Getting X11 forwarding through ssh working after running su

From MyWiki

Revision as of 00:28, 23 January 2011 by Admin (Talk | contribs)
(diff) ← Older revision | Current revision (diff) | Newer revision → (diff)
Jump to: navigation, search

I found this gem of information courtesy mike.rose here, which he in turn took from Debian-administration.org

Thanks to both! :-)

X authentication is based on cookies -- secret little pieces of random data that only you and the X server know... So, you need to let the other user in on what your cookie is. One way to do this is as follows: Before you issue the su or sudo (but after having ssh'ed into the remote system if you are using ssh), request the cookie for the current DISPLAY that's connecting to your X server: 

$ xauth list $DISPLAY

You'll get something like 

somehost.somedomain:10 mit-magic-cookie-1 4d22408a71a55b41ccd1657d377923ae

Then, after having done su, tell the new user what the cookie is: 

$ xauth add somehost.somedomain:10 MIT-MAGIC-COOKIE-1 4d22408a71a55b41ccd1657d377923ae

(just copy and paste the output of the above 'xauth list' onto 'xauth add') That's it. Now, you should be able to start any X application.

A good one to try is: 

xclock

xhost ===> bad

xhost + ===> very bad

Retrieved from "http://markelov.org/wiki/index.php?title=Getting_X11_forwarding_through_ssh_working_after_running_su"
Personal tools