Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support local X server #1181

Closed
FranklinYu opened this issue Jun 7, 2018 · 16 comments
Closed

Support local X server #1181

FranklinYu opened this issue Jun 7, 2018 · 16 comments
Labels
Issue-Discussion-Deprecated/use GitHub discussions Resolution - Fixed

Comments

@FranklinYu
Copy link

FranklinYu commented Jun 7, 2018
edited
Loading

Please answer the following

"OpenSSH for Windows" version
7.7.1.0

Server Operating System
Remote SSHD running on Arch Linux

Client Operating System
Windows 10 Enterprise

background

I know some basic concept about SSH connection, but I have no idea how X-Forwarding works.

My remote is a Linux VM, with some GUI application installed. My local machine is Windows, with Portable OpenSSH (this project) installed. X server (VcXsrv in my case) is installed in local Windows machine.

Portable OpenSSH story

I started the local X server on Windows on localhost:0.0, then ran

$env:DISPLAY='localhost:0.0'
& 'C:\Program Files\OpenSSH-Win64\ssh.exe' -X franklinyu-linux

I expected this to “just work”, but in the SSH session, DISPLAY is unset (not even empty string). I started xclock to test; it complained that DISPLAY is not set:

Error: Can't open display:

I manually set export DISPLAY=franklinyu-windows:0.0, then xclock said

Authorization required, but no authorization protocol specified
Error: Can't open display: franklinyu-windows:0.0

I suppose that authentication information should be forwarded by the SSH client (Portable OpenSSH in this case). I quit the session and started another with verbose flag; I noticed below messages:

debug1: No xauth program.
Warning: untrusted X11 forwarding setup failed: xauth key data not generated

other experiments

I tried PuTTY (because there is many tutorials for PuTTY + VcXsrv). Simply replacing OpenSSH with PuTTY worked (PuTTY need to be told about $DISPLAY and X forwarding, of course), with all the other building blocks (X server, remote Linux) unchanged. PuTTY is my current solution, but I really prefer this project over PuTTY, for obvious reason.

I tried (temporarily) disabling authentication in my local X server (VcXsrv). After that I manually set $DISPLAY environment variable (inside session of course), then it worked: all my GUI application were able to be started from SSH session. However, in this case I suppose there is no X Forwarding, and there may be security concern.

(Originally posted on #427 (comment).)
@fungtion
Copy link

@FranklinYu you said "I tried (temporarily) disabling authentication in my local X server (VcXsrv). After that I manually set $DISPLAY environment variable (inside session of course), then it worked", how to "disabling authentication in my local X server (VcXsrv)", and "manually set $DISPLAY"?

@FranklinYu
Copy link
Author

@fungtion Keywords:

  • “VcXsrv”
  • “Extra settings”
  • “Disable access control”

I didn’t went into details about that in this issue because it is specific to VcXsrv, not something the PowerShell team should care about. In addition, it has very strong security implication, so don’t do it unless you understand the consequence.

@fungtion
Copy link

@FranklinYu Thanks

@pavelkomarov
Copy link

pavelkomarov commented Nov 29, 2018
edited
Loading

I am having a similar problem. I'm on a Windows 10 client trying to reach a Red Hat server. Using Putty with Xming on the client side, I can get X11 forwarding to work. I can even open an SSH connection through OpenSSH, manually set DISPLAY for that other session to be whatever Putty set it as, and open graphical programs from cmd. But using OpenSSH alone, DISPLAY never gets set in the ssh session, and if I close Putty, things start complaining they can't open the display. Is OpenSSH just broken? I feel like -X should work seamlessly like in linux.

@Kukunin
Copy link

Kukunin commented Jan 18, 2019

I believe the key line here is

debug1: No xauth program.

Since there is no xauth program in the Windows environment, SSH can't generate the auth info.
The other thing that for working the SSH X11 forwarding isn't necessary, if an ssh server has a secure data connection to a client (for example, if Linux is local and running inside a virtual machine).

So, there are two ways for having X11 with native OpenSSH for Windows:

  • get xauth in the windows environment
  • don't use X11 forwarding at all and make vcxsrv to accept the remote connection

@Kukunin
Copy link

Kukunin commented Jan 18, 2019
edited
Loading

Actually, it worked for me without xauth at all.

$ set DISPLAY=localhost:0.0
$ ssh [email protected] -Y -v
...
debug1: No xauth program.
Warning: No xauth data; using fake authentication data for X11 forwarding.
debug1: Requesting X11 forwarding with authentication spoofing.
...
[dev@winlinux ~]$ xcalc

it works.

Ensure you have configured the SSH server correctly, you can use https://wiki.archlinux.org/index.php/OpenSSH#X11_forwarding as a reference

P.S. I have xauth.exe inside C:\Program Files\VcXsrv, and I added that folder to PATH, but it still printed No xauth program

P.S.S. If I use -X flag instead of -Y, it shows me the same output as yours

@FranklinYu
Copy link
Author

@Kukunin In your case, is X11 authentication enable in VcXsrv?

@Kukunin
Copy link

Kukunin commented Jan 19, 2019

frankly, I don't know. It's totally a default config of VcXsrv with no changes. But I configured /etc/ssh/sshd_config on the archlinux server to enable X11.
Also, ensure you use -Y flag instead of -X, it doesn't work for me with -X (remember about security implications)

@nicksunyang
Copy link

Have you solved it?

@FranklinYu
Copy link
Author

@nicksunyang No, this is not a problem, it’s a lack of feature.

@manojampalam Please replace “Issue-Discussion” label with “Issue-Enhancement” since we don’t have this feature yet, based on the discussion above.

@github-samson
Copy link

@fungtion VcXsrv has some command line parameters. You can create a shortcut with below command, which includes the parameter to disable the authentication:

"C:\Program Files\VcXsrv\vcxsrv.exe" :0 -ac -terminate -lesspointer -multiwindow -clipboard -wgl

@FranklinYu
Copy link
Author

@github-samson Thank you. As I have mentioned:

I tried (temporarily) disabling authentication in my local X server (VcXsrv). After that I manually set $DISPLAY environment variable (inside session of course), then it worked: all my GUI application were able to be started from SSH session. However, in this case I suppose there is no X Forwarding, and there may be security concern.

@nicksunyang
Copy link

nicksunyang commented Nov 14, 2019
edited
Loading

do you enable Disable access control? in Vcxsrv I enabled Disable access control , set display number: 0, then it works,
in the remote host, i also export DISPLAY=10.212.45.145(my local host ip):0(display number )

@FranklinYu
Copy link
Author

@nicksunyang Please see #1181 (comment)

@pd93 pd93 mentioned this issue Jan 27, 2020
Closed
@maertendMSFT
Copy link
Collaborator

Trusted mode is now supported.

@tylerszabo tylerszabo mentioned this issue May 25, 2021
Open
@0017031
Copy link

0017031 commented Apr 17, 2023
edited
Loading

the debug log showing "debug1: No xauth program." ,
then you need point out the xauth path in .ssh\config

For example:

Host *
    XAuthLocation D:\scoop\apps\vcxsrv\current\xauth.exe

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Issue-Discussion-Deprecated/use GitHub discussions Resolution - Fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@Kukunin @FranklinYu @pavelkomarov @fungtion @0017031 @manojampalam @maertendMSFT @nicksunyang @github-samson