I asked: > I have OpenSsh 3.1p1 installed on Solaris 7 and Solaris 8 machines. On all > machines I have X11 forwarding enabled, with > ForwardAgent yes > ForwardX11 yes > in the /etc/ssh_config and > X11Forwarding yes > in the /etc/sshd_config. > > I am able to ssh to a remote system and run an X application. However, when > I su to root I no longer am able. Ordinarily I would use "xauth list" to > determine the magic cookie from the display, but that does not work: > > (~) shalmaneser 53 % xclock > (the X application works fine) > (~) shalmaneser 54 % ssh srvns1 > (~) srvns1 51 % xclock > (the X application works fine) > (~) srvns1 52 % echo $DISPLAY > localhost:13.1 > (~) srvns1 53 % xauth list localhost:13.1 > > (nothing is returned. localhost:13 does not exist. However, grep-ing on the > string ":13" returns two hits in the .Xauthority file:) > > (~) srvns1 54 % xauth list | grep ":13" > srvns1/unix:13 MIT-MAGIC-COOKIE-1 611a4835e65cce94312ac15a8e32d836 > srvns1.cbot.com:13 MIT-MAGIC-COOKIE-1 65d6090ac2dfd4c46a06dc98b7b9f963 > (~) srvns1 55 % /bin/su - > Password: > Sun Microsystems Inc. SunOS 5.8 Generic Patch October 2001 > > (as root, I add both of these cookies, in case either of them will work) > > srvns1!/ >> xauth add srvns1/unix:13 MIT-MAGIC-COOKIE-1 611a4835e65cce94312ac15a8e32d836 > srvns1!/ >> xauth add srvns1.cbot.com:13 MIT-MAGIC-COOKIE-1 65d6090ac2dfd4c46a06dc98b7b9f963 > srvns1!/ >> export DISPLAY=srvns1.cbot.com:13 > srvns1!/ >> xclock > Error: Can't open display: srvns1.cbot.com:13 > srvns1!/ >> export DISPLAY=srvns1/unix:13 > srvns1!/ >> xclock > Error: Can't open display: srvns1/unix:13 > > as you can see, neither of those display names will work. I should mention > that this did work in older versions of OpenSSH (3.0.2p1, 2.9.9p1, 2.9p1, > 2.5.1p1, yadda yadda yadda) but has now broken with this release. I believe > that the problem lies with the fact that DISPLAY is "localhost":something, > and that string is not in the .Xauthority file. But that is just a guess. > Does anyone have any suggestions on getting this to work again? The answer: add X11UseLocalhost no to the /etc/sshd_config. This is something new with version 3.1. It is not one of the commented-out lines in the default sshd_config file, but it is in the sshd manpage. My bad for missing it. Thanks to: sullivan@cs.uoregon.edu Steve Zinck <sz@nerd.ca> John Horne <J.Horne@plymouth.ac.uk> Dan Astoorian <djast@cs.toronto.edu> system administration account <sysadmin@astro.su.se> +-----------------------------------------------------------------------+ | Christopher L. Barnard O When I was a boy I was told that | | cbarnard@tsg.cbot.com / \ anybody could become president. | | (312) 347-4901 O---O Now I'm beginning to believe it. | | http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow | +----------PGP public key available via finger or PGP keyserver---------+ _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Wed Apr 3 09:25:20 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:39 EST