• North America: +1-866-798-4426
  • APAC: +61 (0) 2 9191 7427
  • Europe: +44 (0) 20 3411 8378
Login Client Support
Contact
Business Insights Technical Track Pythian Life

Enable X11 forwarding after Sudo SSH session for AWS EC2 Linux instance

by
January 9, 2019
Posted in: Technical Track
Tags:

Working with a secure environment presents some challenges and this post will demonstrate how to overcome one of the challenges.

Prerequisites: Configuration for X-Windows must have been completed.

Scenario: From laptop, connect to dinh@host, then connect to ssh ec2-user, then sudo su – oracle.

### Connect to AWS EC2 instance
[dinh@securehost ~]$ ssh -X ec2-user@ipaddress
Last login: Fri Dec  7 14:41:41 2018 from gw.ca.adm.pythian.com

       __|  __|_  )
       _|  (     /   Amazon Linux AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2018.03-release-notes/
13 package(s) needed for security, out of 16 available
Run "sudo yum update" to apply all updates.

### Test xclock works from ec2-user
[ec2-user@ipaddress ~]$ xclock
Warning: Missing charsets in String to FontSet conversion
^C

### Show all magic cookie
[ec2-user@ipaddress ~]$ xauth list
ipaddress/unix:12  MIT-MAGIC-COOKIE-1  7e53e7600ff4177d7bbc66bde0a1b1ca
ipaddress/unix:11  MIT-MAGIC-COOKIE-1  e3d1a8915484c929ef3e809b047e6352
ipaddress/unix:10  MIT-MAGIC-COOKIE-1  07b3de3093cef835c19239ea952231b7

### Show DISPLAY variable
[ec2-user@ipaddress ~]$ env|grep DISPLAY
DISPLAY=localhost:10.0

### Create /tmp/xauth based on current DISPLAY variable
[ec2-user@ipaddress ~]$ xauth list | grep unix`echo $DISPLAY | cut -c10-12` > /tmp/xauth
[ec2-user@ipaddress ~]$ ll /tmp/xauth ; cat /tmp/xauth 
-rw-rw-r-- 1 ec2-user ec2-user 78 Dec  7 14:47 /tmp/xauth
ipaddress/unix:10  MIT-MAGIC-COOKIE-1  07b3de3093cef835c19239ea952231b7

### Sudo to oracle
[ec2-user@ipaddress ~]$ sudo su - oracle
Last login: Fri Dec  7 14:43:12 UTC 2018 on pts/0

### Add and Verify xauth
[oracle@ipaddress ~]$ xauth add `cat /tmp/xauth`
[oracle@ipaddress ~]$ xauth list
ipaddress/unix:10  MIT-MAGIC-COOKIE-1  07b3de3093cef835c19239ea952231b7

### Verify and Add DISPLAY variable
[oracle@ipaddress ~]$ env|grep DISPLAY
[oracle@ipaddress ~]$ export DISPLAY=localhost:10.0

### Test xclock works from oracle
[oracle@ipaddress ~]$ xclock
Warning: Missing charsets in String to FontSet conversion
^C
[oracle@ipaddress ~]$ 

### Example of failed xclock
[oracle@ipaddress ~]$ xclock
Error: Can't open display: 
[oracle@ipaddress ~]$ xclock
email

Interested in working with Michael? Schedule a tech call.

No comments

Leave a Reply

Your email address will not be published. Required fields are marked *

© Copyright 2019 Pythian Group Inc. ® ALL RIGHTS RESERVED.

PYTHIAN®, LOVE YOUR DATA®, and ADMINISCOPE® are trademarks and registered trademarks owned by Pythian in North America and certain other countries, and are valuable assets of our company. Other brands, product and company names on this website may be trademarks or registered trademarks of Pythian or of third parties. Use of trademarks without permission is strictly prohibited.