SSH Secure Shell Tunnel X11 - Display not shown - security

I am using SSH Secure Shell to connect to a server. My connection is allowed to Tunnel X11 connections but when I execute the command. The display is not showing up. I get the message:
couldn't connect to display "localhost:12.0"
I have a ssh server installed and running on my machine.

Remember: Both the client and the server have to allow X forwarding.
On the server look in /etc/ssh/sshd_config and make sure you have X11Forwarding yes. You will need to restart the service if you edit this file.
On the client look in /etc/ssh/ssh_config (your user ~/.ssh/ssh/config will override global settings, if you have created this file) and make sure you have ForwardX11 yes.
Alternatively give the -X switch when you create your client connection. e.g. ssh -X user#host
Oh and of course, your client needs to be running an X server which you have authority to use! E.g. if you connect from Windows using PuTTY it will never work, as Windows is not an X server!

I figured it out. I needed to have X-Server installed on my computer instead of SSH-Server. I installed Xming for that purpose and now everything works as it should.

Related

sublime text sftp tunnel wbond

To work remotely I need to SSH into the main server and then again into the departmental server.
I would like to set up a tunnel using sublime text 3 wbond sftp package to view and edit files remotely but I can't seem to find any information for setting up a tunnel. Is this even possible?
The reason I'm interested in this particular package is because I am unable to install any packages locally on the server, hence using something like rsub is not possible.
Any other suggestions besides sublime sftp are welcome.
I'm not sure the SFTP plugin would allow to do this directly.
What i would suggest is for you to use ssh -L to create a tunnel.
ssh -L localhost:random_unused_port:target_server:22 username_for_middle_server#middle_server -nNT
Use the password/identity_file for the middle server
The -nNT is to avoid opening an interactive shell in the middle server.
IMPORTANT: You need to keep the ssh -L command running so keep that shell open.
In this way you can connect to the target_server as such:
ssh username_for_target_server#localhost -p random_port_you_allocated
Similarly you can setup the SFTP plugin file as such
{
...
"host":"localhost",
"user":"username_for_target_server",
"ssh_key_file": "path_to_target_server_key",
"port":"random_port_you_allocated",
....
}
As a sidenote, always use the same port to tunnel to the same server, otherwise, with the default ssh configuration, you will be warned of a "Man in the middle attack" because the signature saved in the .ssh/known_hosts will not match with the previous one. This can be avoided by disabling this feature but I wouldn't recommend it.

Difference between connecting throug Jenkins SSH plugin and normal ssh

I have a remote server.
If I use ssh to connect with the server as the Jenkins user it works perfectly
ssh jenkins#remoteserver.com
The jenkins user is allowed to change to user jboss WITHOUT being asked for password:
sudo su jboss
This works perfectly, no need for entering a password. Everything as expected.
If I make a Jenkins build, connecting to the remote server through a SSH plugin, the connection works fine. I can also run a testscript, it works also!
But if I make the sudo su jboss through Jenkins on my remote server, it's not working.
Jenkins is not throwing any error, there is just the spinning circle
It's never stopping, only if I cancel the job.
Anyone got an idea, what's the difference between running ssh in Jenkins and conncecting through a plugin?
Is the connection lost, when changing the username? (looks like it)
The SSH plugin and the ssh command provide two completely different implementations of the SSH protocol:
Your ssh command will probably run the OpenSSH client
The SSH plugin uses the SSH protocol implementation provided by JSch
I'm not into JSch, but I'd suspect there's a either a problem in the way the plugin configures JSch terminal handling, or there's a problem related to terminal handling with JSch. Either may break the behaviour of sudo:
sudo is somewhat sensitive to terminal/tty settings; see e.g. this discussion, which also contains a few hints which may help to work around the issue.

putty + xming: cannot connect to Xserver in Windows 7

I am trying to use putty and XMing to run programs from my Fedora 20. I used this configuration before on other machines and I was able to run GUI programs on Linux and display them in my windows 7. But this time I have trouble and get the "cannot connect to X server" error when I try to launch kwrite and kdesvn which are GUI programs in Fedora 20. The connections were good. And the XMing server was running and the X11 forwarding was enabled in putty, like the instruction here.
From my another Fedora 20 machine, I was able to connect to and run GUI programs from the target machine with ssh -X and the same username. So I am thinking the settings of the target machine was right.
Then what else I can try? how to figure out where the problem is?
Ensure that X11 forwarding is enabled in /etc/sshd_config.
X11Forwarding yes
Ensure in your home directory that you have an .Xauthority file. Permissions should be set 0600. If the file does not exist create it.
touch ~/.Xauthority
chmod 0600 ~/.Xauthority
As was previous stated first make sure that X11 forwarding is enabled in PuTTY.
Config > Connection > SSH > X11 > Enable X11 Forwarding. Based on your question it appears you already did this. Make sure you save this config.
I had a problem much like this, what happened to me was that my DISPLAY was being set elsewhere. If you can, try opening a new settion via putty from the same Windows machine using another user and then checking the display and testing your GUI programs
Another thing would be to use your own user but remove any custom work you may have done in your configuration, login fresh, check the DISPLAY and then test X
Did you enable X11 in putty?
It's under SSH | X11 | Enable X11 Forwarding
Then save the putty profile and click on session | save | open
Should work perfectly after you make those changes.

