Enable X11 forwarding after Sudo SSH session for AWS EC2 Linux instance
Working with a secure environment presents some challenges and this post will demonstrate how to overcome one of the challenges. Prerequisites: Configuration for X-Windows must have been completed. Scenario: From laptop, connect to dinh@host, then connect to ssh ec2-user, then sudo su - oracle.
### Connect to AWS EC2 instance [dinh@securehost ~]$ ssh -X ec2-user@ipaddress Last login: Fri Dec 7 14:41:41 2018 from gw.ca.adm.pythian.com __| __|_ ) _| ( / Amazon Linux AMI ___|\___|___| https://aws.amazon.com/amazon-linux-ami/2018.03-release-notes/ 13 package(s) needed for security, out of 16 available Run "sudo yum update" to apply all updates. ### Test xclock works from ec2-user [ec2-user@ipaddress ~]$ xclock Warning: Missing charsets in String to FontSet conversion ^C ### Show all magic cookie [ec2-user@ipaddress ~]$ xauth list ipaddress/unix:12 MIT-MAGIC-COOKIE-1 7e53e7600ff4177d7bbc66bde0a1b1ca ipaddress/unix:11 MIT-MAGIC-COOKIE-1 e3d1a8915484c929ef3e809b047e6352 ipaddress/unix:10 MIT-MAGIC-COOKIE-1 07b3de3093cef835c19239ea952231b7 ### Show DISPLAY variable [ec2-user@ipaddress ~]$ env|grep DISPLAY DISPLAY=localhost:10.0 ### Create /tmp/xauth based on current DISPLAY variable [ec2-user@ipaddress ~]$ xauth list | grep unix`echo $DISPLAY | cut -c10-12` > /tmp/xauth [ec2-user@ipaddress ~]$ ll /tmp/xauth ; cat /tmp/xauth -rw-rw-r-- 1 ec2-user ec2-user 78 Dec 7 14:47 /tmp/xauth ipaddress/unix:10 MIT-MAGIC-COOKIE-1 07b3de3093cef835c19239ea952231b7 ### Sudo to oracle [ec2-user@ipaddress ~]$ sudo su - oracle Last login: Fri Dec 7 14:43:12 UTC 2018 on pts/0 ### Add and Verify xauth [oracle@ipaddress ~]$ xauth add `cat /tmp/xauth` [oracle@ipaddress ~]$ xauth list ipaddress/unix:10 MIT-MAGIC-COOKIE-1 07b3de3093cef835c19239ea952231b7 ### Verify and Add DISPLAY variable [oracle@ipaddress ~]$ env|grep DISPLAY [oracle@ipaddress ~]$ export DISPLAY=localhost:10.0 ### Test xclock works from oracle [oracle@ipaddress ~]$ xclock Warning: Missing charsets in String to FontSet conversion ^C [oracle@ipaddress ~]$ ### Example of failed xclock [oracle@ipaddress ~]$ xclock Error: Can't open display: [oracle@ipaddress ~]$ xclock
Share this
Previous story
← Cloud security: what you don't know will hurt you
You May Also Like
These Related Stories
How to configure X11 for Vagrant Box
How to configure X11 for Vagrant Box
Apr 10, 2019
6
min read
Backup Oracle E-Business Suite Running on AWS EC2
Backup Oracle E-Business Suite Running on AWS EC2
Jun 21, 2023
5
min read
How to install 18c Grid Infrastructure in Silent Mode on Linux 7
How to install 18c Grid Infrastructure in Silent Mode on Linux 7
Jul 8, 2019
4
min read
No Comments Yet
Let us know what you think