AB's Useful Box - Linux X Server connect via ssh
This one frustrated me to no end, mainly because I could not find any answers when searching on the error messages. So I had to work it out for myself and when I found "a" solution, one wonders what good the advice some of the supposed answers where actually doing. Enough of the preamble.
This scenario has:
- a Linux machine, acting as the Host (Linux 2.2.17-21mdk #1
Thu Oct 5 13:16:08 CEST 2000 i586 unknown)
- a WinXP machine, acting as the Workstation (WinXP SP2)
The goal was to be able to run an X Server on the Workstation and run applications of the Host.
Connectivity from the Workstation to the Host is by SSH and X session would be done over the ssh connection.
The X Server on the Workstation is using X-Live-CD, available from xlivecd.indiana.edu
The following command was used to make the ssh connection from the Workstation to the Host.
ssh -1X username@host
Was able to establish an SSH connection from the Workstation to the Host as a normal user, however when an attempt was made to launch an X application, for example xclock, the following error messages would be returned and the X app launch would fail.
X11 connection rejected because of wrong authentication. X connection to host:10.0 broken (explicit kill or server shutdown).
It was found however that if the SSH connection was established using user root, the X app could be successfully launched. Which was positive, in that the at least the X Server did work, however, it is not very good having your root user being able to login to a system directly and you rarely have root user access to other systems. So there must be away.
A closer look at the error message indicated that it might a problem that when the X client app goes to launch it was not able to successfully authenticate. If this is true how is the root user different from the normal user and how can it be diagnosed ?
The answer, in the end, was reasonably simple. There is an environment variable XAUTHORITY, which held the key to the problem. Established an SSH session as root, used command "echo $XAUTHORITY" which returned "/tmp/ssh-AbCdEfGh/cookies". If the same was done as a normal user, it would return "/home/username/.Xauthority", which is actually correct behavior.
While connected as each user, an "ls -l" of the respective
files showed:
/tmp/ssh-AbCdEfGh/cookies = 101 bytes
/home/username/.Xauthority = 0 bytes
That was a bit telling, because the root user's file contained some data and
the normal user's file was empty. But why were the two users "XAUTHORITY"
variables pointing to very different locations ? The answer to this question
was found in the normal user's "/home/username/.bashrc"
file which is read/executed each time the normal user logs in. A look inside
this file, found the line
"export XAUTHORITY=$HOME/.Xauthority", which explained
that one. The root user's logon did not perform that task.
We are now able see that the two users are different, but how to fix the problem with the normal user ? There was 100's of pages of very complex procedures for creating data to go into the normal user's ".Xauthority" file. There had to be a better way, well an easier way at the very least !
If the root user has a cookie in the /tmp directory, does the normal user and can they use it the same as the root user does ? The answer is yes and yes. After logging on as the normal user, checked the /tmp directory and there was an ssh-???????? directory, and subsequent cookies file owned by user normal. What happens if the normal user's XAUTHORITY variable was repointed at the cookies file ? Used "XAUTHORITY=/tmp/ssh-AbCdEfGh/cookies". Wa hoo, are now able to launch the xclock app, via a normal user login.
Ok, this was a good find, but how to make it work every time the normal user
logged on. Especially as the name of the ssh-???????? directory name changes
randomly every time an ssh login is made. The solution I implemented was to
add the following two lines to the normal user's ".bashrc" file:
# Need for xa xterm & co if we don't make a -ls
[-n $DISPLAY ] && {
[ -f /etc/profile.d/color_ls.sh ] && source /etc/profile.d/color_ls.sh
export XAUTHORITY=$HOME/.Xauthority
SSHCOOKIE=$(find /tmp -user $USER -name cookies 2>NULL)
[ -z $SSHCOOKIE ] || export XAUTHORITY=$SSHCOOKIE
}
It basically checks for the existance of a file for that user and if found replaces the contents of the XAUTHORITY variable.
Now when ever the normal user logs in, it automatically sets the environment variable XAUTHORITY to point to that user's "/tmp/ssh-?????/cookies" file.