Dear Linux masters....
My shell script to set display settings on linux server isnt working as expected! need your expert advise
#! /bin/bash xauth list > /home/usr1/utilities/xauthlist.txt #generates the list of display settings in xauth file display=$(tail -n 1 /home/usr1/utilities/xauthlist.txt) #reads & stores the last line of the xauthlist.txt sudo -iu admin1 xauth add $display #setting the display xterm #this command does not throw up any visual output
My mobaxterm gives the following error
MoTTY X11 proxy: Unsupported authorisation protocol xterm: Xt error: Can't open display: 10.161.28.189:14.0
On the contrary if I do the same thing manually (without the script), all works fine.
Related
How do you setup VcXSrv.exe on Windows 10 to work with WSL2 without disabling access control? Every description on the internet shows to disable the access control, but this allows any program on the local network to log your keystrokes and mouse movements among other things.
Rather than disabling access control on VcXSrv, you should use the .Xauthority file to share keys between your X11 clients and the VcXSrv X11 server. The .Xauthority contains a collection of authorization keys indexed by the DISPLAY . You'll need to setup this file with a key for your particular Windows host and share that file between the VcXSrv and your X11 clients running on your WSL2 distro. To setup this, follow these steps:
Run your WSL2 distro (Assuming this is a debian based one) and install xauth, md5sum and gawk or awk. We'll also install some X11 client to test our setup. In this case, we'll install gnome-terminal but you can install something else if you want. On an Ubuntu distro, you can do:
sudo apt install -y xauth coreutils gawk gnome-terminal
xauth list # this should be an empty list
magiccookie=$(echo '{some-pass-phrase}'|tr -d '\n\r'|md5sum|gawk '{print $1}')
xauth add host.docker.internal:0 . $magiccookie
cp ~/.Xauthority /mnt/c/Users/{WindowsUserName}
Add the following to either your ~/.bashrc in your WSL2 distro home dir
export DISPLAY=host.docker.internal:0
We need to create either an XLaunch configuration file (i.e. config.xlaunch ) or
a shortcut to VcXSrv.exe with the desired command line args. XLaunch is a simple launcher
that assists in setting up the arguments and in turn calls vcxsrv.exe. We'll ignore using XLaunch and
just create our own shortcut with the appropriate arguments.
We want to run VcXSrv.exe with these args:
vcxsrv.exe -multiwindow -clipboard -wgl -auth {.XAuthority file} -logfile {A Log file} -logverbose {int log level}
From above, we copied the .Xauthority file to /mnt/c/Users/{WindowsUserName}/.Xauthority which means our desired command line is:
vcxsrv.exe -multiwindow -clipboard -wgl -auth "c:\users\{WindowsUserName}\.Xauthority" -logfile "c:\users\{WindowsUserName}\VcXSrv.log" -logverbose 5
Feel free to omit the logfile and logverbose options if you're not debugging any issues. So you can just do:
vcxsrv.exe -multiwindow -clipboard -wgl -auth "c:\users\{WindowsUserName}\.Xauthority"
Remember to replace {WindowsUserName} with the name of your folder under c:\Users.
To create the shortcut, navigate to where VcXSrv.exe is installed. The default location of this is
C:\Program Files\VcXSrv\VcXSrv.exe
In the explorer file window, right click on the VcXSrv.exe and click "Create Shortcut" . This will create a shortcut
on your desktop.
Right click over the created shortcut icon, and select properties.
In the Shortcut tab, append the arguments above after the executable . It should look something like:
"C:\Program Files\VcXSrv\VcXSrv.exe" -multiwindow -clipboard -wgl -auth "c:\users\{WindowsUserName}\.Xauthority"
In the General tab of the Properties dialog, change the name to be "VcXSrv with XAuthority".
Click ok.
Now you can start the X11 server by double clicking on the shortcut.
If you wish to have the X11 server started at startup, follow the instructions here:
https://support.microsoft.com/en-us/windows/add-an-app-to-run-automatically-at-startup-in-windows-10-150da165-dcd9-7230-517b-cf3c295d89dd
Now back in the WSL distro terminal, you should be able to run
the gnome-terminal or other X11 client and have it display securely
on the VcXSrv X11 server running on the Windows host.
export DISPLAY=host.docker.internal:0
gnome-terminal
This should result in the gnome-terminal being displayed on your X11 Server. Further, the xauthority file will be used to allow only authorized clients to connect to your X11 server.
I created a simple bash script that runs fine on Ubuntu 18/20.
Decided to port it onto PowerShell.
I start PowerShell in Windows 10.
Then type: ssh 192.168.1.56
This allows me to reach the target.
(the key is located in /c/users/joe90/.ssh/)
On the other hand, the bash script does the same thing:
#!/bin/bash
ssh 192.168.1.56
Yet, I keep getting this error:
load pubkey "/c/Users/joe90/.ssh/mykey-xyz": invalid format
The only thing I was able to sort out is that typing from PowerShell:
ssh -V
return ==> OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
But when the myBash.sh bash script runs (/usr/bin/bash ...):
ssh -V
return --> OpenSSH_8.3p1 ...
