openssh X11Forwarding problem solution

Jim Knoble jmknoble at
Wed Mar 29 08:36:18 EST 2000

På 2000-Mar-28 klokka 22:58:03 +0200 skrivet Klaus Knopper:

: I believe the source of the problem is the automatic setup of the
: XAUTHORITY environment variable in different distributions
: (Mandrake, RedHat, others...) during login. openssh seems to create
: its own Xauthority cookie file in /tmp rather than create an entry
: in the user's $HOME/.Xauthority (why?). After successful ssh login,
: XAUTHORITY points to /tmp/ssh-randomstring/cookies, but the
: shell's profiles (/etc/profile.d/xhost.* in Mandrake 7.0) reset
: this variable to its default location $HOME/.Xauthority (except
: for root, this is why it works in the above context). So, the
: valid X11-cookie cannot be found by X11-applications because
: XAUTHORITY points to the wrong file.

Distributions that blindly set XAUTHORITY are broken.  They should
check whether it's already set first, e.g.:

  if [ -z "${XAUTHORITY}" ]; then
    export XAUTHORITY

If the system administrator were to use PAM to set XAUTHORITY to a
desired value on login, it would be silently overridden, in the same
way that sshd's XAUTHORITY is.  Violates principle of least surprise.

If i recall correctly, the reasons why OpenSSH doesn't use
~/.Xauthority are:

  (1) alleviates problems with NFS-mounted home directories.
  (2) authority entries can be cleaned up properly on logout instead of
      sitting around.

Someone correct me there, please; i'm bound to be wrong.

jim knoble
jmknoble at

More information about the openssh-unix-dev mailing list