 |
|
You are here: CLASSE Wiki>Computing Web>LinuxSupport>TrustedXForwarding (10 Dec 2008, DevinBougie)Edit Attach
Trusted X Forwarding
In general, one can use ssh -Y to login to a remote system and setup X forwarding. If you then want to become another user (through ksu, for example), the following steps must be followed to use your forwarded X session from the new account.
- After logging into the linux system (for example, using ssh -Y lnx201, find out what your display is set to as follows:
[dab66@lnx201 ~]% echo $DISPLAY localhost:11.0
- Then, view the authorization for this display using xauth list $HOSTNAME/unix:displaynumber where displaynumber is the first number you see after the colon in the output from echo $DISPLAY. For my example, I would type:
[dab66@lnx201 ~]% xauth -i list $HOSTNAME/unix:11 lnx201.lns.cornell.edu/unix:11 MIT-MAGIC-COOKIE-1 8461db23e26dde381e2347b6188b430f
- Copy the entire output of the xauth list command. Then, ksu as pass2 and paste this output at the end of xauth add. For example,
[root@lnx201 dab66]# xauth add lnx201.lns.cornell.edu/unix:11 MIT- MAGIC-COOKIE-1 8461db23e26dde381e2347b6188b430f
- if the output from this step contains something like "xauth: /tmp/.gdm16zrKm not writable, changes will be ignored", then you need to set the XAUTHORITY environment variable to ~/.Xauthority before executing the xauth add command.
[root@lnx201 dab66]# export XAUTHORITY=~/.Xauthority [root@lnx201 dab66]# xauth add lnx201.lns.cornell.edu/unix:11 MIT- MAGIC-COOKIE-1 8461db23e26dde381e2347b6188b430f
- if the output from this step contains something like "xauth: /tmp/.gdm16zrKm not writable, changes will be ignored", then you need to set the XAUTHORITY environment variable to ~/.Xauthority before executing the xauth add command.
mp159:~ dab66$ ssh -Y lnx201 Last login: Wed Oct 29 17:12:50 2008 from 74-32-114-234.dsl1.nrwc.ny.frontiernet.net [dab66@lnx201 ~]% echo $DISPLAY localhost:11.0 [dab66@lnx201 ~]% xauth -i list $HOSTNAME/unix:11 lnx201.lns.cornell.edu/unix:11 MIT-MAGIC-COOKIE-1 8461db23e26dde381e2347b6188b430f [dab66@lnx201 ~]% ksu pass2 Authenticated dab66@LNS.CORNELL.EDU Account root: authorization for dab66@LNS.CORNELL.EDU successful Changing uid to pass2 [pass2@lnx201 dab66]# xauth add lnx201.lns.cornell.edu/unix:11 MIT-MAGIC-COOKIE-1 8461db23e26dde381e2347b6188b430f [pass2@lnx201 dab66]# xclock
Edit | Attach | Print version | History: r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r2 - 10 Dec 2008, DevinBougie
Request Forms
Computer Account
IT Communications
subscribe
Usage Information
Collaboration
Private Links
CCG Internal
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding CLASSE Wiki? Send feedback