Any thoughts ?
Additional Notes:
The answer seems to lie here. It does ssh onto target but always leave this error mentioned. I tried to make a public key with no success.
Run
/usr/bin/ssh 192.168.1.56
instead (assuming this is the one you want to run).
Verify it using
/usr/bin/ssh -V
form bash, or
sh -c '/usr/bin/ssh -V'
from powershell.
Any time I see "invalid format" while using Windows Subsystem for Linux, I run dos2unix on that file and that seems to clear up a lot of errors. In WSL you just type: dos2unix fileName.txt
I have a remote instance of SAS Management Console in the following location:
/pub/sas/SASManagementConsole/9.4/sasmc_console
I'd like to be able to launch this as a GUI interface. I've tried the following (in XQuartz):
export DISPLAY=:0
ssh -x myuser#app.myserver.com
cd /pub/sas/SASManagementConsole/9.4
./sasmc_console
This returns:
Exception in thread "main" java.lang.InternalError: Can't connect to X11
window server using ':0' as the value of the DISPLAY variable.
What should be the value of my display variable?
doh.. So it appears I should have used an uppercase X as follows:
ssh -X myuser#app.myserver.com
But there were other things I had to update before the window worked properly. First, in the following file:
/private/etc/ssh_config
I changed the following values:
# ForwardX11 no
# ForwardX11Trusted no
to:
# ForwardX11 yes
# ForwardX11Trusted yes
I also ran:
rm /tmp/.X11-unix/X0
And restarted the machine...
I have successfully installed mosh at server and client side both. I am trying to ssh using mosh from osx but it is throwing following error:
/bin/false: No such file or directory
write: Broken pipe
/usr/local/bin/mosh: Did not find remote IP address (is SSH ProxyCommand disabled?).
I am not sure if it has anything to do with mosh, or it is general error. Please help me in setting up mosh.
This error
/bin/false: No such file or directory
most likely means the user account that you are trying to login to is disabled. You need to log in as another user, and change the shell to a valid executable
$ chsh -s /bin/bash [username]
I am getting a error while accessing the firefox using X11Forwarding.
[root#station2 ~]# firefox
KiTTY X11 proxy: wrong authorisation protocol attemptedKiTTY X11 proxy: wrong authorisation protocol attemptedError: cannot open display: localhost:10.0
setup the following values: /etc/ssh/sshd_config
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
** Installed the package**
#yum install xorg-x11-xauth
#yum -y install xauth
[root#station2 .ssh]# echo $DISPLAY
localhost:10.0
#mkxauth -c
adding key for station2.example.com to /root/.Xauthority ... done
export XAUTHORITY=$HOME/.Xauthority
This fix worked for me
There is a hard, if not even impossible, to find (by search engine) scenario that may may cause that error message.
Preliminary note: The topic of this answer is not to discuss if it is a safety
risc or recommondable at all to use a graphical desktop as root on an remote, display-less, webserver.
Scenario:
A remote internet connected Linux server S has assigned the domain
name example.com to it's public IP4-address 192.0.2.1.
The /etc/hostname file on S contains the single line example.
The /etc/hosts
file on S contains the line 127.0.0.1 localhost example.com example.
The (remote) ssh access to S is by (sshd-) configuration (on S) forbidden
for root by the line DenyUsers root in /etc/ssh/sshd_config, but
allowed for a dummy user user1. From a client computer C a ssh
connection, using the ssh parameter -X or -Y, is established to S
as user user1.
Then, in a remote terminal on S owned by user1,
if any X11 related command is tried to be executed as root, may it be by
su, then trying to start the X11 desktop environment
or, as in the concrete case executing a script containing
#!/bin/bash
su --preserve-environment -c "xfce4-session &" root
the error message
X11 connection rejected because of wrong authentication.
is output and the start of any X11 related program fails.
The DISPLAY variable of root's environment contains
example.com:10.0
then.
One solution to the problem is, in this special case, to modify the line
127.0.0.1 localhost example.com example
in /etc/hosts to
127.0.0.1 localhost
Solution: run the application with the same user you are SSHing.
I have also encounter such errors while using X11.
The source of my problem was that i used SSH with my own username (which was not root).
Then, once logged in i tired running stuff with X11 while doing "su" or doing "sudo",
the problem with that is that the SSH session is configured with your own username - e.g: Raj, but then you switch to user root which is not part of the X11 session.
So what you should do is simply try to run the application (firefox in your case) with the same user you started the X11 session.
Hope this helps.
Talel.
I ran into this running gvim over ssh -t -Y and the solution that worked for me was:
xauth add $(xauth -f ~<logon_user>/.Xauthority list | tail -1) ; export NO_AT_BRIDGE=1 # gvim X11 fix for remote GUI failure after su
I do not know where I stumbled on this answer so I cannot give credit to the author.