Forwarding X11 without SSH? How do I run local apps on another Pc running X Server?

I am using Cygwin X and Debian. I can forward my X session via SSH but what happens is that I seem to loose the display forwarding in the X session once in a while (from Cygwin to Linux). So i am guessing that that is an imnplementation thing with Cygwin because I never loose X11 display in the same ssh session when I use Linux to Linux.
This also happens when a X11 forwarded app tries to fork another process lets say I run Thunderbird and I click on a url inside an email. Naturally Thurderbird will try to start the default web browser but it is not doing it with Cygwin X server and here is the message I get when SSH session gives up the display for various reasons that I am not able to know.
"Error: cannot open display: localhost:10.0"
The other issue is that since the ssh gives up the display variable, I have to restart my ssh session to get it working which also kills other apps that I might be running during the ssh session.
Anyway after struggling with this for a while I am thinking that I want to be able to open my apps on another display without using ssh forwarding. I am using it internally and it is almost a closed lan so I am not worried about the security for now. I just want to be able to run the app on the Linux then see the app on the Pc that is running Cygwin.
I tried basic DISPLAY variable thing like "export DISPLAY=MY_CYGWIN_PC_IP:0.0" (on Linux Pc) but it does not work.
So I am wondering about how I can achieve this. What are the proper settings to achieve what i need?
Your direction was OK. export DISPLAY is what you want. But it is not enough.
On the target, you need to type
xhost +from.where.the.windows.are.coming.com
It gives the X server the permission to allow remote windows from this computer.
Beware, it is not really secure! A possible attacker could not only windows shown by you, but even control your mouse/keyboard. But for simple solutions, or if you can trust the remote machine and the network between you, it may be ok.
If not, there is an advanced authorization, based on preshared keys. It is named xauth. Google for xauth.
The Xorg server has an option to disable the remote windows, and there are distributions, (f.e. ubuntu!) who turn this option by default on. You can test it - if you can telnet to the tcp port 6000, it is allowed.
If you are using ssh -X, don't. Use ssh -Y
Cygwin XWin server randomly loses connection
Basically to work as old times , we need enable xdmcp on display manager and use X11 , Xwayland seems to me that doesn't work either.
sddm doesn't support xdmcp , but gdm does , you need edit /etc/gdm/custom.conf and add
[security]
DisallowTCP=false
[xdmcp]
Enable=true
xhost + ip_of_remote_computer
echo $DISPLAY (the number of the display usually :0 or :1)
after you can verify :
netstat -l | grep xdmcp
udp 0 0 0.0.0.0:xdmcp 0.0.0.0:*
lsof -i :xdmcp
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
gdm 862335 root 12u IPv4 71774686 0t0 UDP *:xdmcp
on remote host :
export DISPLAY="ip_of_server:0" (see if is 0 or other number in echo $DISPLAY on server mention above )
xclock &
References:
http://www.softpanorama.org/Xwindows/Troubleshooting/can_not_open_display.shtml
https://tldp.org/HOWTO/html_single/XDMCP-HOWTO/
https://wiki.archlinux.org/title/XDMCP

failed to open the x11 display : unable to connect

The server that supports the graphical display is different from the server I'm sshed into. When I try to open virtualbox, I get this message.
$ Failed to open the X11 display!
When I try to startx, I get three error messages.
$ PAM authentication failed, cannot start X server
$ giving up.
$ xinit: No such file or directory (errno 2): unable to connect to X server
$ xinit: No such process (errno 3): Server error.
I don't know where the display variable is, as I'm very new to linux. Any straightforward advice and help would be appreciated.
Give option -X on command line to enable X11 forwarding (graphical interfaces).
ssh -X user#hostname
It can be also enabled per host basis by setting "ForwardX11" to "yes" in configuration file (~/.ssh/config). Support for X11 forwarding needs to be also enabled in the target server's sshd configuration file (/etc/ssh/sshd_config) with option X11Forwarding yes.
You should also know that there are some security implications in enabling the X11 forwarding. Read more from ssh and sshd man pages or here. If you control both server and client and trust both equally, there shouldn't be any problem in enabling the forwarding.

Resources