[Techtalk] ssh, sudo su, and X forwarding
Almut Behrens
almut-behrens at gmx.net
Fri Jul 30 20:09:12 EST 2004
Riccarda Cassini wrote:
>
> my local guru is temporarily unavailable,
sure she's available :)
(it's just that the batteries of my phone are completely worn out...)
> I need to ssh into some remote system to debug a problem a client has
> reported. As I cannot reproduce the problem under my own UID, the
> remote admin has setup things such that I can do a "sudo su someuser".
> However, when I try to start the application (which requires X) after
> having done the "sudo su" I get:
>
> X11 connection rejected because of wrong authentication.
> X connection to somehost.somedomain.de:10.0 broken (explicit kill or
> server shutdown).
X authentication is based on cookies -- secret little pieces of random
data that only you and the X server know... So, you need to let the
other user in on what your cookie is. One way to do this is as follows:
Before you issue the su (but after having ssh'ed into the remote
system), request the cookie for the current DISPLAY that's connecting
to your X server:
$ xauth list $DISPLAY
You'll get something like
somehost.somedomain.de:10 MIT-MAGIC-COOKIE-1
4d22408a71a55b41ccd1657d377923ae
Then, after having done su, tell the new user what the cookie is:
$ xauth add somehost.somedomain.de:10 MIT-MAGIC-COOKIE-1
4d22408a71a55b41ccd1657d377923ae
(just cut'n-paste the output of the above 'xauth list' onto 'xauth add')
That's it. Now, you _should_ be able to start any X application. Report
back, if not...
Ciao,
Almut
--
NEU: WLAN-Router für 0,- EUR* - auch für DSL-Wechsler!
GMX DSL = supergünstig & kabellos http://www.gmx.net/de/go/dsl
More information about the Techtalk
mailing list