问题描述
首先,我已经阅读了关于SO的类似问题的答案,但没有一个起作用.
First off: I have read the answers to similar questions on SO, but none of them worked.
情况:
- 带有GUI的应用程序在Arch Linux下的docker容器(CentOS 7.1)中运行. (机器A)
- 机器A连接了一个监视器.
- 我想在Arch Linux客户端计算机上通过X11转发访问此GUI. (机器B)
有效方法:
- GUI在机器A上本地工作(/tmp/.X11-unix安装在Docker容器中).
- 在docker外部运行的任何应用程序的X11转发(X11转发已设置为非docker使用而正确运行).
- 我什至可以在远程登录时切换用户,将
.Xauthority
文件复制到其他用户,并且X11转发也可以.
- GUI works locally on machine A (with /tmp/.X11-unix being mounted in the Docker container).
- X11 forwarding of any app running outside of docker (X11 forwarding is set up and running properly for non-docker usage).
- I can even switch the user while remotely logged in, copy the
.Xauthority
file to the other user and X11 forwarding works as well.
一些设置信息:
- Docker网络是桥接"的.
- 容器可以到达主机(防火墙已打开). 在容器中设置了
-
DISPLAY
变量(由于sshd正在侦听的TCP端口6010,因此将其设置为host-ip-addr:10.0). - 到X转发端口(6010)的数据包正从容器(已选中
tcpdump
)到达主机.
- Docker networking is 'bridged'.
- Container can reach host (firewall is open).
DISPLAY
variable is set in container (to host-ip-addr:10.0 because of TCP port 6010 where sshd is listening).- Packets to X forward port (6010) are reaching the host from the container (
tcpdump
checked).
什么不起作用:
- Docker应用程序的X11转发
- 错误:
X11 connection rejected because of wrong authentication.
xterm: Xt error: Can't open display: host-ip-addr:10.0
我尝试过的事情:
- 在计算机B上使用
ssh -Y
选项启动客户端ssh - 在计算机B的ssh_config中放入
"X11ForwardTrusted yes"
-
xhost +
(因此允许任何客户端连接)在机器B上 - 在计算机B的ssh_config中放入
Host *
- 在计算机A的sshd_config中放入
X11UseLocalhost no
(以允许非本地客户端) - 使用计算机上A上登录用户的
xauth add
在容器中添加X auth令牌 - 只需将工作用户的
.Xauthority
文件复制到容器中 - 确保
.Xauthority
文件具有正确的权限和所有者
- starting client ssh with
ssh -Y
option on machine B - putting
"X11ForwardTrusted yes"
in ssh_config on machine B xhost +
(so allow any clients to connect) on machine B- putting
Host *
in ssh_config on machine B - putting
X11UseLocalhost no
in sshd_config on machine A (to allow non-localhost clients) - Adding the X auth token in the container with
xauth add
from the login user on machine A - Just copying over the
.Xauthority
file from a working user into the container - Making shure
.Xauthority
file has correct permissions and owner
我如何才能禁用所有X安全性并使之正常工作?
How can i just disable all the X security stuff and get this working?
或更妙的是:我如何使其与安全性一起工作?
Or even better: How can i get it working with security?
是否至少有一种方法可以进行广泛的调试,以查看问题出在哪里?
Is there at least a way to enable extensive debugging to see where exactly the problem is?
推荐答案
好,这是东西:
1)登录到远程计算机
1) Log in to remote machine
2)检查使用echo $DISPLAY
3)运行xauth list
4)复制与您的DISPLAY
5)输入您的Docker容器
5) Enter your docker container
6)xauth add <the line you copied>
*
7)使用export DISPLAY=<ip-to-host>:<no-of-display>
*到目前为止一切都好吗?
*so far so good right?
这并不是什么新鲜事物...但是这里有一个转折点:xauth list
为登录用户打印的行看起来像这样(在我的情况下):
This was nothing new...however here is the twist:The line printed by xauth list
for the login user looks something like this (in my case):
<hostname-of-machine>/unix:<no-of-display> MIT-MAGIC-COOKIE-1 <some number here>
因为我使用桥接docker设置,所以X转发端口不在本地侦听,因为sshd不在容器中运行.将上面的行更改为:
Because i use the bridged docker setup, the X forwarding port is not listening locally, because the sshd is not running in the container. Change the line above to:
<ip-of-host>:<no-of-display> MIT-MAGIC-COOKIE-1 <some number here>
本质上:删除/unix
部分.
<ip-of-host>
是sshd运行的IP地址.
<ip-of-host>
is the IP address where the sshd is running.
如上所述设置DISPLAY变量.
Set the DISPLAY variable as above.
因此,错误是环境变量中的DISPLAY
名称与xauth list
/.Xauthority
文件中的条目不是相同"的,并且客户端因此无法正确进行身份验证.
So the error was that the DISPLAY
name in the environment variable was not the "same" as the entry in the xauth list
/ .Xauthority
file and the client could therefor not authenticate properly.
我切换回不受信任的X11转发设置.
I switched back to an untrusted X11 forwarding setting.
但是sshd_config文件中的X11UseLocalhost no
设置很重要,因为传入的连接将来自不同的"机器(docker容器).
The X11UseLocalhost no
setting in the sshd_config file however is important, because the incomming connection will come from a "different" machine (the docker container).
这篇关于X11转发在docker中运行的GUI应用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!