Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
unable to export DISPLAY to Xming desktop after becoming root
5,524 views
Skip to first unread message
Rob White
Oct 2, 2013, 12:21:12 PM10/2/13
to
Security requirements dictate that I ssh into a Linux or Unix host with my user ID using a key card. After doing this (using putty), I am able to run X apps and have them display on my PC which is running Xming. So I know putty is configured correctly.
To become root we must use sudo (i.e. $ sudo su - root).
When I do this, I loose the ability to display X apps on my PC.
When I fist log into a host: DISPLAY is localhost:10.0
When I sudo to root DISPLAY is also localhstt:10.0 ;however when I run xclock I get the following error.
# xclock
Xlib: connection to "localhost:10.0" refused by server
Xlib: PuTTY X11 proxy: MIT-MAGIC-COOKIE-1 data did not match
Error: Can't open display: localhost:10.0
If I set DISPLAY to the IP of my PC (export DISPLAY=xx.xx.36.53:0.0)
#first octets not shown for security reasons
I get a different error:
Xlib: connection to "xx.xx.36.53:0.0" refused by server
Xlib: No protocol specified
Error: Can't open display: xx.xx.36.53:0
To become root we must use sudo (i.e. $ sudo su - root).
When I do this, I loose the ability to display X apps on my PC.
When I fist log into a host: DISPLAY is localhost:10.0
When I sudo to root DISPLAY is also localhstt:10.0 ;however when I run xclock I get the following error.
# xclock
Xlib: connection to "localhost:10.0" refused by server
Xlib: PuTTY X11 proxy: MIT-MAGIC-COOKIE-1 data did not match
Error: Can't open display: localhost:10.0
If I set DISPLAY to the IP of my PC (export DISPLAY=xx.xx.36.53:0.0)
#first octets not shown for security reasons
I get a different error:
Xlib: connection to "xx.xx.36.53:0.0" refused by server
Xlib: No protocol specified
Error: Can't open display: xx.xx.36.53:0
Lusotec
Oct 2, 2013, 3:55:26 PM10/2/13
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
First a warning, run as root only what can't be run as a normal user. This
is especially true for X clients because of the way X clients can interact
with each other.
Now for your particular issue. You need to get the MIT-MAGIC-COOKIE-1 value
from the normal remote user with access to the X server and add it to the
root's authorization file (.Xauthority).
First to get the MIT-MAGIC-COOKIE-1 value from the normal remote user. Open
a ssh to the normal user account and run the following command.
xauth extract - $DISPLAY > /tmp/xauth.bin
This command will write the X authorization information for the current X
display to /tmp/xauth.bin
Now, open a terminal for the root (probably using the command "su -") and
run the following command.
xauth -v merge - < /tmp/xauth.bin
You should see output similar to the following.
# xauth -v merge - < /tmp/xauth.bin
Using authority file /home/artur/.Xauthority
1 entries read in: 0 new, 1 replacement
Writing authority file /home/artur/.Xauthority
Now try running a X client (e.g. xclock).
Regards.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iF4EAREIAAYFAlJMei4ACgkQGQjO2ccW76qiUgD/VpbGZAm3Z7+UZM4UyCBrg3pV
R/b6JUY67nfewi/9hsYA/1T82Q/NPBZK3iB9SKnQlTWlxTQ1e7BvsKcbGGFwNmn3
=I8rz
-----END PGP SIGNATURE-----
Hash: SHA256
is especially true for X clients because of the way X clients can interact
with each other.
Now for your particular issue. You need to get the MIT-MAGIC-COOKIE-1 value
from the normal remote user with access to the X server and add it to the
root's authorization file (.Xauthority).
First to get the MIT-MAGIC-COOKIE-1 value from the normal remote user. Open
a ssh to the normal user account and run the following command.
xauth extract - $DISPLAY > /tmp/xauth.bin
This command will write the X authorization information for the current X
display to /tmp/xauth.bin
Now, open a terminal for the root (probably using the command "su -") and
run the following command.
xauth -v merge - < /tmp/xauth.bin
You should see output similar to the following.
# xauth -v merge - < /tmp/xauth.bin
Using authority file /home/artur/.Xauthority
1 entries read in: 0 new, 1 replacement
Writing authority file /home/artur/.Xauthority
Now try running a X client (e.g. xclock).
Regards.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iF4EAREIAAYFAlJMei4ACgkQGQjO2ccW76qiUgD/VpbGZAm3Z7+UZM4UyCBrg3pV
R/b6JUY67nfewi/9hsYA/1T82Q/NPBZK3iB9SKnQlTWlxTQ1e7BvsKcbGGFwNmn3
=I8rz
-----END PGP SIGNATURE-----
Bill Marcum
Oct 2, 2013, 4:02:45 PM10/2/13
to
ip address doesn't work because the X server isn't listening on the
network interface, only through the ssh tunnel.
Philippe Weill
Oct 3, 2013, 10:49:19 AM10/3/13
to
2nd solution
modify your sshd server configuration
X11UseLocalhost no
( and read about security when doing this)
0 new messages