Chrome Version : Chromium 83.0.4103.116 snap Other browsers tested: Add OK or FAIL, along with the version, after other browsers where you have tested this issue:
Firefox: OK, "Mozilla Firefox 78.0.1" Chromium (non-span): OK, "Chromium 83.0.4103.61 Built on Ubuntu , running on Ubuntu 18.04"
What steps will reproduce the problem?
(1) Install chromium on an LXC (Linux Container).
sudo snap install chromium
(2) ssh into the container with X forwarding. Using verbose flag to confirm Xauth is working properly.
$ ssh -vv -X ubuntu@container
...
debug2: x11_get_proto: /usr/bin/xauth list :0 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 1
I believe the "authentication spoofing: message indicates success.
(3) Start chromium. It fails with a message: X11 connection rejected because of wrong authentication. The ssh -vv verbosity is still effective providing additional messaging:
$ chromium
debug1: client_input_channel_open: ctype x11 rchan 5 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 52004
debug2: fd 7 setting O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: X11 connection uses different authentication protocol.
X11 connection rejected because of wrong authentication.
debug2: X11 rejected 1 i0/o0
...
What is the expected result?
In comparison, Firefox works fine.
% firefox
debug1: client_input_channel_open: ctype x11 rchan 5 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 52014
debug2: fd 7 setting O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug1: client_input_channel_open: ctype x11 rchan 6 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 52016
debug2: fd 8 setting O_NONBLOCK
debug1: channel 2: new [x11]
debug1: confirm x11
Additional information
xauth on container:
Using authority file /home/ubuntu/.Xauthority
xauth> list
chromium-ncb/unix:0 MIT-MAGIC-COOKIE-1 b4fbf54faeeddf13beff8cc7663f2f5e
xauth>
xauth on host with display
xauth
Using authority file /run/user/1001/gdm/Xauthority
xauth> list
ub18/unix: MIT-MAGIC-COOKIE-1 41efb8b4c20a67d80d6d2e371b406830
#ffff#75623138#: MIT-MAGIC-COOKIE-1 41efb8b4c20a67d80d6d2e371b406830
xauth>
container sshd_config settings
$ cat /etc/ssh/sshd_config | grep -v '#'
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
X11DisplayOffset 0
X11UseLocalhost yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
Note: changing to X11UseLocalhost no makes no difference.
container os
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Codename: bionic
Note: This is the vanilla ubuntu version provided by LXD/C container server.
host os:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Codename: bionic
Related bugs reports found on this site
- Issue 1026950: Regression: displaying over ssh forwarded X11 shows only grey window
I am guessing this is not with snap but with the older 'apt' installed version. I have also installed the 'apt' version
$ chromium-browser --version
Chromium 83.0.4103.61 Built on Ubuntu , running on Ubuntu 18.04
Initially it just outputs a nondescript white window. I followed one suggestion setting some shell variables to suppress shared memory
export QT_X11_NO_MITSHM=1
export _X11_NO_MITSHM=1
export _MITSHM=0
and then it works. It DOES NOT have the same authorization problem as the snap version.
chromium-browser
debug1: client_input_channel_open: ctype x11 rchan 5 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 52428
debug2: fd 7 setting O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug1: client_input_channel_open: ctype x11 rchan 6 win 65536 max 16384
debug1: client_request_x11: request from 127.0.0.1 52430
debug2: fd 8 setting O_NONBLOCK
debug1: channel 2: new [x11]
debug1: confirm x11
Just like Firefox, it works.
Excellent write up. I'm running into the same issue.