Serverkill or shutdown problem with network X apps

plug-discuss@lists.PLUG.phoenix.az.us plug-discuss@lists.PLUG.phoenix.az.us
19 Apr 2001 18:33:36 -0700


well,
its like this.
I stay awake from SU because the env isn'tright when I got to run programs.
I can ssh -l root 127.0.0.1 <issue password> and then run X aps just fine internally.
However, when I ssh -l n7zzt 127.0.0.1 and try to do the same thing,
that message appears... I used to be able to do this before, but it seems
that won't work now either on the local machine or even via a remote ssh
session on another box from here.

I can't even tunnle netscape now (unless I ssh -l rootand run it there).

I would very much like to have this working suchthat if I need to do something
on another account either locally, or via the net, that it will work as expected.


On Thu, 19 April 2001, "der.hans" wrote:

> 
> Am 18. Apr, 2001 schwäzte proudhawk@uswestmail.net so:
> 
> > ok,
> > I amgetting a rather strange problem...
> > Under mandrake 7.2, I am getting the following message when I try to run
> > other X apps from my other accounts under my main user account (not root):
> > 
> > "X connection to hostname:10.0 broken (explicit kill or server shutdown)"
> > 
> > I am using ssh tunneling for this..
> 
> Normally you shouldn't be able to tunnel back via ssh as another user. It
> does work with the root account if you don't pick up root's environ when
> you su, e.g. no dash. 
> 
> Locally other users don't have access to your .Xauthority file ( or at
> least they shouldn't ).
> 
> From the xauth man page:
> 
>        $HOME/.Xauthority
>                default   authority   file   if  XAUTHORITY  isn't
>                defined.
> 
> The .Xauthority contains the key to your display. If a process can't get
> info from it, it can't talk to the X display.
> 
> OTOH, you could add local: to your xhosts.
> 
> xhost + local:
> 
> That allows anyone on the local machine to talk to your local X server.
> 
> Now on to the ssh part :).
> 
> "xauth info" will tell you where your shell is trying to get those magic X
> entries from. Mine is saying something about a cookies file in a directory
> under /tmp.
> 
> su'ing to another user causes the "xauth info" and "xauth list" commands
> to time out while trying to open the cookies file. I presume making the
> /tmp/ssh-* dirs and the cookies files world readable would allow non-root
> users access, but I think that would probably be the wrong thing to do.
> 
> Personally, I would try to find a way to not need other users to toss X
> apps back accross the tunnel.
> 
> Barring that, maybe make the above info readable by some group and giving
> all your other users access to that group.
> 
> > this problem hardly ever cropped up in redhat 7.0 but I now get it
> > on all network based apps (netscape, xchat, kmail, etc).
> > 
> > I've checked to make sure that my configs for ssh are correct.
> > no joy there, they are.
> > 
> > not only does this happen internal on my own box now, but it also happens
> > when accessing remote shell accounts that have X apps....
> > 
> > It either has to be the sshd here or the X server here.
> 
> You had probably opened access to your X server. If you dash into account
> with su, then you most certainly had opened your X server. If so, you also
> weren't tunneling stuff.
> 
> ciao,
> 
> der.hans
> -- 
> # der.hans@LuftHans.com home.pages.de/~lufthans/ www.Aligo.com
> #  Science is magic explained. - der.hans
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


Signup for your free USWEST.mail Email account http://www.uswestmail.net