Page MenuHomePhabricator

Cloud VPS: X11 forwarding request failed on channel 0
Open, Needs TriagePublic

Description

When trying to ssh -X to a Cloud CPS box, I get (with -v) X11 forwarding request failed on channel 0 and forwarding is not set up. The usual workarounds (installing xauth, adding X11Forwarding yes / X11UseLocalhost no to sshd_config) do not seem to work.

Event Timeline

Tgr created this task.Jun 6 2018, 11:10 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 6 2018, 11:10 AM
Andrew added a subscriber: Andrew.Jun 8 2018, 2:02 PM

Can you tell me more about that -X? X11 isn't present on any of our servers by default, I don't think I've ever heard of anyone using it on a VPS before.

Tgr added a comment.Jun 10 2018, 1:45 PM

It creates a tunnel inside the SSH connection through which applications running on the remote machine can connect to the X11 server of the local machine (so you can e.g. run selenium tests on the remote and see the browser window as if the browser were running locally).

In this instance, I was just trying to forward the connection from the labs-vagrant box inside that cloud host (so ssh -X into the cloud box and then run vagrant ssh -- -X) but X11 forwarding is broken somehow. Connecting to the vagrant box directly works.

Um is X11 forwarding something that's secure enough to be run between labs and our own machines?

Tgr added a comment.Jun 10 2018, 7:21 PM

AIUI an attacker could snoop on your window contents, maybe even your keystrokes while the connection is open, but that's the worst that could happen.

Krenair added a comment.EditedJun 10 2018, 10:02 PM

Of any window you have or just the ones opened through X forwarding?

Tgr added a comment.Jun 10 2018, 11:40 PM

Hm. In non-trusted mode only the ones that are forwarded from that host, but apparently Debian uses trusted mode by default...not sure what exactly that means. All keyboard events at the very least, probably screenshots too.

Apparently firejail includes an X11 sandbox which is another way to prevent access to local windows.

Vvjjkkii renamed this task from Cloud VPS: X11 forwarding request failed on channel 0 to yjbaaaaaaa.Jul 1 2018, 1:05 AM
Vvjjkkii triaged this task as High priority.
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed a subscriber: Aklapper.
CommunityTechBot raised the priority of this task from High to Needs Triage.
CommunityTechBot renamed this task from yjbaaaaaaa to Cloud VPS: X11 forwarding request failed on channel 0.
CommunityTechBot added a subscriber: Aklapper.