well, its like this. I stay awake from SU because the env isn'tright when I got to run programs. I can ssh -l root 127.0.0.1 and then run X aps just fine internally. However, when I ssh -l n7zzt 127.0.0.1 and try to do the same thing, that message appears... I used to be able to do this before, but it seems that won't work now either on the local machine or even via a remote ssh session on another box from here. I can't even tunnle netscape now (unless I ssh -l rootand run it there). I would very much like to have this working suchthat if I need to do something on another account either locally, or via the net, that it will work as expected. On Thu, 19 April 2001, "der.hans" wrote: > > Am 18. Apr, 2001 schwäzte proudhawk@uswestmail.net so: > > > ok, > > I amgetting a rather strange problem... > > Under mandrake 7.2, I am getting the following message when I try to run > > other X apps from my other accounts under my main user account (not root): > > > > "X connection to hostname:10.0 broken (explicit kill or server shutdown)" > > > > I am using ssh tunneling for this.. > > Normally you shouldn't be able to tunnel back via ssh as another user. It > does work with the root account if you don't pick up root's environ when > you su, e.g. no dash. > > Locally other users don't have access to your .Xauthority file ( or at > least they shouldn't ). > > From the xauth man page: > > $HOME/.Xauthority > default authority file if XAUTHORITY isn't > defined. > > The .Xauthority contains the key to your display. If a process can't get > info from it, it can't talk to the X display. > > OTOH, you could add local: to your xhosts. > > xhost + local: > > That allows anyone on the local machine to talk to your local X server. > > Now on to the ssh part :). > > "xauth info" will tell you where your shell is trying to get those magic X > entries from. Mine is saying something about a cookies file in a directory > under /tmp. > > su'ing to another user causes the "xauth info" and "xauth list" commands > to time out while trying to open the cookies file. I presume making the > /tmp/ssh-* dirs and the cookies files world readable would allow non-root > users access, but I think that would probably be the wrong thing to do. > > Personally, I would try to find a way to not need other users to toss X > apps back accross the tunnel. > > Barring that, maybe make the above info readable by some group and giving > all your other users access to that group. > > > this problem hardly ever cropped up in redhat 7.0 but I now get it > > on all network based apps (netscape, xchat, kmail, etc). > > > > I've checked to make sure that my configs for ssh are correct. > > no joy there, they are. > > > > not only does this happen internal on my own box now, but it also happens > > when accessing remote shell accounts that have X apps.... > > > > It either has to be the sshd here or the X server here. > > You had probably opened access to your X server. If you dash into account > with su, then you most certainly had opened your X server. If so, you also > weren't tunneling stuff. > > ciao, > > der.hans > -- > # der.hans@LuftHans.com home.pages.de/~lufthans/ www.Aligo.com > # Science is magic explained. - der.hans > > ________________________________________________ > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss Signup for your free USWEST.mail Email account http://www.uswestmail.net