Develop Reference

How to Setup VcXSrv for use with WSL2

How do you setup VcXSrv.exe on Windows 10 to work with WSL2 without disabling access control? Every description on the internet shows to disable the access control, but this allows any program on the local network to log your keystrokes and mouse movements among other things.

Rather than disabling access control on VcXSrv, you should use the .Xauthority file to share keys between your X11 clients and the VcXSrv X11 server. The .Xauthority contains a collection of authorization keys indexed by the DISPLAY . You'll need to setup this file with a key for your particular Windows host and share that file between the VcXSrv and your X11 clients running on your WSL2 distro. To setup this, follow these steps:
Run your WSL2 distro (Assuming this is a debian based one) and install xauth, md5sum and gawk or awk. We'll also install some X11 client to test our setup. In this case, we'll install gnome-terminal but you can install something else if you want. On an Ubuntu distro, you can do:
sudo apt install -y xauth coreutils gawk gnome-terminal
xauth list # this should be an empty list
magiccookie=$(echo '{some-pass-phrase}'|tr -d '\n\r'|md5sum|gawk '{print $1}')
xauth add host.docker.internal:0 . $magiccookie
cp ~/.Xauthority /mnt/c/Users/{WindowsUserName}
Add the following to either your ~/.bashrc in your WSL2 distro home dir
export DISPLAY=host.docker.internal:0
We need to create either an XLaunch configuration file (i.e. config.xlaunch ) or
a shortcut to VcXSrv.exe with the desired command line args. XLaunch is a simple launcher
that assists in setting up the arguments and in turn calls vcxsrv.exe. We'll ignore using XLaunch and
just create our own shortcut with the appropriate arguments.
We want to run VcXSrv.exe with these args:
vcxsrv.exe -multiwindow -clipboard -wgl -auth {.XAuthority file} -logfile {A Log file} -logverbose {int log level}
From above, we copied the .Xauthority file to /mnt/c/Users/{WindowsUserName}/.Xauthority which means our desired command line is:
vcxsrv.exe -multiwindow -clipboard -wgl -auth "c:\users\{WindowsUserName}\.Xauthority" -logfile "c:\users\{WindowsUserName}\VcXSrv.log" -logverbose 5
Feel free to omit the logfile and logverbose options if you're not debugging any issues. So you can just do:
vcxsrv.exe -multiwindow -clipboard -wgl -auth "c:\users\{WindowsUserName}\.Xauthority"
Remember to replace {WindowsUserName} with the name of your folder under c:\Users.
To create the shortcut, navigate to where VcXSrv.exe is installed. The default location of this is
C:\Program Files\VcXSrv\VcXSrv.exe
In the explorer file window, right click on the VcXSrv.exe and click "Create Shortcut" . This will create a shortcut
on your desktop.
Right click over the created shortcut icon, and select properties.
In the Shortcut tab, append the arguments above after the executable . It should look something like:
"C:\Program Files\VcXSrv\VcXSrv.exe" -multiwindow -clipboard -wgl -auth "c:\users\{WindowsUserName}\.Xauthority"
In the General tab of the Properties dialog, change the name to be "VcXSrv with XAuthority".
Click ok.
Now you can start the X11 server by double clicking on the shortcut.
If you wish to have the X11 server started at startup, follow the instructions here:
https://support.microsoft.com/en-us/windows/add-an-app-to-run-automatically-at-startup-in-windows-10-150da165-dcd9-7230-517b-cf3c295d89dd
Now back in the WSL distro terminal, you should be able to run
the gnome-terminal or other X11 client and have it display securely
on the VcXSrv X11 server running on the Windows host.
export DISPLAY=host.docker.internal:0
gnome-terminal
This should result in the gnome-terminal being displayed on your X11 Server. Further, the xauthority file will be used to allow only authorized clients to connect to your X11 server.

Windows Server 2019 - Running GUI Application through OpenSSH protocol

I need to run remotely GUI Desktop App when connected through SSH.
Is this even achievable? When I try to run app(any GUI) it just hangs there and does nothing.
I need to explicitly make this work with SSH.

For anyone wondering how to run GUI applications using psexec, this is the solution:
psexec64 is located in C:\Windows
psexec64 -accepteula -nobanner \\SERVER.company.co -u DOMAIN\user -p password -h -i 2 C:\\Windows\notepad.exe
Note: You can run any exe on the server, as well as you can run locally,
also if you need to run it from linux here is solution:
First install winexe: https://sourceforge.net/projects/winexe/ - google for installing from cli
winexe -U DOMAIN/user%password //SERVER.company.co "psexec64 -u DOMAIN\user-p password -accepteula -nobanner -h -i 2 C:\Windows\notepad.exe"
Hopefully this will help someone

redirect serial port output as bash command with Xbee and RPI

My setup is complicated and I think I have a clear way ahead, but please let me know if you see a better way to accomplish my end state of using a terminal window over Xbee. My use case is that RPI #1 has internet connectivity, but RPI #2 does not, and I want to fully control and access RPI #2 via RPI #1 over Xbee.
I have x2 Raspberry Pi 3B+ and am using x2 Xbee Pro S3B modules to communicate between the RPIs over Xbee USB Development Shields. The Xbees show on the RPIs as /dev/ttyUSB0. I want to use the Xbees as a transportation layer to the RPIs, much like 802.11/15 or plain old ethernet would be used in a headless situation with bash. The Xbees are running at 115200 baud rate, and are named and setup via the X-CTU tool. I have no illusions of high speed data, but want to "see" RPI #2 terminal on RPI #1, the same as when SSH is accomplished with traditional transport layers.
I am able to use the Xbees in Transparent Mode, and send plain text with Screen, Minicom, "echo "text here" > /dev/ttyUSB0", and "cat < /dev/ttyUSB0". Despite the ability to pass messages, I want to use these plain text messages as bash input. For example, when I pass the command ls via any of the three methods listed from RPI 1, I want to have bash exectue "ls" on RPI 2, not just see it listed on the screen for RPI 2.
I've found several tools for Xbee, but don't want to wire up the GPIO pins and go that method; I want to use the Xbees as simple transport, nothing more. How do I pass text from /dev/ttyUSB0 to bash as a command, and see the results? Short of a more direct route, I'm considering using crontabs and an executable file that is erased and re-written to accomplish this task, but feel that is a last, very ineffective, method.
Is there some tool I am missing that does this already? Can I "screen" over a serial port as command line and serial I/O simultanously?
I found pyserial, which could allow for a TCP binding to the /dev/ttyUSB0 port, but am not sure if that is the right way to go or not. As of now, my code is as simple as
RPI #1:
echo "ls" > /dev/ttyUSB0
RPI #2:
cat < /dev/ttyUSB0

