Why is %#$& X11 failing to authorize this SSH connection? :(

R P Herrold herrold at owlriver.com
Mon Jul 26 16:57:05 MST 2010 

On Mon, 26 Jul 2010, kitepilot at kitepilot.com wrote:

> So I do:

> kitepilot at beechjet:~$ ssh -vvv -fCX ayx09 at turbocommander VirtualBox > 
> /tmp/junkX11-VirtualBox.log 2>&1 
> And I get my Virtual Box screen up and I can do whatever I want except to 
> star a VM because:

> When I do this:
> kitepilot at beechjet:~$ ssh -vvv -fCX ayx09 at turbocommander 'VBoxManage startvm 
> Unum' > /tmp/junkX11-VBoxManage.log 2>&1 
> X11 fails to authorize!

You flopped the URLs and the session logs relative toyour 
narrative so I identify them

the first   http://www.kitepilot.com/junkX11-VBoxManage.log

debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 
max 16384
debug1: client_request_x11: request from 127.0.0.1 33887
debug2: fd 4 setting O_NONBLOCK
debug3: fd 4 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug3: Wrote 48 bytes for a total of 3015
debug2: X11 connection uses different authentication protocol.
X11 connection rejected because of wrong authentication.
debug2: X11 rejected 1 i0/o0



the second    http://www.kitepilot.com/junkX11-VirtualBox.log

debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 
max 16384
debug1: client_request_x11: request from 127.0.0.1 33888
debug2: fd 4 setting O_NONBLOCK
debug3: fd 4 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug3: Wrote 48 bytes for a total of 2999
debug3: Wrote 464 bytes for a total of 3463

The MIT magic cookie exchange, needed for xauth and 
credentials forwarding is failing on the first

The command being passed in is:

 	debug1: Sending command: VBoxManage startvm Unum

Something like this may work from the client side

 	su - -c VBoxManage startvm Unum

per: info su:

...
      login startup file(s).  Additionaly `DISPLAY' and `XAUTHORITY'
      environment variables are preserved as well for PAM functionality


Run the first inside a terminal login subshell, and it should 
succeed  The management interface probably does not spawn a 
pty by default and it is needed for the authentication 
exchange

-- Russ herrold

More information about the PLUG-discuss mailing list