Use X11 container over SSH
Setup
Server-side: setup
Enable SSHD X11 forwarding
/etc/ssh/sshd_config
X11Forwarding yes
X11UseLocalhost no
/etc/init.d/ssh reload
Install xauth
In debian-distro
sudo apt install xauth
Client-side: setup (macOS)
Install XQuartz
brew install xquartz
open -a xquartz
Connect to server
ssh -X [<user>@]<host>[:<port>]
Server-side: Run container
I use podman instead of docker. so below is podman installed environment’s result.
Check network interface
This article just consist initial condition of install docker or podman by major distro’s package manager(apt, yum).
Most of them create default network interface.
Check network interfaces to find host’s ip that will be using to connect container to host.
If you installed docker, defaultly
dockerinterface will be appear.
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000
link/ether 02:00:17:02:6d:6a brd ff:ff:ff:ff:ff:ff
inet 10.0.0.157/24 metric 100 brd 10.0.0.255 scope global enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::17ff:fe02:6d6a/64 scope link
valid_lft forever preferred_lft forever
3: cni-podman0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether e6:57:78:2f:f0:c1 brd ff:ff:ff:ff:ff:ff
inet 10.88.0.1/16 brd 10.88.255.255 scope global cni-podman0
valid_lft forever preferred_lft forever
inet6 fe80::e457:78ff:fe2f:f0c1/64 scope link
valid_lft forever preferred_lft forever
If no
cni-podman0appears, but you use podman. just run any container. than created. Interesting design difference between docker and podman is this.(and most reason of not seen issue on docker) if you don’t run anything. nothing created. in docker, you should startdockerdand every containers are forked bydockerd. but podman, no daemon to keep those. resources(in this case,cni-podman0) are created on demand.
To running x11 application
Need to passing DISPLAY with .Xauthority.
.Xauthority will include <hostname>:10 that automatically generated by ssh -X. (check it by xauth list)
In container, basically, access host’s hostname is not configured. and need to add credentials with host.containers.internal(for Podman) or host.docker.internal(for Docker).
It makes more complexity. so, simply to bypass those steps, modify /etc/hosts by --add-host for use directly ssh -X generated .Xauthority.
podman run \
-v ~/.Xauthority:/root/.Xauthority \
-e DISPLAY \
--add-host $(hostname):$(ip a show dev cni-podman0|grep "inet "|awk -F'[ /]' '{print $6}') \
-it --rm bitnami/minideb
(Not tested) For docker just modify ip a’s device name for it.
docker run \
-v ~/.Xauthority:/root/.Xauthority \
-e DISPLAY \
--add-host $(hostname):$(ip a show dev docker|grep "inet "|awk -F'[ /]' '{print $6}') \
-it --rm bitnami/minideb
Test it
If you follow this article, now, you connected container’s bash.
Now, install x11-apps for testing it works
install_packaged x11-apps
xclock
You can see clock on your local.
Troubleshooting
connection rejected because of wrong authentication
Check ping in container instance to host by passed hostname(host’s hostname).
maybe it pointed 127.0.1.1.
to fix this issue, remove line that configure hostname to loopback in /etc/hosts
it looks like below
127.0.1.1 <HOSTNAME>
just remove this line by
sudo vim /etc/hosts
This will be automatically restored when reboot. it is due to
cloud-init.
to fix this issue, simpler way is just disable update_etc_hosts by edit /etc/cloud/cloud.cfg
sudo vim /etc/cloud/cloud.cfg
just add # to comment out
- update_etc_hosts
#- update_etc_hosts