Mon 19 August 2019

Launching Chrome from a Remote Ubuntu Server over SSH

Posted by Kyle Pericak in systems administration

One pain point I often have is SSH forwarding the ports for a bunch of web services and IPMI/IDRAC/ILO/Whatever connections through my pivot server to my workstation. Its really tedious, and having a web UI right on the jump server's subnet can be really helpful.

In this guide, I show how I launch Chrome on a remote Ubuntu server without ever installing any graphics tools like Ubuntu Desktop on that server, and without needing VNC/RDP/PCOIP/etc. X11 forwarding lets the XQuarts process on a MacBook render the browser, while it still uses the networking on the Ubuntu server it launched from.

Table of contents:

Configure Workstation (MacBook) SSH Settings for X11 Forwarding
- Set XAuthLocation
- Enable ForwardAgent and ForwardX11
Remotely Launch Graphical Apps with XWindows
- Install Chrome
- Install X11-apps for xeyes
Launch Forwarded XWindows Session
- Open SSH session with X11 Forwarding Enabled.
Troubleshooting
Reference Links

Configure Workstation (MacBook) SSH Settings for X11 Forwarding

If you're not using a MacBook, this won't apply.

Set XAuthLocation

The workstation needs to allow X11 forwarding. Some brilliant update broke it in my version of Mac OS I had to set the XAuthLocation in ssh_config.

vi /etc/ssh/ssh_config

Host *
  SendEnv LANG LC_*
  XAuthLocation /usr/X11/bin/xauth
  ServerAliveInterval 60
  ForwardX11Timeout 596h

Enable ForwardAgent and ForwardX11

My hostname was adc-bmc and its IP was 192.168.2.2. Alter this as needed. On your workstation:

vi ~/.ssh/config

Host adc-bmc
  HostName 192.168.2.2
  ForwardAgent yes
  ForwardX11 yes

Remotely Launch Graphical Apps with XWindows

Install Chrome

You can use Firefox or whatever instead. Chrome's install will fail due to missing dependencies, but apt can sort it out.

wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
dpkg -i google-chrome-stable_current_amd64.deb
apt-get install -f
dpkg -i google-chrome-stable_current_amd64.deb

Install X11-apps for xeyes

This is just for fun and testing. Xeyes is kind of neat.

apt-get install -y x11-apps

Launch Forwarded XWindows Session

Open SSH session with X11 Forwarding Enabled.

XWindows can be passed through SSH. Open a new terminal window and connect to the server using the -X flag to enable X forwarding on the client.

The xeyes application is a fun test.

ssh -X [email protected] xeyes

If that works, try Chrome. The extra flags enable compression and use a faster encryption algorithm. If they cause problems, just use -X.

ssh -XC -c [email protected] [email protected] google-chrome

Troubleshooting

xauth: timeout in locking authority file ~/.Xauthority

As your not-root user, remove and chmod some files.

sudo rm ~/.Xauthority-c
sudo rm ~/.Xauthority-l
sudo rm -r ~/.Xauthority
mkdir ~/.Xauthority
chmod 0600 ~/.Xauthority

$DISPLAY is Empty, No xauth program

On your mac, if you connect with ssh -v -X ... and you get an error line saying No xauth program, then you need to edit your SSH config to specify the xauth path. Mine was /usr/X11/bin/xauth.

X11 connection rejected because of wrong authentication.

If you're on Mac, this can happen when you didn't set the XAuthLocation ssh configuration.

Kyle Pericak