亚马逊 EC2 实例之间的 ssh 与 X11 转发

Posted 2023-02-22

【中文标题】亚马逊 EC2 实例之间的 ssh 与 X11 转发

【英文标题】：ssh between amazon EC2 instances with X11 forwarding

【发布时间】：2017-03-07 04:54:06

【问题描述】：

我在一个 VPC 中有两个 EC2 实例 - 一个堡垒机和一个开发机器。

我可以通过 ssh 进入堡垒并运行 X11 应用程序。但是，当我从堡垒 ssh 到开发机器时，X 转发失败：

> ssh -vX -i ~/.ssh/my_key.pem ec2-user@X.X.X.X 
…
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Remote: Can't get IP address for X11 DISPLAY.
X11 forwarding request failed on channel 0

完整的日志如下。

远程实例（即开发机器）安装了 xauth 包，并且 /etc/ssh/sshd_config 文件（在开发机器上）具有以下条目：

X11Forwarding yes
X11UseLocalhost no

有谁知道问题出在哪里？

干杯 史蒂夫

OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to X.X.X.X [X.X.X.X] port 22.
debug1: Connection established.
debug1: identity file /home/ec2-user/.ssh/my_key.pem type -1
debug1: identity file /home/ec2-user/.ssh/my_key.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA Y:Y:Y:Y:Y:Y:Y:Y:Y
debug1: Host 'X.X.X.X' is known and matches the ECDSA host key.
debug1: Found key in /home/ec2-user/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ec2-user/.ssh/my_key.pem
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to X.X.X.X ([X.X.X.X]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Remote: Can't get IP address for X11 DISPLAY.
X11 forwarding request failed on channel 0

【参考方案1】：

解决方案是将 X11UseLocalhost 设置为“是”。