X11 Forwarding for non-root user not working

Asked 27/4, 2018 at 22:43 Answered 29/12, 2021 at 17:20

vagrant macos-high-sierra x11-forwarding ubuntu-18.04

Environmental Details

Relevant bits of server's /etc/ssh/sshd_config:

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost no

Relevant bits of client's $HOME/.ssh/config:

Host *
    XAuthLocation /opt/X11/bin/xauth
    ForwardX11 yes
    ForwardX11Trusted yes

Using XQuartz on macOS High Sierra.

The Problem

I'm spinning up a vagrant Ubuntu 18.04 VM. I've added a second user outside of the vagrant user.

ssh -X vagrant@ubuntu-bionic xclock

I can get X11Forwarding to work when I login as the vagrant user. I cannot get X11Forwarding to work when I login as the ops user.

ssh -X ops@ubuntu-bionic xclock

X11 forwarding request failed on channel 0
Error: Can't open display:

I want to be able to get it to work with the ops user. From the client, $DISPLAY has a value. When I login with vagrant, $DISPLAY has a value. When I login as ops, $DISPLAY is unset. If I set $DISPLAY to match what it is with the vagrant user, I get the same error:

Error: Can't open display: localhost:10.0

when X11UseLocalhost yes

Error: Can't open display: ubuntu-bionic:10.0

when X11UseLocalhost no

If I login as ops and then sudo su - vagrant, $DISPLAY remains unset. If I login as vagrant and then sudo su - ops, $DISPLAY is inherited.

What am I missing to get this to work? I've run xhost + in each user (including sudo -s root xhost +) and it still doesn't work.

If I add -vv to my ssh commands, I see this message when connecting as vagrant:

X11 forwarding request accepted on channel 0

and as ops:

Remote: X11 forwarding disabled in user configuration file.
X11 forwarding request failed on channel 0

Argali answered 27/4, 2018 at 22:43 Comment(3)

On the ubuntu machine, what is in the ~ops/.ssh/config file? (ie, in /home/ops/.ssh/config) any differences between that and the one in the vagrant users' home dir? – Heterophyte 27/4, 2018 at 23:17

The server vagrant/ops home directories don't currently have a ~/.ssh/config file. – Argali 28/4, 2018 at 0:6

Now both vagrant/ops have the contents of the ~/.ssh/config referenced at the top of the post. Still not working. – Argali 30/4, 2018 at 0:6

I don't get the whole topic, but for my very similar situation it helped to create the users~/.Xauthorityfile. I copied it from the vagrant users home directory and then set the new ownership.

Cessionary answered 12/9, 2018 at 18:54 Comment(1)

If you install xauth the file will be created and populated automatically. – Ecg 29/12, 2021 at 14:57

On macOS BigSur with XQuartz 2.8.1 (xorg-server 1.20.11):

Setting the following into my Vagrantfile solved it for me (for ubuntu 20.04):

  config.vm.provision "shell",
    inline: "apt-get update && apt-get upgrade -y && apt-get install xauth -y"
  config.ssh.forward_agent = true
  config.ssh.forward_x11 = true

The whole Vagrantfile would be:

Vagrant.require_version ">= 2.2.3"

Vagrant.configure("2") do |config|
  config.vm.provider "virtualbox" do |v, override|
    override.vm.box = "bento/ubuntu-20.04"
  end
  config.vm.provision "shell",
    inline: "apt-get update && apt-get upgrade -y && apt-get install xauth firefox firefox-geckodriver -y"
  config.ssh.forward_agent = true
  config.ssh.forward_x11 = true
end

Allows running firefox -no-remote https://stackoverflow.com/ through the X server. The -no-remote flag is added since it seems to reduce the latency.

As inspired by a guide on How to enable and use SSH X11 Forwarding on Vagrant Instances by Josphat Mutai.

Ecg answered 29/12, 2021 at 17:20 Comment(0)

Environmental Details

The Problem

Recommended topics

Hot tags