Re: X11 forwarding after su'ing

From: Philipp Strozyk (Philipp.Strozyk_at_epost.de)
Date: 04/30/03

  • Next message: Nguyen, David M: "RE: How to configure OpenSSH logging"
    To: secureshell@securityfocus.com, Peter <pk@q-leap.com>, <Roy.Hoerauf@cwusa.com>
    Date: Wed, 30 Apr 2003 22:39:24 +0200
    
    

    Hello again then,

    so another try, thanks for interfering to Peter :-)

    $ echo $DISPLAY
    localhost:10.0
    $ /usr/openwin/bin/xclock & #works
    [1] 8115
    $
    [1] + Done /usr/openwin/bin/xclock & #works
    $ su -
    Password:
    Sun Microsystems Inc. SunOS 5.8 Generic February 2000
    # DISPLAY=localhost:10.0;export DISPLAY
    # /usr/openwin/bin/xclock
    Xlib: connection to "localhost:10.0" refused by server
    Xlib: Authentication failed at PuTTY X11 proxy
    Error: Can't open display: localhost:10.0
    # exit
    $ /usr/openwin/bin/xauth list
    hostname/unix:10 MIT-MAGIC-COOKIE-1 a55bb5fb025555fbe55f5b55e55ccf55
    $ /usr/openwin/bin/xauth extract - hostname/unix:10|su - root -c "/usr/openwin/bin/xauth merge -"
    Password:
    Sun Microsystems Inc. SunOS 5.8 Generic February 2000
    /usr/openwin/bin/xauth: creating new authority file /.Xauthority
    $ su -
    Password:
    Sun Microsystems Inc. SunOS 5.8 Generic February 2000
    # DISPLAY=localhost:10.0;export DISPLAY
    # /usr/openwin/bin/xclock & #works
    8132
    # exit

    > 3. why not use ssh -X -l <thotheruserIwantedsuto?> <thehost>?
    Maybe, because -l root ain't that nice?

    Philipp

    On 29 Apr 2003 at 22:08, Peter wrote:

    > Hello,
    >
    > this is getting more and more obscure, I have to interfere...
    >
    > 1. to modify the .Xauthority file use the program called xauth. look at
    > the sshd(8) manpage, there is a sample script close to the end, that
    > gives you an idea how to use it.
    >
    > 2. make sure you never ever use the xhost program, except `xhost -'
    > I am glad nobody suggested it.
    >
    > 3. why not use ssh -X -l <thotheruserIwantedsuto?> <thehost>?
    >
    > 4. You can also use ssh -X -l <thotheruser> localhost after you logged
    > in <theotherhost> DISPLAY will be set for you if X11Forwarding is
    > enabled in your ssh config files.
    >
    > then you do not use `su' at all and you don't have to worry about
    > setting DISPLAY, or lost environment, or copying files around.
    >
    > cheers,
    >
    > Peter
    >
    > --
    > Peter Kruse <pk@q-leap.com>
    > Q-Leap Networks GmbH
    > phone: +497071-703171, mobile: +49172-6340044
    >


  • Next message: Nguyen, David M: "RE: How to configure OpenSSH logging"

    Relevant Pages

    • RE: X11 forwarding after suing
      ... $ echo $DISPLAY ... Sun Microsystems Inc. SunOS 5.8 Generic February 2000 ... > enabled in your ssh config files. ...
      (SSH)
    • Re: High End Fraud vs. Real Improvements
      ... interfering with your decision in determining whether a ... particular component sound good or not. ... I guess great audio equipment isn't enough. ... Web site just says Ferrari on display. ...
      (rec.audio.opinion)
    • Re: Vi limit on solaris
      ... all vi clones had probpems with lines that ... >> are longer than the total size of the display. ... Expressed in this posting are my opinions. ... to opinions held by my employer, Sun Microsystems. ...
      (comp.unix.solaris)
    • Re: Add font for NS-7.x - How?
      ... |:|the Style Sheet that I'd like to display ... |That text file, alas, points to a Microsoft page that no longers exists - ... |they don't make their fonts available at their web site any longer. ... Working for, but definitely not speaking for, Sun Microsystems, Inc. ...
      (comp.unix.solaris)
    • Re: Linux X client, Solaris X server
      ... The display is extremely slow. ... Solaris 10 u7; on older systems, the display may almost block. ... to opinions held by my employer, Sun Microsystems. ...
      (comp.unix.solaris)