$HOME readonly: /usr/bin/xauth: timeout in locking authority file /home/fooftp/.Xauthority
There are a couple of options here
Disable ForwardX11 on the server
The man page for
sshd_config
shows that you can setX11Forwarding no
in the/etc/ssh/sshd_config
file. If you do this, don't forget to restart thessh
daemon (service ssh restart
works for me).Create the file
/home/fooftp/.Xauthority
If you create the file
/home/fooftp/.Xauthority
and make it writeable by the user account, then it can be locked so the error message goes away. This does not disable X11 Forwarding so may not be appropriate for your situation.
Related videos on Youtube
guettli
http://thomas-guettler.de/ Working out loud: https://github.com/guettli/wol
Updated on September 18, 2022Comments
-
guettli over 1 year
I get this message after a annoying timeout:
/usr/bin/xauth: timeout in locking authority file /home/fooftp/.Xauthority
For some reasons the
$HOME
directory is not writeable by the user.I want this:
- leave the $HOME directory read-only even for the user.
- Keep
ForwardX11 yes
in~/.ssh/config
for the client. - No modifications at client side.
- No timeout if I connect to the machine. Hint: I don't need
ForwardX11
on this account.
Is there a way to disable
ForwardX11
for one account on the server side?Other solutions are welcome.
Please ask if you don't understand something, thank you.
-
guettli almost 6 years$HOME is readonly, I can't do
touch ~/.Xauthority
-
rickfoosusa almost 6 yearsI corrected the answer, thank you. You shouldn't get any errors whether .Xauthority is present or removed.
-
elbarna over 3 yearsI think this configuration is not safe, ForwardX11Trusted yes bypass the xhost command, i have tried with xhost - and with -X accept all clients.
-
rickfoosusa over 3 yearsI think it is OK, since I have a secure connection from login, but I see your point about trusted and set trusted to no. From this: "remember that ForwardX11Trusted doesn't imply ForwardX11. ForwardX11Trusted just means that if you turn on forwarding (whether via config file or command line) then the forwarded connection will be trusted." unix.stackexchange.com/questions/138417/…