using sudo and ssh together`

Howard Owen hbo at egbok.com
Fri Aug 9 20:11:46 EDT 2002 

Your X client (admintool) is looking in the wrong place for its xauth
data. Ssh "spoofs" the xauth protocol by creating a fake X display on the
client side. It generates xauth information for the fake display and uses
the xauth program to place it into ~user/.Xauthority, where 'user' is the
username you are logged in as with ssh.

Sudo aside, if you su to another user, xauth is going to look for its
.Xauthority in the home directory of that user (depending on whether
you've started a login shell or not.) A workaround is to set the XAUTHORITY
environment variable to pint at the original user's .Xauthority. This works
if you su or sudo to root, because root can read the (protected) authority
file.

So for example, if you logged on as 'hbo' and su'd (or sudo'd) to root like 
this:

  hbo% ssh remhost
  Last login: Fri Aug  9 16:58:48 2002 from dhcp-16-78.priv
  Sun Microsystems Inc.   SunOS 5.7       Generic October 1998
  hbo% sudo su - root
  Password:
  Sun Microsystems Inc.   SunOS 5.7       Generic October 1998
  # XAUTHORITY=/home/hbo/.Xauthority;export XAUTHORITY
  # /usr/X/bin/xterm
  (It works. Happy, happy, joy, joy)




--On Friday, August 09, 2002 04:56:15 PM -0600 Jon Robinson 
<jonr at selway.umt.edu> wrote:

> This seems like it would be a really common problem but I can't seem to
> find the answer.  I am hoping someone here knows it and can email me.
>
> I am using ssh from F-Secure to connect from one Sun box to another.  I
> can connect fine, and when I run:
>
> $ admintool
>
> ssh tunnels the Xwindows based Solaris admintool back to my machine with
> no problems.
>
> However, when I start up sudo I get:
>
> $ sudo
># admintool
> warning: X11 auth data does not match fake data.
> warning: X11 auth data does not match fake data.
> X connection to machine2:10.0 broken (explicit kill or server shutdown).
>#
>
> How can I use sudo to become root and still be able to tunnel X apps
> back.
>
> TIA
>
> Jon
>
>
> --
> Jon Robinson, UNIX System Administrator   NET: jonr at selway.umt.edu
> Computing and Information Services        VOICE: 406-2436512
> The University of Montana, Missoula MT    FAX: 406-2434500
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>



Howard Owen                    "Even if you are on the right
EGBOK Consultants               track, you'll get run over if you
hbo at egbok.com  +1-650-339-5733  just sit there." - Will Rogers

More information about the sudo-users mailing list