Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

X11 Forwarding when 'su'ing on remote host...

0 views
Skip to first unread message

Henrik Schmiediche

unread,
Mar 11, 2002, 2:05:29 PM3/11/02
to
Hello,
recently I upgraded my servers to SSH 3.1p1-2 (RH 7.2) due to the
security issues. Before the upgrade I used to be able to ssh to a
remote host using my userid, su to root and X11 forwarding
worked. After the upgrade I get a:

X11 connection rejected because of wrong authentication.
Connection lost to X server `localhost:11.0'

message after su'ing to root on the remote system. X11 forwarding
works when I log in to the remote account as root. What changed in the
new SSH and how do I fix it so I can X11 forward after su'ing to root
on a remote account?

It is possible the SSH is not the culprit (since I made other changes
as well), but if so, can anyone tell me how to configure SSH so that
X11 forwarding works after I switch identity (something in my login
scripts)?

Sincerely,

- henrik

--
Henrik Schmiediche, Dept. of Statistics, Texas A&M, College Station, TX 77843
E-mail: hen...@stat.tamu.edu | Tel: (979) 862-1764 | Fax: (979) 845-3144

George Baltz

unread,
Mar 11, 2002, 2:50:11 PM3/11/02
to
On Mon, 11 Mar 2002 14:05:29 -0500, Henrik Schmiediche wrote:

> Hello,
> recently I upgraded my servers to SSH 3.1p1-2 (RH 7.2) due to the security issues. Before
> the upgrade I used to be able to ssh to a remote host using my userid, su to root and X11
> forwarding worked. After the upgrade I get a:
>
> X11 connection rejected because of wrong authentication. Connection lost to X server
> `localhost:11.0'
>
> message after su'ing to root on the remote system. X11 forwarding works when I log in to the
> remote account as root. What changed in the new SSH and how do I fix it so I can X11 forward
> after su'ing to root on a remote account?
>
> It is possible the SSH is not the culprit (since I made other changes as well), but if so,
> can anyone tell me how to configure SSH so that X11 forwarding works after I switch identity
> (something in my login scripts)?

What changed was the default location of the Xauthority file - it was previously(<=2.9)
created and defined in the client environment (like a 'export XAUTHORITY=/tmp/whatever' was
done), and now(>=3.0) it is not defined so the system default is used.

So now you have to get that into the su'ed environment; either by defining it yourself
(export XAUTHORITY=yourhomedir/.xauthority), or copy it into root's own file:

xauth nlist $DISPLAY
su
password:*********
xauth nmerge -
<cut'n'paste the nlist output from above>
^D

--
George Baltz N3GB
Computer Sciences Corp Rule of thumb: ANYthing offered
@NOAA/NESDIS/IPD by unsolicited email is a hoax,
Suitland, MD 20746 ripoff, scam or outright fraud.

Henrik Schmiediche

unread,
Mar 12, 2002, 2:02:22 PM3/12/02
to
Hello,
thank you for the answer. Your solution works and it led me to
investigate further. I discovered that typing "su -m" instead of "su"
will keep the $HOME environment variable the same (after su'ing) and
as long as an .Xauthority file is located where $HOME points to,
everything seems to work. For some people this won't do (they need
$HOME to change when su'ing), but for me it is the easiest solution.

Thanks again.

Sincerely,

- Henrik


I would not have figured this out with

In article <a6j17k$j1l$1...@news.nems.noaa.gov>,

0 new messages