I tried to ssh to linux server (Archlinux) from wsl2 and run X-windows application on wsls. Here comes summary
- wsl2 support wslg by default, see link. You could close it by setting "guiApplications=false" in .wslconfig on windows side
- on linux server side
- enable "X11Forwarding yes " in /etc/ssh/sshd_config" and restart sshd.
- install xauth by "pacman -S xorg-xauth"
- on wsl2 side
- enable "ForwardX11 yes" and "ForwardX11Trusted yes" on .ssh/config
- no need to install xauth on wsl2 side
- DISPLAY variable
- host:display[.screen], for example: localhost:10.0
- see link for detail
- answer from kenorb at link gives a good summary.
- from link1, "Untrusted X11 forwarding was meant to be a way to allow logins to unknown or insecure systems. It generates a cookie with xauth and uses the Security extension to limit what the remote client is allowed to do. But this is widely considered to be not useful, because the Security extension uses an arbitrary and limited access control policy, which results in a lot of applications not working correctly and what is really a false sense of security."
- from link2 , "This is not a limitation of SSH client, but of X server. SSH client should be able to forward untrusted X11 connection if used with X server with SECURITY extension."
- from link2 , "To answer last question, no X Security Extension can not be enabled at runtime, because it is build-time disabled and deprecated by Xorg years ago. Re-enabling was done in RHEL6, it was also considered for RHEL7, but it was not decided to do so"
You could just igore following error message when you "ssh linux server"
"debug1: No xauth program.
Warning: No xauth data; using fake authentication data for X11 forwarding.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Remote: No xauth program; cannot forward X11."
No comments:
Post a Comment