Every time I do this, I always forget the steps, especially for allowing connections after you su to another user… So, here we go:
I’m going to connect two machines: rotor (it’s a palindrome), my local Windows machine, and cloudbox, my Oracle Cloud server.
The first thing I’m going to do is connect into cloudbox as the opc user, become root and then update the sshd_config file with an X11UseLocalhost no entry. I also commented the previous value (which was already commented out) and added a comment about who changed what and when. Then I’ll restart the ssh daemon.
[opc@cloudbox ~]$ sudo -s [root@cloudbox opc]# vim /etc/ssh/sshd_config # 2019-08-12 Rich Soule changed below to allow remote X11 Connections #X11UseLocalhost yes ## Original value commented out as in this line X11UseLocalhost no [root@cloudbox ~]# systemctl restart sshd
Next, we’ll make sure that enough of the X11 tools are on the server.
[root@cloudbox ~]# yum install xclock -y
I’m going to use MobaXterm as my client on my Windows box and open up a local terminal on rotor. MobaXterm automatically gives me an X11 Server so I don’t have to use something like Xming to give me a local X11 Server.
When I created cloudbox, my Oracle Cloud server, a private key file was created. This private key file was saved to rotor, my Windows box, in a folder on my local computer, so I’m going to cd to that folder and start an ssh connection:
[Rich.Rotor] ➤ ssh -X -i id_rsa opc@cloudbox
At this point, I have to provide the passphrase for my private key file that is in this directory. After supplying the passphrase, I’ll be connected to cloudbox.
Last login: Mon Aug 12 22:23:10 2019 from somewhere on the internet /usr/bin/xauth: file /home/opc/.Xauthority does not exist [opc@cloudbox ~]$
The message above should really be something like “.Xauthority does not exist, so I’m creating it.” because that is what just happened. The DISPLAY environment variable was set to the IP address of the cloud server with a :10.0 appended to the end, and we can see what ended up in .Xauthority file by using the xauth list command:
[opc@cloudbox ~]$ echo $DISPLAY 10.10.0.2:10.0 [opc@cloudbox ~]$ xauth list cloudbox.myreg.myvcn.oraclevcn.com:10 MIT-MAGIC-COOKIE-1 6ab3d32cf1c543ecaf83c79297ee3fbc
At this point, X11 based commands will now work, but only for the opc user.
[opc@cloudbox ~]$ xeyes& [1] 13177
If I become another user, then X11 commands won’t work.
[opc@cloudbox ~]$ sudo su - oracle Last login: Mon Aug 12 22:35:15 GMT 2019 on pts/0 [oracle@cloudbox ~]$ xeyes& [1] 13595 [oracle@cloudbox ~]$ Error: Can't open display: [1]+ Exit 1 xeyes [oracle@cloudbox ~]$
Looking above, it appears that the DISPLAY environment variable for the oracle user has yet to be set. The blank line after the message essentially tells us it has a NULL value. However, even if we set it, it still doesn’t work yet.
[oracle@cloudbox ~]$ export DISPLAY=10.10.0.2:10.0 [oracle@cloudbox ~]$ xeyes& [1] 14213 [oracle@cloudbox ~]$ X11 connection rejected because of wrong authentication Error: Can't open display: 10.10.0.2:10.0 [1]+ Exit 1 xeyes [oracle@cloudbox ~]$
The trick at this point is to pass along the MIT Magic Cookie that got generated for the opc user to the oracle user. The easiest way to do this is to just copy and paste the full output from the xauth list command as the opc user into an xauth add command as the oracle user:
[oracle@cloudbox ~]$ xauth add cloudbox.myreg.myvcn.oraclevcn.com:10 MIT-MAGIC-COOKIE-1 6ab3d32cf1c543ecaf83c79297ee3fbc xauth: file /home/oracle/.Xauthority does not exist [oracle@cloudbox ~]$ xeyes& [1] 14512 [oracle@cloudbox ~]$
At this point, everything works and X11 commands will now display on my local Windows box from Oracle Cloud as the oracle user.
Happy Linuxing!
Cars and Code 
Leave a comment