I was able to send and recieve commands from command line of a local (although remoted) XBee host to a remote (secondary, off net) Xbee host. I found the answer when I started looking at how serial devices could open a login terminal, and arrived at the getty tool. Here are my setup instructions for Transparent Mode use, I am still trying to get python-xbee and other tools to work to allow for the same concept, but via API mode. Note that the below instructions are a 95% solution, but should get the common user to a solid way ahead. I am not the original author of the steps below in their format, but found each step and combined them through various other Q&A forums to arrive at a solution:
First, acquire Digi Xbee X-CTU software (does not install on ARM devices such as Raspberry or Odroid):
XCTU:
Install from the following Digi.com link, but navigate to the corrresponding software FTP link:
https://www.digi.com/support/productdetail?pid=3352&type=drivers
Linux 64 Bit: ftp://ftp1.digi.com/support/utilities/40002881_R.run
Linux 32 Bit: ftp://ftp1.digi.com/support/utilities/40002880_R.run
Windows: ftp://ftp1.digi.com/support/utilities/40003026_T.exe
Mac: ftp://ftp1.digi.com/support/utilities/40003026_T.exe
Install X-CTU Via:
sudo wget ftp://ftp1.digi.com/support/utilities/40002880_R.run
sudo mv 40002881_R.run xctu_64bit.run
sudo chmod +x xctu_64bit.run
sudo ./xctu_64bit.run
Find X-Bee Device:
make sure Xbee is not plugged into a hub, power will be too little, recognizable via the below error, YMMV:
dmesg | grep ttyUSB0
and returning error: [ 228.800021] ftdi_sio ttyUSB0: failed to get modem status: -32
lsusb -v -d 0403:6001
sudo nano /boot/cmdline.txt
change the console tty device from AMA to USB, then for the kgdboc, which allows the remote end to watch the boot process, add/make match as appropriate
console=ttyUSB0,115200 kgdboc=ttyUSB0,115200
sudo nano /etc/inittab
make sure to uncomment (remove #) if present, change tty from AMA to USB
T0:23:respawn:/sbin/agetty -L ttyUSB0 115200 vt100
On Ubuntu x86 system, use X-CTU via
sudo ./XCTU.desktop
update firmware to the latest version
currently 8075 for the Pro S3B, then set baud rate to 115200 on each device
other xbees on in the vicinity can be updated by using a local xbee via X-CTU, then setting the api mode to “api mode with escapes”. Note that Transparent Mode should be used unless you have an indepth knowlege to make API mode work. I started with Transparent Mode to demonstrate the below works, but have since moved to API mode to gain the enhanced send-recieve control capabilities (pending a working version as of this writing).
do the same steps for all the devices that will be used on the network; once the local device is complete, other remote devices can be updated if visible (close enough).
Close out X-CTU and add the current user to the dialout group via:
sudo usermod -a -G dialout root
reboot then:
Setup Minicom Via:
sudo aptitude install minicom
minicom -s
serial port setup
a, set to /dev/ttyUSB0, then hit enter
e, set baud rate to 115200, then hit enter
hit enter again to close the window and arrive at the configuration page of minicom
select to save as dfl, followed by enter
then move to exit, and hit return
test connection to a locally connected device via
three plus symbols without hitting return
if it replies “ok” in a few seconds or less, all is well
OR Screen:
screen /dev/ttyUSB0
again, if you see a login prompt, you are connected. Note that screen is probably the best choice for most users; it has the inherent quality of ease of use (when compared to Minicom), handles low bandwidth connections with ease, and stays alive despite a disconnect from remote host. Ctl+a and then k will disconnect.
Install Coreutils to add more options than Minicom (Screen is also advisable):
sudo aptitude install coreutils && screen
stty -F /dev/ttyUSB0 -a
this will check serial port capabilities and settings
Communicate with your devices:
Note you interact with your network on a local machine with an X-Bee plugged in, or on a remote device you SSH over the internet, as long as it has an X-Bee attached. Also, note that the below settings to rc.local weren't keeping my settings after a reboot; this is a work in progress. I was setting them manually until I got automation worked out.
Also, I added rc.local to the RPI manually, the how-to for that is out there somewhere:
sudo systemctl stop serial-getty#ttyAMA0.service
sudo systemctl disable serial-getty#ttyAMA0.service
sudo systemctl enable serial-getty#ttyUSB0.service
sudo nano /etc/rc.local
add the below before exit 0
The stty line is twice because it has been noted that the first instance changes the reported baud rate to 9600, the second to 115200. If you are doing this manually, do a “stop” then re-do the start command to receive the prompt. This could be automated; I will update this post with a process monitor.
stty -F /dev/ttyUSB0 speed 115200 cs8 -cstopb -parenb raw
stty -F /dev/ttyUSB0 speed 115200 cs8 -cstopb -parenb raw
sudo systemctl start serial-getty#ttyUSB0.service
Then, use Minicom, Screen, or "cat" and "watch" to view messages sent. When using Minicom you will receive a login prompt via the above directions. As previously stated, I am still trying to get this working smoothly for API mode, but at least I know I have connectivity and can do basic command & control via the command line remotely with Transparent Mode, including running command line programs and commands. Transparent Mode does not offer any enhanced RF propagation correction techniques, hence my desire to get API mode working; RSSI values and error correction would be nice.

How to develop on a virtual machine?

I want to edit source code on a virtual machine running Ubuntu. I'm ssh'd into it to preserve my native (mac) key bindings (e.g. copy and paste). Can I route terminal data through to sublime on the host side? Can I invoke the sublime editor in the vm and use it with X11 forwarding?
I'm just looking for the common workflow where I can keep using the key-bindings and editor I've learned to love.

You can use Samba share for this. (Assuming that you are running windows).
That's the way I do it.
How to Create a Network Share Via Samba Via CLI (Command-line interface/Linux Terminal) - Uncomplicated, Simple and Brief Way!
or you can check How to map a network drive?

