Xforwarding doesn't allow for switching users

ubuntu ssh sudo x-windows x11-forwarding

9,200

Solution 1

Enable X-11 Forwarding in your client
Log in as your normal user
echo $DISPLAY to get the associated display
xauth list, find the display number which corresponds with what you found in #3 and copy it
Sudo to root xauth add <paste in what you copied from #4>
Now you can execute commands as root and will be able to se the X11 Forwarding connection

Solution 2

Before you sudo, do this:

$ xauth extract /tmp/xauthstuff $DISPLAY

After you sudo, do this:

# xauth merge /tmp/xauthstuff

Does this work for you?

PS remember to rm /tmp/xauthstuff afterwards

Solution 3

I don't have access to root account to do any of the above, so here is a work around that I used.

First, ssh to your account like you normally do and test everything is working.

ssh -Y <you>@<your_server>

I usually just fire up an XTerm to ensure I have connectivity. If all good, copy .XAuthority file that is in <you> home directory and put it in a public directory.

cp ~/.Xauthority /tmp/tempXAuth

Make sure you chmod 777 on that file in the public directory so that the sudo account can use it in the later step.

chmod 777 /tmp/tempXAuth

now sudo to the user you need to do work as

sudo su - <other_user>

once you are <other_user>, back up the existing .Xauthority and then copy the "good" one over.

cp ~/.Xauthority ~/.Xauthority.bak
cp /tmp/tempXAuth ~/.Xauthority

you should be able to run any X programs and have them authenticate with your current XServer session.

Solution 4

Before you sudo su user2 check the permissions on your $XAUTHORITY:
echo $XAUTHORITY ls -l $XAUTHORITY

If after switching user you still reference the same $XAUTHORITY but have lost permissions to the file, then this will break X11 forwarding.
In my case a quick solution was to adjust the file permissions on the $XAUTHORITY file before switching user.

Keep in mind that if users you don't trust gain access to your $XAUTHORITY file this could be a security issue.

View more solutions

9,200

Jarvin

Updated on September 17, 2022

Comments

Jarvin over 1 year
I'm ssh'd into a remote computer and xforwarding is working fine... but as soon as I "sudo su -" or "sudo su user2" it no longer Xforwards anything giving me the error:
```
X11 connection rejected because of wrong authentication.
xterm Xt error: Can't open display: localhost:10.0
```
Any Ideas?

Thanks
- quack quixote about 14 years
  
  this is more due to X permissions than X forwarding -- the user you've logged into with SSH has permission to connect to the X display, but when you switch users with 'sudo' the user you're switching to doesn't have those permissions.
- Jarvin about 14 years
  
  There should be a work around though... I have root access, I should be able to run an X11-forwarded app as a different user. How do I get it to work?
djb about 13 years

I tried that command and it failed: $ xauth extract /tmp/xauthstuff $DISPLAY No matches found, authority file "/tmp/xauthstuff" not written Ideas?
tzot over 11 years

What does echo $DISPLAY produce?
djb over 10 years

DISPLAY has the value localhost:10.0