Dropbear X11 Forwarding on Mac with Quartz

General Discussion
1

[edit] I switched to using openssh instead of dropbear using dietpi-software and it’s now working, instructions below.

I have a headless bullseye install on an RPi 2B which I am trying to get setup for running X11 apps remotely on my Sonoma Mac. SSH into the Pi works fine. I had trouble finding configuration options and the configuration file for dropbear but in the end found it here:

/etc/default/dropbear

and added I think the right option: DROPBEAR_X11FWD=1

On the mac side I have installed Quartz v2.8.5 (latest version) using brew install quartz. I have tried connecting using ssh -X with Quartz running and not running.


# the TCP port that Dropbear listens on
DROPBEAR_PORT=22

# any additional arguments for Dropbear
DROPBEAR_EXTRA_ARGS=
DROPBEAR_X11FWD=1

# specify an optional banner file containing a message to be
# sent to clients before they connect, such as "/etc/issue.net"
DROPBEAR_BANNER=""

# RSA hostkey file (default: /etc/dropbear/dropbear_rsa_host_key)

#DROPBEAR_RSAKEY="/etc/dropbear/dropbear_rsa_host_key"

# DSS hostkey file (default: /etc/dropbear/dropbear_dss_host_key)

#DROPBEAR_DSSKEY="/etc/dropbear/dropbear_dss_host_key"

# ECDSA hostkey file (default: /etc/dropbear/dropbear_ecdsa_host_key)

#DROPBEAR_ECDSAKEY="/etc/dropbear/dropbear_ecdsa_host_key"

# ED25519 hostkey file (default: /etc/dropbear/dropbear_ed25519_host_key)

#DROPBEAR_ED25519KEY="/etc/dropbear/dropbear_ed25519_host_key"

# Receive window size - this is a tradeoff between memory and

# network performance
DROPBEAR_RECEIVE_WINDOW=65536

I’ve installed geany on the Pi and checked it works running on a VNC Session to LXDE desktop.

However, geany doesn’t launch from the mac command line through SSH:


ssh -X dietpi@bathroom-dietpi.local

dietpi@Bathroom-DietPi:~$ geany &

[1] 5989

dietpi@Bathroom-DietPi:~$ Unable to init server: Could not connect: Connection refused

Geany: cannot open display

There’s no firewall running on Mac or Pi and I have rebooted the Pi and the Mac.

[Edit] I’m now running the xQuartz terminal so that we have an xterm window and I can verify that the DISPLAY env var on the mac user is set.

I’m also now running xeyes instead of geany as the test.

dietpi@Bathroom-DietPi:~$ xeyes &
[1] 25749
dietpi@Bathroom-DietPi:~$ Error: Can't open display: 
[1]+  Exit 1                  xeyes

Any ideas?

Thanks.

2

Silly question, did you restart dropbear service or reboot the dietpi?

3

Yes, I rebooted. I’ve had another go today and finally had enough… swapped to use openssh instead of dropbeat using dietpi-software and it all now works automagically.

For anyone else trying this…

  1. Switch from dropbear to openssh using dietpi-software.

  2. Install x11-apps on Raspberry Pi:

sudo apt install x11-apps
  1. Install xQuartz on mac using brew.
brew install xQuartz
  1. Run xQuartz and run ssh from xterm window.
ssh -X username@yourhost
  1. Test by running xeyes in the background, the xeyes window should appear on your mac desktop.
xeyes &

It’s not necessary to have xQuartz open at launch of the first X11 application, you can run the X11 app through the Mac terminal if you wish. Mac OS will open xQuartz if it is not already open. xQuartz does need to stay open to maintain the X11 sessions/windows.

1 Like
4

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

5

DROPBEAR_X11FWD is a compile time option, not a runtime option. Debian does not compile its Dropbear package with this set, hence it cannot be enabled.

I was about to ask at the Debian bug tracker to compile this in, but actually it is kinda problematic that it cannot be disabled at runtime then :thinking:. It is possible to restrict it kinda manually with an authorized_keys entry for connections done with a particular key, but there is no config key or cmd option to do so for all connections to a server by default: dropbear(8) — dropbear-bin — Debian bookworm — Debian Manpages