{"id":252,"date":"2010-10-31T22:01:32","date_gmt":"2010-11-01T03:01:32","guid":{"rendered":"http:\/\/ebixio.com\/blog\/?p=252"},"modified":"2010-11-01T11:38:19","modified_gmt":"2010-11-01T16:38:19","slug":"x11-remote-display","status":"publish","type":"post","link":"http:\/\/ebixio.com\/blog\/2010\/10\/31\/x11-remote-display\/","title":{"rendered":"X11 remote display"},"content":{"rendered":"<p>There&#8217;s no shortage of <a href=\"http:\/\/www.faqs.org\/docs\/Linux-mini\/Remote-X-Apps.html\">tutorials<\/a> on how to use X11&#8217;s remote display facilities. On modern, properly configured systems, all you need to do is to use the -X or -Y option to ssh, and the magic is all taken care of by ssh and xauth. Unfortunately, sometimes servers are mis-configured and this simple solution doesn&#8217;t work.<\/p>\n<p>On one server I was trying to use, sshd was compiled with a hard-coded path for xauth that was incorrect. This is easy to see when adding the &#8220;-v&#8221; switch to ssh. Look for:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\ndebug1: Requesting X11 forwarding with authentication spoofing.\r\ndebug1: Remote: No xauth program; cannot forward with spoofing.\r\n<\/pre>\n<p>With no admin rights on the server, the normal work-around is to use the XAuthLocation option on the client side, either in the ~\/.ssh\/config file, or on the command line: <code lang=\"bash\" inline=\"on\">ssh -o XAuthLocation=\/proper\/path<\/code>. Some versions of sshd (including the one I was using) ignore this option.<\/p>\n<p>Since I was working in a fairly secure environment, I decided to skip ssh\/xauth part, and just set the DISPLAY environment variable on the server to &#8220;DISPLAY=my.client.ip:0.0&#8221;. That&#8217;s all nice and dandy, but my Ubuntu client was using Unix domain sockets instead of TCP for X11 so there was no way to connect to it remotely. First I tried modifying <code lang=\"bash\" inline=\"on\">\/etc\/X11\/xinit\/xserverrc<\/code> on the client to remove the &#8220;-nolisten tcp&#8221; option. That didn&#8217;t seem to do the trick (there was nobody listening on port 6000 after I restarted X). It turns out gdm has a different configuration file that also needs to be modified. I then changed <code lang=\"bash\" inline=\"on\">\/etc\/gdm\/gdm.schemas<\/code> to:<\/p>\n\r\n<pre class=\"brush: xml; title: ; notranslate\" title=\"\">\r\n     &lt;schema&gt;\r\n       &lt;key&gt;security\/DisallowTCP&lt;\/key&gt;\r\n       &lt;signature&gt;b&lt;\/signature&gt;\r\n      &lt;default&gt;false&lt;\/default&gt;\r\n     &lt;\/schema&gt;\r\n<\/pre>\r\n<p>After X was restarted, I had X11 listening on port 6000. All that was left to do was to allow the server to connect (<code lang=\"bash\" inline=\"on\">xhost +server.name.com<\/code>) and everything was working like a charm.<\/p>\n<p>Before you open up X11 to remote TCP connections as shown above, make sure you read up on it and understand the security implications.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There&#8217;s no shortage of tutorials on how to use X11&#8217;s remote display facilities. On modern, properly configured systems, all you need to do is to use the -X or -Y option to ssh, and the magic is all taken care of by ssh and xauth. Unfortunately, sometimes servers are mis-configured and this simple solution doesn&#8217;t [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[12,27],"class_list":["post-252","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-linux","tag-ssh"],"_links":{"self":[{"href":"http:\/\/ebixio.com\/blog\/wp-json\/wp\/v2\/posts\/252","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ebixio.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ebixio.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ebixio.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ebixio.com\/blog\/wp-json\/wp\/v2\/comments?post=252"}],"version-history":[{"count":11,"href":"http:\/\/ebixio.com\/blog\/wp-json\/wp\/v2\/posts\/252\/revisions"}],"predecessor-version":[{"id":266,"href":"http:\/\/ebixio.com\/blog\/wp-json\/wp\/v2\/posts\/252\/revisions\/266"}],"wp:attachment":[{"href":"http:\/\/ebixio.com\/blog\/wp-json\/wp\/v2\/media?parent=252"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ebixio.com\/blog\/wp-json\/wp\/v2\/categories?post=252"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ebixio.com\/blog\/wp-json\/wp\/v2\/tags?post=252"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}