Tuesday, October 18, 2011

Playing with ssh, xauth and DISPLAY

If you need to connect by ssh to an UNIX server and later change user (by means of su or otherwise), but you want to keep X11 forwarding to your screen, then look at this example using xauth and DISPLAY. The key is getting cookie information with xauth list and identifying the screen opened by ssh (usually screen 10 of the server), and after changing user pasting the whole line after the xauth add command:

myuser@olimpo:~$ ssh -X -l myuser myserver1
Last login: Mon Oct 17 18:00:46 2011 from olimpo
$ xclock
$ xauth list
myserver1.mynet.net:10 MIT-MAGIC-COOKIE-1 eb3713bfc73799efede775bf1a04cb19
$ su - oracle
myserver1:/home/oracle> xclock
Error: Can't open display:
myserver1:/home/oracle> xauth add myserver1.mynet.net:10 MIT-MAGIC-COOKIE-1 eb3713bfc73799efede775bf1a04cb19
myserver1:/home/oracle> export DISPLAY=myserver1.mynet.net:10
myserver1:/home/oracle> xclock
myserver1:/home/oracle> uname -n

The uname -n command from above example was an extra for the following case: this time you try to login to other server but you get a xauth error message and are unable to forward any X11 window:

myuser@olimpo:~$ ssh -X -l oracle myserver2
/usr/openwin/bin/xauth: (stdin):1: bad display name "unix:10.0" in "add" command

:/home/oracle> xclock
X11 connection rejected because of wrong authentication.
X connection to localhost:10.0 broken (explicit kill or server shutdown).
:/home/oracle> echo $DISPLAY
:/home/oracle> uname -n


As you might have noticed the DISPLAY variable seems correct, but there is a problem with the host name: there is no host name set; that's why xauth fails at login time. You have to set properly the host name according to your UNIX version in order to correct this problem.

More information:

Getting X11 forwarding through ssh working after running su

No comments:

Post a Comment