Serverkill or shutdown problem with network X apps
plug-discuss@lists.PLUG.phoenix.az.us
plug-discuss@lists.PLUG.phoenix.az.us
19 Apr 2001 18:33:36 -0700
well,
its like this.
I stay awake from SU because the env isn'tright when I got to run programs.
I can ssh -l root 127.0.0.1 <issue password> and then run X aps just fine internally.
However, when I ssh -l n7zzt 127.0.0.1 and try to do the same thing,
that message appears... I used to be able to do this before, but it seems
that won't work now either on the local machine or even via a remote ssh
session on another box from here.
I can't even tunnle netscape now (unless I ssh -l rootand run it there).
I would very much like to have this working suchthat if I need to do something
on another account either locally, or via the net, that it will work as expected.
On Thu, 19 April 2001, "der.hans" wrote:
>
> Am 18. Apr, 2001 schwäzte proudhawk@uswestmail.net so:
>
> > ok,
> > I amgetting a rather strange problem...
> > Under mandrake 7.2, I am getting the following message when I try to run
> > other X apps from my other accounts under my main user account (not root):
> >
> > "X connection to hostname:10.0 broken (explicit kill or server shutdown)"
> >
> > I am using ssh tunneling for this..
>
> Normally you shouldn't be able to tunnel back via ssh as another user. It
> does work with the root account if you don't pick up root's environ when
> you su, e.g. no dash.
>
> Locally other users don't have access to your .Xauthority file ( or at
> least they shouldn't ).
>
> From the xauth man page:
>
> $HOME/.Xauthority
> default authority file if XAUTHORITY isn't
> defined.
>
> The .Xauthority contains the key to your display. If a process can't get
> info from it, it can't talk to the X display.
>
> OTOH, you could add local: to your xhosts.
>
> xhost + local:
>
> That allows anyone on the local machine to talk to your local X server.
>
> Now on to the ssh part :).
>
> "xauth info" will tell you where your shell is trying to get those magic X
> entries from. Mine is saying something about a cookies file in a directory
> under /tmp.
>
> su'ing to another user causes the "xauth info" and "xauth list" commands
> to time out while trying to open the cookies file. I presume making the
> /tmp/ssh-* dirs and the cookies files world readable would allow non-root
> users access, but I think that would probably be the wrong thing to do.
>
> Personally, I would try to find a way to not need other users to toss X
> apps back accross the tunnel.
>
> Barring that, maybe make the above info readable by some group and giving
> all your other users access to that group.
>
> > this problem hardly ever cropped up in redhat 7.0 but I now get it
> > on all network based apps (netscape, xchat, kmail, etc).
> >
> > I've checked to make sure that my configs for ssh are correct.
> > no joy there, they are.
> >
> > not only does this happen internal on my own box now, but it also happens
> > when accessing remote shell accounts that have X apps....
> >
> > It either has to be the sshd here or the X server here.
>
> You had probably opened access to your X server. If you dash into account
> with su, then you most certainly had opened your X server. If so, you also
> weren't tunneling stuff.
>
> ciao,
>
> der.hans
> --
> # der.hans@LuftHans.com home.pages.de/~lufthans/ www.Aligo.com
> # Science is magic explained. - der.hans
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Signup for your free USWEST.mail Email account http://www.uswestmail.net