Business Insights Technical Track Pythian Life

Enable X11 forwarding after Sudo SSH session for AWS EC2 Linux instance

by
January 9, 2019
Posted in: Technical Track
Tags:

Working with a secure environment presents some challenges and this post will demonstrate how to overcome one of the challenges.

Prerequisites: Configuration for X-Windows must have been completed.

Scenario: From laptop, connect to [email protected], then connect to ssh ec2-user, then sudo su – oracle.

### Connect to AWS EC2 instance
[[email protected] ~]$ ssh -X [email protected]
Last login: Fri Dec  7 14:41:41 2018 from gw.ca.adm.pythian.com

       __|  __|_  )
       _|  (     /   Amazon Linux AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2018.03-release-notes/
13 package(s) needed for security, out of 16 available
Run "sudo yum update" to apply all updates.

### Test xclock works from ec2-user
[[email protected] ~]$ xclock
Warning: Missing charsets in String to FontSet conversion
^C

### Show all magic cookie
[[email protected] ~]$ xauth list
ipaddress/unix:12  MIT-MAGIC-COOKIE-1  7e53e7600ff4177d7bbc66bde0a1b1ca
ipaddress/unix:11  MIT-MAGIC-COOKIE-1  e3d1a8915484c929ef3e809b047e6352
ipaddress/unix:10  MIT-MAGIC-COOKIE-1  07b3de3093cef835c19239ea952231b7

### Show DISPLAY variable
[[email protected] ~]$ env|grep DISPLAY
DISPLAY=localhost:10.0

### Create /tmp/xauth based on current DISPLAY variable
[[email protected] ~]$ xauth list | grep unix`echo $DISPLAY | cut -c10-12` > /tmp/xauth
[[email protected] ~]$ ll /tmp/xauth ; cat /tmp/xauth 
-rw-rw-r-- 1 ec2-user ec2-user 78 Dec  7 14:47 /tmp/xauth
ipaddress/unix:10  MIT-MAGIC-COOKIE-1  07b3de3093cef835c19239ea952231b7

### Sudo to oracle
[[email protected] ~]$ sudo su - oracle
Last login: Fri Dec  7 14:43:12 UTC 2018 on pts/0

### Add and Verify xauth
[[email protected] ~]$ xauth add `cat /tmp/xauth`
[[email protected] ~]$ xauth list
ipaddress/unix:10  MIT-MAGIC-COOKIE-1  07b3de3093cef835c19239ea952231b7

### Verify and Add DISPLAY variable
[[email protected] ~]$ env|grep DISPLAY
[[email protected] ~]$ export DISPLAY=localhost:10.0

### Test xclock works from oracle
[[email protected] ~]$ xclock
Warning: Missing charsets in String to FontSet conversion
^C
[[email protected] ~]$ 

### Example of failed xclock
[[email protected] ~]$ xclock
Error: Can't open display: 
[[email protected] ~]$ xclock
email

Author

Want to talk with an expert? Schedule a call with our team to get the conversation started.

2 Comments. Leave new

ch37ann
April 28, 2019 10:56 pm

Thanks for sharing I had similar issue. After following the instructions I was able to fix.

Reply
Michael Dinh
May 3, 2019 6:58 am

Thanks for the feedback.

Reply

Leave a Reply

Your email address will not be published.

  • dba-cloud-services

    DBA Cloud Services
  • Annual Big Data

    • Contact Us