Re: X11 forwarding after su'ing

From: Philipp Strozyk (Philipp.Strozyk_at_epost.de)
Date: 04/30/03

  • Next message: Nguyen, David M: "RE: How to configure OpenSSH logging"
    To: secureshell@securityfocus.com, Peter <pk@q-leap.com>, <Roy.Hoerauf@cwusa.com>
    Date: Wed, 30 Apr 2003 22:39:24 +0200
    
    

    Hello again then,

    so another try, thanks for interfering to Peter :-)

    $ echo $DISPLAY
    localhost:10.0
    $ /usr/openwin/bin/xclock & #works
    [1] 8115
    $
    [1] + Done /usr/openwin/bin/xclock & #works
    $ su -
    Password:
    Sun Microsystems Inc. SunOS 5.8 Generic February 2000
    # DISPLAY=localhost:10.0;export DISPLAY
    # /usr/openwin/bin/xclock
    Xlib: connection to "localhost:10.0" refused by server
    Xlib: Authentication failed at PuTTY X11 proxy
    Error: Can't open display: localhost:10.0
    # exit
    $ /usr/openwin/bin/xauth list
    hostname/unix:10 MIT-MAGIC-COOKIE-1 a55bb5fb025555fbe55f5b55e55ccf55
    $ /usr/openwin/bin/xauth extract - hostname/unix:10|su - root -c "/usr/openwin/bin/xauth merge -"
    Password:
    Sun Microsystems Inc. SunOS 5.8 Generic February 2000
    /usr/openwin/bin/xauth: creating new authority file /.Xauthority
    $ su -
    Password:
    Sun Microsystems Inc. SunOS 5.8 Generic February 2000
    # DISPLAY=localhost:10.0;export DISPLAY
    # /usr/openwin/bin/xclock & #works
    8132
    # exit

    > 3. why not use ssh -X -l <thotheruserIwantedsuto?> <thehost>?
    Maybe, because -l root ain't that nice?

    Philipp

    On 29 Apr 2003 at 22:08, Peter wrote:

    > Hello,
    >
    > this is getting more and more obscure, I have to interfere...
    >
    > 1. to modify the .Xauthority file use the program called xauth. look at
    > the sshd(8) manpage, there is a sample script close to the end, that
    > gives you an idea how to use it.
    >
    > 2. make sure you never ever use the xhost program, except `xhost -'
    > I am glad nobody suggested it.
    >
    > 3. why not use ssh -X -l <thotheruserIwantedsuto?> <thehost>?
    >
    > 4. You can also use ssh -X -l <thotheruser> localhost after you logged
    > in <theotherhost> DISPLAY will be set for you if X11Forwarding is
    > enabled in your ssh config files.
    >
    > then you do not use `su' at all and you don't have to worry about
    > setting DISPLAY, or lost environment, or copying files around.
    >
    > cheers,
    >
    > Peter
    >
    > --
    > Peter Kruse <pk@q-leap.com>
    > Q-Leap Networks GmbH
    > phone: +497071-703171, mobile: +49172-6340044
    >


  • Next message: Nguyen, David M: "RE: How to configure OpenSSH logging"