Here’s the scenario:
You ssh to a remote server with your login and either sudo or su to another user to run some application that uses a X Windows front end. There is a firewall between your desktop and the remote server that allows only ssh connections (port 22). When you run into the error “Xlib: PuTTY X11 proxy: wrong authentication protocol attempted”. What to do?
jason $ echo $DISPLAY
localhost:10.0
jason $ su – oracle
oracle‘s Password:
oracle $ xterm
Xlib: connection to "localhost:10.0" refused by server
Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
xterm Xt error: Can’t open display: localhost:10.0
On recent OpenSSH Server releases, you can simply enable “ForwardX11Trusted yes” in the /etc/ssh/sshd_config file and restart the OpenSSH server. If you’re not using a recent OpenSSH Server release or if you can’t for security or political reasons, what could you do? Give up? It’s simpler than you think.
You need to temporarily transfer the authorization to the other account. First, get the key from your account:
aspc2o1/unix:10 MIT-MAGIC-COOKIE-1 bc334c66cfec3c5c3d5b0efc4ee9d3ad
Next, sudo/su to the other account and add the authorization key.
oracle $ xauth add aspc2o1/unix:10 MIT-MAGIC-COOKIE-1 bc334c66cfec3c5c3d5b0efc4ee9d3ad
Now, you should be able to start any X Windows application, assuming that your DISPLAY variable is set to go through the ssh tunnel:
« Oracle 10g: How to create an Enterprise Manager instance on the command line Trying to install Oracle 11g on AIX 6.x but it fails on a ORA-27173 (unable to attach to shared memory) error? »
Fantastic! Thanks a million! It wasted my 1 work day to debug this tricky X windows auth problem before I saw this article.
This is looking very usefull. Thank you for sharing this.
Great. I’ve found it really useful!!!
Thanks for article. I was not aware of such utility on linux as well.
Thanks much for that.
Hi
Thank you for the article…Each time when I logout and login I see this error.
Is there any one time fix that can be incorporated. I used Xming.
You could write a script that writes the DISPLAY and xauth info to a file prior to changing users. As long as the user you changed to as read access to that file, you should be able to.
Great article. Wish I would have seen this before wasting 10 hours troubleshooting and testing.
Since you brought up politics, my question is — Should I let the security people who locked down all of our servers without warning or workaround know about your great solution? When they treated my like an annoying thorn for asking them to help? Muhahaha
Thanks for the article. Its the exact situation I’m in. (windows laptop but have to run oracle install xwindows gui from solaris box – I don’t have login to ‘oracle’ user but sudo privs.)
I got putty’s ssh (with x11 forwarding) to finally allow my login to run xclock, but couldn’t run it after sudo to the oracle user. When I tried to add the cookie as described in the article, I got:
xauth: timeout in locking authority file $HOME/.Xauthority
All I had to do was change my home directory to ‘read/writable’ (ie. chmod a+rw $HOME/.) and it worked. Thanks a bunch.
XWindows is not really that complicated – but since its a networked based GUI system, its getting the networking to work that can be a pain.
Well done, thanks for this article! Hopefully I won’t have this problem again, otherwise I’ll have to bookmark this site.
Solved my problem. Thanks a lot!
Thanks for the great article. This worked for me on Linux.
Thanks! Was very helpfull!
it’s work fine thanks
Thanks a lot. It worked fine.
Excellent piece of suggestion.
I had also been under the same circumstances. But now, I am locked and loaded & I am pretty hopeful I will get rid of this error and can easily use applications that require X Windows frontend. Thanks a lot for sharing this wonderful post.
Owesome! Thanks for this article! Was very useful!
I’m still having the same problem. If i login .xclock is ok. then if i sudo su – > follow the steps also okay.
problem is if i try su – oracle .then i try same steps i will get
-bash-3.2$ xauth add XYZ.com/unix:11 MIT-MAGIC-COOKIE-1 2c12495022c0fca1668f4dd662562ceczzz
xauth: error in locking authority file /home/oracle/.Xauthority
-bash-3.2$ xclock
Xlib: connection to “localhost:11.0″ refused by server
Xlib: PuTTY X11 proxy: wrong authorisation protocol attempted
Error: Can’t open display: localhost:11.0
ive been having this problem since last thursay..im getting crazy on this.
please advice
additional info ->
-bash-3.2$ whoami
oracle
-bash-3.2$ id oracle
uid=8647(oracle) gid=10001(oinstall) groups=10001(oinstall)
-bash-3.2$
thanks
pilotHans, check the permissions on the .Xauthority file. The oracle user needs to own it and have read/write on it (chmod 0600 ~oracle/.Xauthority)
Thank you very much! It really helped me with my problem.
This was fantastic. Just as a heads up, you can use:
xauth list | while read x ; do sudo xauth add $x ; done
Which will automate the process of adding the information into xauth. I put it in my .bashrc so when I log in it just simply works. You might want to add that to the post so other people might benefit it as well.