using sudo and ssh together`
Howard Owen
hbo at egbok.com
Fri Aug 9 20:11:46 EDT 2002
Your X client (admintool) is looking in the wrong place for its xauth
data. Ssh "spoofs" the xauth protocol by creating a fake X display on the
client side. It generates xauth information for the fake display and uses
the xauth program to place it into ~user/.Xauthority, where 'user' is the
username you are logged in as with ssh.
Sudo aside, if you su to another user, xauth is going to look for its
.Xauthority in the home directory of that user (depending on whether
you've started a login shell or not.) A workaround is to set the XAUTHORITY
environment variable to pint at the original user's .Xauthority. This works
if you su or sudo to root, because root can read the (protected) authority
file.
So for example, if you logged on as 'hbo' and su'd (or sudo'd) to root like
this:
hbo% ssh remhost
Last login: Fri Aug 9 16:58:48 2002 from dhcp-16-78.priv
Sun Microsystems Inc. SunOS 5.7 Generic October 1998
hbo% sudo su - root
Password:
Sun Microsystems Inc. SunOS 5.7 Generic October 1998
# XAUTHORITY=/home/hbo/.Xauthority;export XAUTHORITY
# /usr/X/bin/xterm
(It works. Happy, happy, joy, joy)
--On Friday, August 09, 2002 04:56:15 PM -0600 Jon Robinson
<jonr at selway.umt.edu> wrote:
> This seems like it would be a really common problem but I can't seem to
> find the answer. I am hoping someone here knows it and can email me.
>
> I am using ssh from F-Secure to connect from one Sun box to another. I
> can connect fine, and when I run:
>
> $ admintool
>
> ssh tunnels the Xwindows based Solaris admintool back to my machine with
> no problems.
>
> However, when I start up sudo I get:
>
> $ sudo
># admintool
> warning: X11 auth data does not match fake data.
> warning: X11 auth data does not match fake data.
> X connection to machine2:10.0 broken (explicit kill or server shutdown).
>#
>
> How can I use sudo to become root and still be able to tunnel X apps
> back.
>
> TIA
>
> Jon
>
>
> --
> Jon Robinson, UNIX System Administrator NET: jonr at selway.umt.edu
> Computing and Information Services VOICE: 406-2436512
> The University of Montana, Missoula MT FAX: 406-2434500
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
Howard Owen "Even if you are on the right
EGBOK Consultants track, you'll get run over if you
hbo at egbok.com +1-650-339-5733 just sit there." - Will Rogers
More information about the sudo-users
mailing list