Getting X11 forwarding through ssh working after running su
Posted by daveseff on Mon 29 Jan 2007 at 06:06
Before you issue the su or sudo (but after having ssh'ed into the remote system), request the cookie for the current DISPLAY that's connecting to your X server:
$ xauth list $DISPLAY
You'll get something like
somehost.somedomain:10 mit-magic-cookie-1 4d22408a71a55b41ccd1657d377923ae
Then, after having done su, tell the new user what the cookie is:
$ xauth add somehost.somedomain:10 MIT-MAGIC-COOKIE-1 4d22408a71a55b41ccd1657d377923ae
(just copy'n-paste the output of the above 'xauth list' onto 'xauth add') That's it. Now, you _should_ be able to start any X application.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
Please elaborate when and where do you do that, and under what conditions.
because I really doubt that it will work. ~/.Xauthority is most often of "-rw-------" attribute. nobody else except root can access it. Let alone we are talking about ssh to another box here.
but I maybe wrong, and would like to listen.
thanks
[ Parent | Reply to this comment ]
You are not right. Nobody else but root and the _user_ owning the file can access it. And the user owning the file is .... who?
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
I definitely agree with the previous commenter, though, that the easiest thing to do is to just ssh again into the account of the local user with whom you want to open the x clients.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
Erm... Because some X clients are root only? Such as some system configuration GUI tools for example...
Or sometimes you need to use a GUI tool (for convenience sake) such as kompare on files only accessible by root?
Admittedly, MOST of the time it's unwise to run X clients as root, but that doesn't mean it's ALWAYS a bad idea. It's not utterly taboo or anything. Just not always the best plan as a first option. Better avoided if other options are available.
[ Parent | Reply to this comment ]
I'd been struggling with this recently:
I can't login as user B directly on a Solaris box.
I login as user A, then su to B. Of course, X forwarding stops working. And I need X working to install some proprietary software.
Then I see this article that explains precisely how!
Thanks!
[ Parent | Reply to this comment ]
ssh -X user@hostname
# Gain root privileges,
su -
# and merge the Xauth information like this:
xauth merge /home/user/.Xauthority
Cheers,
Benoît
[ Parent | Reply to this comment ]
Having done "xauth add" my DISPLAY is still empty, and
$ xauth list
seems to takes years to report the cookie...
[ Parent | Reply to this comment ]
I may be wrong as my experience with chroot is limited.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
ssh ip -X -l snot
echo $DISPLAY
copy the output
su -
cat /home/snot/.Xauthority >.Xauthority
export DISPLAY="paste the output of echo $DISPLAY here... without quotes"
not pretty but it works...
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]