Thursday, February 5, 2009

Getting X11 forwarding through ssh working after running su in AIX

After logging to a remote server using the "ssh -X user@host" (assuming that you have enabled X11Forwarding in your "/etc/ssh/sshd_config" file, and then restarted ssh by issuing "stopsrc -g ssh" and then "startsrc -g ssh"), you can run any X-windows application you want ONLY WITH THE USER YOU USED TO LOGIN FROM THE BEGINNING. Whenever you switch your user using "su - username", you won't be able to run any graphical application due to the following two problems:
  1. The $DISPLAY variable value is lost
  2. X authentication is based on cookies -- secret little pieces of random data that only you and the X server know... So, you need to let the other user know what your cookie is
To solve problem one, you can simply add this entry to your "/etc/profile": "export DISPLAY=localhost:10.0"

To solve problem two, you'll have to do the following after login to the server:
  1. run the command "xauth list" to request the cookie for the current DISPLAY that's connecting to your X server, you'll receive something like that: somehost.somedomain:10 mit-magic-cookie-1 4d22408a71a55b41ccd1657d377923ae
  2. Switch to the other user by issuing "su - username"
  3. Copy the above response and paste it to produce this command "xauth add somehost.somedomain:10 mit-magic-cookie-1 4d22408a71a55b41ccd1657d377923ae"
  4. Important Note: You'll have to repeat the above steps every time you use ssh to login to a server.
Example Scenario (Commands are in bold):
"ssh -X root@10.11.12.117"
"xauth list" Output -> "xyosd/unix:10 MIT-MAGIC-COOKIE-1 321c1d6b5bf22484395d0e05b0a29104"
"su - ahmad"
"xauth add xyosd/unix:10 MIT-MAGIC-COOKIE-1 321c1d6b5bf22484395d0e05b0a29104"

Article Resources: "http://www.debian-administration.org/articles/494"

1 comment:

Anonymous said...

Thanks for posting this... mostly thanks for giving it such a 'googleable' title. Spot on!