You have a few options:
You can install Samba for SMB network sharing, or Netatalk for AFP network sharing, as suggested in the answer by Ahmed Daou. Probably the most flexible solution once set up. If you want to get fancy you can also install avahi-daemon so that you can browse to network files from the Finder, as you would any other file share; otherwise you can use "Connect To Server..." from the Finder's Go menu.
You can round-trip it with scp. Install a public-private keypair for SSH so you don't have to enter a password every time out (even if you use a passphrase, your Mac will remember it in its keychain). When you quit Sublime, the saved file will be will copied back to the VM.
Example sublime_open script:
#!/bin/bash
serverAddress="username#myvm.local"
if [[ ! $1 ]]; then
echo "usage: sublime_open <remoteFilename> [username#serverAddress] [serverPort]"
exit 1
fi
[[ $2 ]] && serverAddress="$2"
[[ $3 ]] && serverPort="-P $3" || serverPort=
scp $serverPort $serverAddress:"$1" /tmp/myfile.txt
/Applications/"Sublime Text.app"/Contents/MacOS/"Sublime Text" /tmp/myfile.txt
scp $serverPort /tmp/myfile.txt $serverAddress:"$1"
rm /tmp/myfile.txt &> /dev/null
You can, as you suggested, use X11 and run the Linux version. Install XQuartz on your Mac, and then open an SSH session to your VM with the -X option, e.g. ssh -X myvm.local. Then in that Terminal window run ./sublime_text from whatever directory it lives in (if you install the Ubuntu/Debian package, it appears to be in /opt/sublime_text/sublime_text). It will open in an X window on your Mac.

X11 connection rejected because of wrong authentication

I am getting a error while accessing the firefox using X11Forwarding.
[root#station2 ~]# firefox
KiTTY X11 proxy: wrong authorisation protocol attemptedKiTTY X11 proxy: wrong authorisation protocol attemptedError: cannot open display: localhost:10.0
setup the following values: /etc/ssh/sshd_config
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
** Installed the package**
#yum install xorg-x11-xauth
#yum -y install xauth
[root#station2 .ssh]# echo $DISPLAY
localhost:10.0
#mkxauth -c
adding key for station2.example.com to /root/.Xauthority ... done

export XAUTHORITY=$HOME/.Xauthority
This fix worked for me

There is a hard, if not even impossible, to find (by search engine) scenario that may may cause that error message.
Preliminary note: The topic of this answer is not to discuss if it is a safety
risc or recommondable at all to use a graphical desktop as root on an remote, display-less, webserver.
Scenario:
A remote internet connected Linux server S has assigned the domain
name example.com to it's public IP4-address 192.0.2.1.
The /etc/hostname file on S contains the single line example.
The /etc/hosts
file on S contains the line 127.0.0.1 localhost example.com example.
The (remote) ssh access to S is by (sshd-) configuration (on S) forbidden
for root by the line DenyUsers root in /etc/ssh/sshd_config, but
allowed for a dummy user user1. From a client computer C a ssh
connection, using the ssh parameter -X or -Y, is established to S
as user user1.
Then, in a remote terminal on S owned by user1,
if any X11 related command is tried to be executed as root, may it be by
su, then trying to start the X11 desktop environment
or, as in the concrete case executing a script containing
#!/bin/bash
su --preserve-environment -c "xfce4-session &" root
the error message
X11 connection rejected because of wrong authentication.
is output and the start of any X11 related program fails.
The DISPLAY variable of root's environment contains
example.com:10.0
then.
One solution to the problem is, in this special case, to modify the line
127.0.0.1 localhost example.com example
in /etc/hosts to
127.0.0.1 localhost

Solution: run the application with the same user you are SSHing.
I have also encounter such errors while using X11.
The source of my problem was that i used SSH with my own username (which was not root).
Then, once logged in i tired running stuff with X11 while doing "su" or doing "sudo",
the problem with that is that the SSH session is configured with your own username - e.g: Raj, but then you switch to user root which is not part of the X11 session.
So what you should do is simply try to run the application (firefox in your case) with the same user you started the X11 session.
Hope this helps.
Talel.

I ran into this running gvim over ssh -t -Y and the solution that worked for me was:
xauth add $(xauth -f ~<logon_user>/.Xauthority list | tail -1) ; export NO_AT_BRIDGE=1 # gvim X11 fix for remote GUI failure after su
I do not know where I stumbled on this answer so I cannot give credit to the author.