Skip to content

X11 forwarding not working with ssh -X session #11531

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ericpaulsen opened this issue Jan 9, 2024 · 2 comments · Fixed by #11550
Closed

X11 forwarding not working with ssh -X session #11531

ericpaulsen opened this issue Jan 9, 2024 · 2 comments · Fixed by #11550
Assignees
@mafredri
Labels
cli Area: CLI use-case A novel and interesting way to use Coder

Comments

@ericpaulsen
Copy link
Member

ericpaulsen commented Jan 9, 2024
edited
Loading

experienced on 2.6.0 - repro steps:

  1. Download XQuartz (X client for Mac) to local Mac
  2. Start Coder workspace (K8s pod), install xauth via sudo apt-get update && sudo apt-get install -y xauth
  3. Authenticate to Coder via coder login
  4. Run coder config-ssh to config local SSH config file
  5. Run ssh -X coder.<workspace-name>
  6. Run xeyes (install via sudo apt-get install -y x11-apps)
  7. Observe XQuartz application opening, but no window appears
@ericpaulsen ericpaulsen added cli Area: CLI use-case A novel and interesting way to use Coder bug labels Jan 9, 2024
@mafredri
Copy link
Member

mafredri commented Jan 10, 2024
edited
Loading

This problem is due to us not managing xauth properly.

If you forward once, you're fine:

❯ ssh -X coder.w

coder@w ~
❯ xauth list
w/unix:0  MIT-MAGIC-COOKIE-1  4e41a3c0aa69172ca2438c185e7f5262

But the second time you do it, there will be two entries:

❯ ssh -X coder.w

coder@w ~
❯ xauth list
w/unix:0  MIT-MAGIC-COOKIE-1  4e41a3c0aa69172ca2438c185e7f5262
w/unix:0  MIT-MAGIC-COOKIE-1  635ea6298f18b17453ce613ed04ea438

The first one will be used, and thus, authentication fails.

The issue can be worked around by running xauth remove w/unix:0 inside the workspace, then reconnecting with -X (ssh -X coder.w).

To fix this, we should:

  • Remove the entry from .Xauthority on disconnect (if the magic cookie still matches?)
  • On connect, if entry is present, remove/update the magic cookie

@ericpaulsen
Copy link
Member Author

@mafredri - thank you. I confirmed the problem and validated the forwarding works with a single magic cookie entry.

mafredri added a commit that referenced this issue Jan 10, 2024
@mafredri
fix(agent/agentssh): fix X11 forwarding by improving Xauthority manag…
df96dcf 
…ement

Fixes #11531
@mafredri mafredri mentioned this issue Jan 10, 2024
Merged
mafredri added a commit that referenced this issue Jan 10, 2024
@mafredri
fix(agent/agentssh): fix X11 forwarding by improving Xauthority manag…
aab6bff 
…ement

Fixes #11531
mafredri added a commit that referenced this issue Jan 10, 2024
@mafredri
fix(agent/agentssh): fix X11 forwarding by improving Xauthority manag…
43d09a5 
…ement

Fixes #11531
mafredri added a commit that referenced this issue Jan 10, 2024
@mafredri
fix(agent/agentssh): fix X11 forwarding by improving Xauthority manag…
63603e0 
…ement

Fixes #11531
mafredri added a commit that referenced this issue Jan 10, 2024
@mafredri
fix(agent/agentssh): fix X11 forwarding by improving Xauthority manag…
b1d53a6 
…ement (#11550)

Fixes #11531
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mafredri mafredri

Labels
cli Area: CLI use-case A novel and interesting way to use Coder
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(agent/agentssh): fix X11 forwarding by improving Xauthority management coder/coder
2 participants
@mafredri @ericpaulsen