Having Problems with X11 Forwarding and root
James Mcphee
jmcphe at gmail.com
Wed Apr 18 19:04:18 MST 2018
ack! forgot the $DISPLAY in the xauth add. Ok, here's a copy/paste with
some name changes to protect the innocent
[user1 at box1 ~]$ ssh -X user1 at box2
user1 at box2's password:
Last login: Wed Apr 18 18:56:14 2018 from box1.mydomain
$ box2:~> echo $DISPLAY
localhost:10.0
$ box2:~> xauth list
box2.mydomain/unix:11 MIT-MAGIC-COOKIE-1 399346bad1f901fbd6131ddbed38b613
box2.mydomain/unix:10 MIT-MAGIC-COOKIE-1 e8a48de705405e5376380ff8f3444467
$ box2:~> sudo su -
# box2:~> export DISPLAY=localhost:10.0
# box2:~> xauth add $DISPLAY . e8a48de705405e5376380ff8f3444467
xauth: file /root/.Xauthority does not exist
# box2:~> xterm
and i get my xterm. don't worry about the xauth error. that pops if it
has to create an .Xauthority file
On Wed, Apr 18, 2018 at 6:50 PM, James Mcphee <jmcphe at gmail.com> wrote:
> If it's anything like my setup it'd be the
> swordfish/unix:11 MIT-MAGIC-COOKIE-1 00607ba4fc7c6a2ea9debc6ad5776376
>
> so the xauth line run as root would be
> xauth add . 00607ba4fc7c6a2ea9debc6ad5776376
>
> afaik, there's no way to make it permanent since it's regenerated when you
> ssh in. There's nothing to prevent you from setting up a simple shell
> script in your profile to do some wonkiness, but you'd be passing that hash
> around.
>
> I'm making the assumption you're doing ssh forwarding and not popping the
> old X listen ports.
>
> On Wed, Apr 18, 2018 at 6:18 PM, Mark Phillips <mark at phillipsmarketing.biz
> > wrote:
>
>> Great!
>>
>> I have this so far:
>>
>> mark at swordfish:~$ echo $DISPLAY
>> swordfish:11.0
>> mark at swordfish:~$ xauth list
>> swordfish/unix:11 MIT-MAGIC-COOKIE-1 00607ba4fc7c6a2ea9debc6ad5776376
>> swordfish/unix:10 MIT-MAGIC-COOKIE-1 892fa0c2d392d8517dd525a7bcdc212b
>> swordfish.phillipsoasis.com:1 MIT-MAGIC-COOKIE-1
>> ce767df80405a8d280be4e258f06fed8
>> swordfish/unix:1 MIT-MAGIC-COOKIE-1 ce767df80405a8d280be4e258f06fed8
>> swordfish.phillipsoasis.com:10 MIT-MAGIC-COOKIE-1
>> d635d049952882222e1b238f7a8d1fbd
>> swordfish.phillipsoasis.com:11 MIT-MAGIC-COOKIE-1
>> cdb5f42e697aed89f9ff934ae36df625
>>
>> So, which magic cookie goes with $DISPLAY=swordfish:11.0?
>>
>> Also, how do I make this permanent? Or, do I have to export the DISPLAY
>> and copy the magic cookie every time I su to root?
>>
>> Mark
>>
>> On Wed, Apr 18, 2018 at 5:31 PM, James Mcphee <jmcphe at gmail.com> wrote:
>>
>>> ok. So you start on box1, ssh -X to box2. echo $DISPLAY. xauth list.
>>> su to user2 on box2. export DISPLAY=<the display from user1>. xauth add
>>> $DISPLAY . <the hash from the correct display from xauth list>. Launch X
>>> application.
>>>
>>>
>>>
>>> On Wed, Apr 18, 2018 at 5:21 PM, Mark Phillips <
>>> mark at phillipsmarketing.biz> wrote:
>>>
>>>> There is an application I need to run as root on my Linode server, but
>>>> it has to run in a gui.
>>>>
>>>> I have ssh and X11 forwarding set up between my Ubuntu 14.04 system and
>>>> my Linode (swordfish). It works just great for a non-root user (xcalc,
>>>> xconsole, the application I need to run, etc). However, when I try to run
>>>> the application on the server as root, I get the error message "X11
>>>> connection rejected because of wrong authentication." For xcalc running as
>>>> root, I get
>>>> X11 connection rejected because of wrong authentication.
>>>> Error: Can't open display: swordfish:10.0
>>>>
>>>> I have tried all sorts of google solutions - copying the user's
>>>> .Xauthority to /root/ (also changing the ownership and permissions). But I
>>>> just can't seem to log into swordfish as a normal user using ssh -X, su to
>>>> root, and get the X11 forwarding to work.
>>>>
>>>> I also went so far as to install vnc4server on the Linode, xfce window
>>>> manager, and vnc4viewer on my Ubuntu machine. That all works when I access
>>>> the vnc server as a normal user, but I can't get any X11 apps to run as
>>>> root (ie from a root command line in a terminal in the vnc window). The
>>>> error message when I try to run xcalc or other X11 apps is "No protocol
>>>> specified. Can't open display :1".
>>>>
>>>> What are the special Linux guru magical incantations/spells to make X11
>>>> forwarding work for root?
>>>>
>>>> Thanks!
>>>>
>>>> Mark
>>>>
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>>
>>>
>>> --
>>> James McPhee
>>> jmcphe at gmail.com
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> James McPhee
> jmcphe at gmail.com
>
--
James McPhee
jmcphe at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20180418/8fcddda5/attachment.html>
More information about the PLUG-discuss
mailing list