AWS Compute BlogHow to enable X11 forwarding from Red Hat Enterprise Linux (RHEL), Amazon Linux, SUSE Linux, Ubuntu server to support GUI-based installations from Amazon EC2by Emma White | on 05 OCT 2020 | in Amazon EC2, Compute, How-To | Permalink | Comments | Share Show
This post was written by Sivasamy Subramaniam, AWS Database Consultant. In this post, I discuss enabling X11 forwarding from Red Hat Enterprise Linux (RHEL), Amazon Linux, SUSE Linux, Ubuntu servers running on Amazon EC2. This is helpful for system and database administrators, and application teams that want to perform software installations on Amazon EC2 using GUI method. This blog provides detailed steps around SSH and x11 tools, various network and operating system (OS) level settings, and best practices to achieve the X11 forwarding on Amazon EC2 when installing databases like Oracle using GUI. There are several techniques to connect Amazon EC2 instances to manage OS level configurations. Typically, you use SSH clients (such as PuTTY or SSH client) to establish the connection from the Windows OS-based bastion or jump servers to connect with Amazon EC2 instances running linux-based OS. Most commonly, database administrators use a common Database Management, bastion host, or jump servers to connect database servers. They do this instead of directly using their laptops connecting to the database servers. They can install all the needed tools in one server to perform database administrative or support activities. During the application installation or configuration, you might need to install software such as an Oracle database or a third-party database using GUI methods. This blog talks about steps that must be done in order to forward the X11 screen to your highly secure Windows OS-based bastion hosts. You can consider using NICE DCV as an alternative option for running GUI-based applications. Please refer to the prior link for more details and steps to enable NICE DCV. PrerequisitesTo complete this walkthrough the following is required:
SolutionConnect to your EC2 instance using SSH client, and perform following setup as needed. Step 1: Install required X11 packagesInstall X11 packages with following command based on your operating system release and version: Installing xclock or xterm packages are optional as this is installed in this post to test the X11 forwarding using xclock or xterm commands. Amazon Linux 2: To install X11 related packages: $ sudo yum install xorg-x11-xauth To install X11 testing tools: $ sudo yum install xclock xterm Red Hat Enterprise Linux 8: To install X11 related packages: $ sudo yum install xorg-x11-xauth To install X11 testing tools: $ sudo yum install xterm Note: The xorg-x11-apps package has been provided in the CodeReady Linux Builder Repository for RHEL8. So, I skipped installing this package, which has xclock and I used only xterm to test the X11 forwarding. SUSE Linux Enterprise Server 15 SP1: To install X11 related packages: $ sudo zypper install xauth To install X11 testing tools: $ sudo zypper install xclock Ubuntu Server 18: To install X11 related packages and tools: $ sudo apt install x11-apps Step 2: configure X11 forwardingTo enable X11 Forwarding, change the “X11Forwarding” parameter using vi editor to “yes” in the /etc/ssh/sshd_config file if either commented out or set to no. $ sudo vi /etc/ssh/sshd_config To Verify X11Forwarding parameter: $ sudo cat /etc/ssh/sshd_config |grep -i X11Forwarding You should see similar output as the following: X11Forwarding yes To restart ssh service if you changed the value in /etc/ssh/sshd_config: Amazon Linux 2, RHEL 8 and SUSE Linux OS: $ sudo service sshd restart Ubuntu Servers: $ sudo service ssh restart Step 3: Configure putty and Xming to perform X11 forwarding connect and verify X11 forwardingLog in to your Windows bastion host. Then, open a fresh PuTTY session, and use a private key or password-based authentication per your organization setup. Then, test the xclock or xterm command to see x11 forwarding in action.
Now that you set up PuTTY, xming, and configured the x11 settings, you can click on load button and then Open button. This opens up a new SSH terminal with x11 forwarding enabled. Now, I move on to the testing X11 forwarding. Test the X11 from the use you logged in: Example: $ xauth list $ export DISPLAY=localhost:10.0 $ xclock or xterm You should see the sample output and xclock or xterm window opened similar to the following image. This means your x11 forwarding setup working as expected, and you can start using GUI-based application installation or configuration by running the installer or configuration tools. Step 4: Configure the EC2 Linux session to forward X11 if you are switching to different user after login to run GUI-based installation / commandsIn this example: ec2-user is the user logged in with SSH and then switched to oracle user. From the Logged User to identify the xauth details: $ xauth list $ env|grep DISPLAY $ xauth list | grep unix`echo $DISPLAY | cut -c10-12` > /tmp/xauth Switch to the user where you want to run GUI-based installation or tools: $ sudo su - oracle $ xauth add `cat /tmp/xauth` $ xauth list $ env|grep DISPLAY $ export DISPLAY=localhost:10.0 $ xclock You should see the sample output and xclock or xterm window opened similar to the following image. This means your x11 forwarding setup is working as expected even after switched to different user. You can start using GUI-based application such as running the installer or configuration tools.
ConclusionIn this blog, I demonstrated how to configure Amazon EC2 instances running on various linux-based operating systems to forward X11 to the Windows OS-based bastion host. This is helpful to any application installation that requires GUI-based installation methods. This is also helpful to any bastion hosts that provide highly secure and low latency environments to perform SSH related operations including GUI-based installations as this does not require any additional network configuration other than opening the port 22 for standard SSH authentication. Please try this tutorial for yourself, and leave any comments following!
View Comments
ResourcesServerless Computing and Applications Amazon Container Services AWS Messaging Cloud Compute with AWS Desktop and Application Streaming
FollowTwitter Facebook LinkedIn Twitch Email Updates |