AWS - Exporting X11 Display from EC2 to MAC
Pre-requisites
MAC
Tool | Use |
|---|---|
SSH | To connect securely to the EC2 instance |
X11 server for displaying X11 windows on MAC. |
EC2
Required packages to install.
Amazon Linux
1yum install -y xauth
2yum install -y xclock
3yum install -y libXtst
Ubuntu
1apt-get install -y x11-apps.ssh/config
macOS Catalina upgrade requires an additional line to be added to both the Host stanzas
ForwardX11Trusted yes
1Host cfs
2 HostName 10.227.110.91
3 User ubuntu
4 ProxyCommand ssh -W %h:%p fmw-dev-bastion
5 ServerAliveInterval 60
6 IdentityFile ~/.ssh/infradev-cfs-linux-key-pair.pem
7 ForwardX11 yes
8 ForwardX11Trusted yesEnsure the ForwardX11 yes is included in your Host stanza
Login to your EC2
You should see the following
1/usr/bin/xauth: file /home/ubuntu/.Xauthority does not existYou should now have a file created as follows:
1ubuntu@ip-10-227-110-91:~$ ls -al .Xauthority
2-rw------- 1 ubuntu ubuntu 62 Jan 23 11:42 .Xauthority
3ubuntu@ip-10-227-110-91:~$
This file contains your Xauthority information which is the info required to tunnel your X11 traffic back through your SSH connection to your MAC.
If you get the following error:
1X11 forwarding request failed on channel 0it may be that the AMI you are using has been locked down to restrict X11 Forwarding.
You will need to temporarily enable X11 Forwarding for the purpose of your task and then disable again.
Check the following file contents:
1/etc/ssh/sshd_configThere should be a line as follows:
1X11Forwarding no
2X11UseLocalhost no
Change these from “no” to a “yes” and save the file. You may also find one or both of these commented out in the file, make sure you comment them in and set them both to “yes”
Restart the sshd daemon to pick up the change
1service sshd restartTest the X11 connection
If everything has been setup correctly, you should be able to run “xclock” and this should display on your MAC screen.
1ubuntu@ip-10-227-110-91:~$ xclockYou should see XQuartz start and the following window appear.
Close the Xclock either via the window or Control-C on the command.
Save your Xauthority information
You can now save you Xauthority information as follows:
1ubuntu@ip-10-227-110-91:~$ xauth add
2ip-10-227-110-91/unix:10 MIT-MAGIC-COOKIE-1 8f7b6e6282238bc516b5c0d89eebde49
Save the line output to your clipboard for use in a moment.
Switch to the new user and setup the Xauth information
You can now sudo to root or switch to another user.
Note: when you switch to a new user your xauth information and DISPLAY are lost. Hence the need to save your Xauthority information.
1ubuntu@ip-10-227-110-91:~$ sudo su -
2root@ip-10-227-110-91:~# su - orasoa
3$
Once you are using the require user run the following :
1$ xauth add <PASTE THE CLIPBOARD YOU SAVED ABOVE>
2e.g.
3$ xauth add ip-10-227-110-91/unix:10 MIT-MAGIC-COOKIE-1 8f7b6e6282238bc516b5c0d89eebde49
4xauth: file /home/orasoa/.Xauthority does not exist
5$
Once the xauth information is registered, you need to set your DISPLAY variable as follows:
1$ export DISPLAY=localhost:10.0Once this is set, you should be able to run xclock and see the same window as above but this time it will be run as the user you switch to.
1$ xclockRemember to revert the sshd_config change you made above once you have finished.
Comments