Forwarding X11 over SSH if the server configuration doesn’t allow it

by

Consider a situation where I’m logging in over SSH from machine A to machine B, I have an X session on machine A, and I want to run an X program on B.

ssh -X B makes this work transparently. But what if the server configuration lacks X11Forwarding yes, I don’t have root permissions on the server, and the server administrator is indifferent?

It’s obviously possible to forward the X11 connection, since I can transfer whatever I want over the SSH channel. In fact, if the local X server allows TCP connections, it’s as easy as ssh -R 6010:localhost:6000 (to be adjusted for the display numbers). What about the common case where the local X server only allows socket connections? How do I do X forwarding conveniently and securely, with a minimum of installation requirements (especially on B)?

Contents hide
Answers:
Method 1
Method 2
Method 3

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Is the protocol X11 speaks when talking to a tcp port any different when talking to a socket?

Perhaps you could combine your own suggested use of ssh -R 6010:localhost:6000 to bring the X11 data in over port forwarding, then bridge the local gab between the tcp port and the X11 socket listener with nc like:

nc -l -p 6000 > /tmp/.X11-unix/X0

Method 2

@Demi ‘s answer is good but I think filling it out would be great help.

  • local
    — the local machine serving an Xserver.
  • remote
    — the remote machine serving the application which drives the data going to the Xserver

Remote /etc/ssh/sshd_config:

X11Forwarding no
X11DisplayOffset 10
X11UseLocalhost yes

Remote ~/.Xauthority is empty or does not exist

On local:

Xephyr -ac -screen 1280x800 -br -reset   :2 &
DISPLAY=:2 ssh  -fR 6010:/tmp/.X11-unix/X2  <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="c3b6b0a6b183b1a6aeacb7a6">[email protected]</a> "DISPLAY=:10 xeyes"

In the test, local was running Ubuntu 18.05, remote was running Debian Jesse.

Method 3

  1. Spin up an additional X server using Xephyr. This is for security — it prevents the remote system from compromising yours.
  2. Use SSH to forward a remote socket to the Xephyr socket. SSH supports forwarding Unix sockets, too.
  3. Set the environment variables on the remote server correctly.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x