使用ssh -X 登陆远程节点,开远程节点的图形的时候在本地可以弹出图形,但是之后没法操作,后台报错信息如下:
X Error: BadAccess (attempt to access private resource denied) 10
Major opcode: 2 (X_ChangeWindowAttributes)
Resource id: 0x1a3
Xlib: extension "SYNC" missing on display "localhost:23.0".
X Error: BadWindow (invalid Window parameter) 3
Major opcode: 25 (X_SendEvent)
Resource id: 0x1200003

It seems the "BadAccess" error is a clue. You might need to use both options -X and -Y (?), and on the host you need to add ForwardX11Trusted yes to your ssh configuration file.

From man ssh
     -X      Enables X11 forwarding.  This can also be specified on a per-host
             basis in a configuration file.

             X11 forwarding should be enabled with caution.  Users with the
             ability to bypass file permissions on the remote host (for the
             user's X authorization database) can access the local X11 display
             through the forwarded connection.  An attacker may then be able
             to perform activities such as keystroke monitoring.

             For this reason, X11 forwarding is subjected to X11 SECURITY ex‐
             tension restrictions by default.  Please refer to the ssh -Y op‐
             tion and the ForwardX11Trusted directive in ssh_config(5) for
             more information.

     -x      Disables X11 forwarding.

     -Y      Enables trusted X11 forwarding.  Trusted X11 forwardings are not
             subjected to the X11 SECURITY extension controls.
From man ssh_config
             If this option is set to yes, remote X11 clients will have full
             access to the original X11 display.

             If this option is set to no (the default), remote X11 clients
             will be considered untrusted and prevented from stealing or tam‐
             pering with data belonging to trusted X11 clients.  Furthermore,
             the xauth(1) token used for the session will be set to expire af‐
             ter 20 minutes.  Remote clients will be refused access after this

             See the X11 SECURITY extension specification for full details on
             the restrictions imposed on untrusted clients.

If you're trying to open a remote desktop, I'd recommend TigerVNC.

試試看用 ssh -Y 看看

ok, I‘ll try

估计还是配置的问题,平时默认配置能正常用,就没有仔细研究过底下的细节 :sweat_smile:

配置了“ForwardX11Trusted yes”在.ssh/config文件里,使用ssh -Y登录远程服务器就可以正常使用了,多谢楼上的大侠们指导 :kissing_heart:

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by