X11 connection rejected because of wrong authentication.
Connection lost to X server `localhost:11.0'
message after su'ing to root on the remote system. X11 forwarding
works when I log in to the remote account as root. What changed in the
new SSH and how do I fix it so I can X11 forward after su'ing to root
on a remote account?
It is possible the SSH is not the culprit (since I made other changes
as well), but if so, can anyone tell me how to configure SSH so that
X11 forwarding works after I switch identity (something in my login
scripts)?
Sincerely,
- henrik
--
Henrik Schmiediche, Dept. of Statistics, Texas A&M, College Station, TX 77843
E-mail: hen...@stat.tamu.edu | Tel: (979) 862-1764 | Fax: (979) 845-3144
> Hello,
> recently I upgraded my servers to SSH 3.1p1-2 (RH 7.2) due to the security issues. Before
> the upgrade I used to be able to ssh to a remote host using my userid, su to root and X11
> forwarding worked. After the upgrade I get a:
>
> X11 connection rejected because of wrong authentication. Connection lost to X server
> `localhost:11.0'
>
> message after su'ing to root on the remote system. X11 forwarding works when I log in to the
> remote account as root. What changed in the new SSH and how do I fix it so I can X11 forward
> after su'ing to root on a remote account?
>
> It is possible the SSH is not the culprit (since I made other changes as well), but if so,
> can anyone tell me how to configure SSH so that X11 forwarding works after I switch identity
> (something in my login scripts)?
What changed was the default location of the Xauthority file - it was previously(<=2.9)
created and defined in the client environment (like a 'export XAUTHORITY=/tmp/whatever' was
done), and now(>=3.0) it is not defined so the system default is used.
So now you have to get that into the su'ed environment; either by defining it yourself
(export XAUTHORITY=yourhomedir/.xauthority), or copy it into root's own file:
xauth nlist $DISPLAY
su
password:*********
xauth nmerge -
<cut'n'paste the nlist output from above>
^D
--
George Baltz N3GB
Computer Sciences Corp Rule of thumb: ANYthing offered
@NOAA/NESDIS/IPD by unsolicited email is a hoax,
Suitland, MD 20746 ripoff, scam or outright fraud.
Thanks again.
Sincerely,
- Henrik
I would not have figured this out with
In article <a6j17k$j1l$1...@news.nems.noaa.gov>,