X-forwarding for non root user

Support for security such as Firewalls and securing linux
Post Reply
v0f41k
Posts: 1
Joined: 2022/12/28 07:54:34

X-forwarding for non root user

Post by v0f41k » 2022/12/28 08:29:59

I use putty running on windows laptop to connect centos8 host.
When create session I enable x-forwarding (Connection->Ssh->X11 Enable X11 forwarding, enter win_host_ip).
on centos host i set environment variable

Code: Select all

export DISPLAY=win_host_ip:0.0
It works good when I logon with root account, but doesn't with user account or admin account which is member of wheel group and has root access in /etc/sudoers

Code: Select all

admin ALL=(ALL)  ALL
At /etc/ssh/sshd_config

Code: Select all

PermitRootLogin yes
How to fix the problem?

Which permissions user should have to use x-forwarding?

When admin account which is member of wheel group and has root sudo access remote putty ssh console starts with "$" sign, and only after sudo or su command console has "#" sign. When root logons remotely console starts with "#" sign.
How let admin user console start with "#" sign without sudo or su?

chemal
Posts: 776
Joined: 2013/12/08 19:44:49

Re: X-forwarding for non root user

Post by chemal » 2022/12/29 18:35:02

You are not supposed to set DISPLAY after logging in to the linux machine. Ssh takes care of that when X forwarding is enabled. It will be something like localhost:10.0, so the value you set is totally wrong (it's for a direct X connection without ssh forwarding X).

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: X-forwarding for non root user

Post by TrevorH » 2022/12/29 20:06:45

Also, sudo is deliberately set up to NOT pass the environment variable through to thigns that are invoked via sudo.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply