH installed and my goal is to foward the content of this machine to another. What would be the main settings I should pay attention to?

I have been reading countless tutorials and even trying to implement them but somehow the information provided is too generic and I'd appreciate if I could get a better understanding of the process revolving around X11 and how to properly set it up.

ᄂ ᄀ
  • 3,875
  • 1
  • 19
  • 18
João Victor
  • 1
  • 1
  • 2
  • How are you connecting to SSH, what is the other computer, what means "foward the content", what have you tried. – harrymc Feb 14 '19 at 21:19
  • 2
    This question is pretty vague in its current form. You're basically asking for a tutorial without telling us what's wrong with all the other tutorials that you've read. You should [edit] your question to describe in detail what you've tried and what happens when you try it. Include any error messages that you're getting. – Kenster Feb 14 '19 at 23:14
  • Thanks @harrymc for the input questions. My goal is to be able to forward RDP sessions, browser (firefox, chrome), notepad, etc through SSH. X11 is a possibility. Currently, I have two machines with Manjaro Xfce installed on both. My goal is to be able to forward through SSH what I have there (mentioned above). This is what I'm getting currently on my terminal as I try to open firefox: _Unable to init server: Broadway display type not supported: localhost:0.0 Error: cannot open display: localhost:0.0_ – João Victor Feb 15 '19 at 00:09
  • 1
    I have seen some tutorials mentioning Xorg, Xauth, Bash settings with `export DISPLAY="localhost:0.0" and the like. I have enabled the necessary options on SSH and nothing has worked yet. That's why I've been generic with my question and not so specific since there are many aspects to look into. ^^ – João Victor Feb 15 '19 at 00:14
  • Possible duplicate of https://superuser.com/questions/310197/how-do-i-fix-a-cannot-open-display-error-when-opening-an-x-program-after-sshi – harrymc Feb 15 '19 at 07:21

1 Answers1

1

Install openssh on both machines.

2 steps: Setting up the ssh server, then forwarding X.

Client refers to the other machines, and server refers to the Manjaro machine.

Setting up the ssh server

  1. Install openssh-server
  2. Check sshd (the server process) is running with pgrep sshd (Will output nothing if sshd isn't running).
  3. Ensure you have either a very strong password, or disable password authentication and use key forwarding by editing /etc/ssh/sshd_config and changing PasswordAuthentication yes to PasswordAuthentication no, then sudo restart ssh.
  4. Ensure you can log into the server from the client via ssh.

X forwarding

Follow the instructions in this answer. Copied here:

"On the client side, the -X (capital X) option to ssh enables X11 forwarding, and you can make this the default (for all connections or for a specific conection) with ForwardX11 yes in ~/.ssh/config.

On the server side, X11Forwarding yes must specified in /etc/ssh/sshd_config. Note that the default is no forwarding (some distributions turn it on in their default /etc/ssh/sshd_config), and that the user cannot override this setting.

The xauth program must be installed on the server side. If there are any X11 programs there, it's very likely that xauth will be there. In the unlikely case xauth was installed in a nonstandard location, it can be called through ~/.ssh/rc (on the server!).

Note that you do not need to set any environment variables on the server. DISPLAY and XAUTHORITY will automatically be set to their proper values. If you run ssh and DISPLAY is not set, it means ssh is not forwarding the X11 connection.

To confirm that ssh is forwarding X11, check for a line containing Requesting X11 forwarding in the ssh -v -X output. Note that the server won't reply either way, a security precaution of hiding details from potential attackers."

Make sure you restart sshd after changing settings to /etc/ssh/sshd_config

cat /var/run/sshd.pid | xargs kill -1

silico-biomancer
  • 448
  • 3
  • 11
  • 1
    Thanks for the input @BlueDrink9. I'm definitely reading more into your comment so that I can try to figure out what's going on. From machine A, I connect to machine B doing `ssh -X username@ip` and it connects without a problem. However, whenever I issue firefox from te terminal, I get the following error: `Unable to init server: Broadway display type not supported: localhost:0.0 Error: cannot open display: localhost:0.0` – João Victor Feb 15 '19 at 00:12
  • 1
    When I type `echo $DISPLAY`, it shows `localhost:0.0`. This is the result for the zsh shell. As I turn to bash, the result is `:0.0`. I have read that we should add to `~/.bashrc` the line `export DISPLAY=0.0`. I haven't done anything with zsh as I have focused on bash for this. Everytime I change on the bashrc, the display variable is altered accordingly. However, I can't forward anything graphically as I connect to this machine. – João Victor Feb 15 '19 at 00:23
  • A little bit of what I have enabled on my manjaro SSH server (sshd_config) file: AllowAgentForwarding yes AllowTcpForwarding yes #GatewayPorts no X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost no #PermitTTY yes PrintMotd no # pam does that #PrintLastLog yes #TCPKeepAlive yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none – João Victor Feb 15 '19 at 00:28
  • Also make sure you restart sshd after changing settings to `/etc/ssh/sshd/config`! – silico-biomancer Feb 15 '19 at 03:01
  • Just tested from another machine and the result is the following: `Unable to init server: Broadway display type not supported: 200.129.16.111:0.0 Error: cannot open display: 200.129.16.111:0.0` – João Victor Feb 15 '19 at 10:07
  • What X apps are you running on the client? What is the `which xauth` on the client? – silico-biomancer Feb 15 '19 at 10:19
  • `ssh -v` should have told you you were forwarding, I think. Can you provide a pastebin link to its output please? – silico-biomancer Feb 15 '19 at 10:20
  • Also, is that `DISPLAY` the client's ip? – silico-biomancer Feb 15 '19 at 10:22