Tag Archives: sudo

Linux: Use X11 forwarding with putty and su/sudo

Hi,

when you use X11 forwarding with PuTTY or ssh -X a TCP Socket is opened to which each user can connect. The connection to the X11 itself is protected by an authentification cookie.

Means when you add this cookie to the session launched by su you could use X11 forwarding.

An example. Connect to a linux machine as user michael (by putty or from another linux machine)

michael@debdev ~ # ssh -X michael@debdev1 

In the session of debdev1 list all xauth cookies.

michael@debdev1 ~ # xauth list
debdev1/unix:10  MIT-MAGIC-COOKIE-1  7ea68cc88e74c1697aa6c757504fc0d7 

Note: these cookies are stored the users home directory in file .Xauthority => ~/.Xauthority

Then switch to another user on this machine

michael@debdev1 ~ # sudo su helena

When you try to start a X11 client you got some errors like this

helena@debdev1 ~ # xterm
Can't connect to X11 window server using 'localhost:10.0' as the value of the DISPLAY variable.

Then verify you already have a ~/.Xauthority file

helena@debdev1 ~ # ls -l ~/.Xauthority

If not create a new file

helena@debdev1 ~ # touch ~/.Xauthority

and add the authentification cookie

helena@debdev1 ~ # xauth add debdev1/unix:10  MIT-MAGIC-COOKIE-1  7ea68cc88e74c1697aa6c757504fc0d7

Then you should be able to start X11 programs

Michael

Linux: Use ssh agent forwarding while sudo to another user

Hi,

if you are logged on as a user1 and switch to another user2 with sudo the ssh agent from user1 cannot be used because the “switched” user2 does nothing know about the ssh-agent respectively the agent socket.
Continue reading Linux: Use ssh agent forwarding while sudo to another user