Failed X11 authentication does the wrong thing

Dave Dykstra dwd at bell-labs.com
Fri Jul 27 04:31:22 EST 2001


That's a fundamental limitation of the way ssh does forwarding of X 
connections; it stores the authentication information in ~/.Xauthority,
and doing su - both changes the value of ~ and makes it impossible for
you to read the file because it has to be readable only by the owner.

Old SSH did the same thing.

- Dave Dykstra

On Sat, Jul 21, 2001 at 01:34:50PM +0100, Matthew Vernon wrote:
> Hi,
> 
> if I do the following:
> 
> ssh -X localhost
> su - another_user
> xterm
> 
> I get:
> 
> X connection to ming:10.0 broken (explicit kill or server shutdown).
> 
> Where what is really wanted was something like:
> 
> Xlib: connection to ":0.0" refused by server
> Xlib: Client is not authorized to connect to Server
> xterm Xt error: Can't open display: :0.0
> 
> 'tis easy to reproduce the bug, but the debug output that seems
> relevant is:
> debug1: X11 connection uses different authentication protocol.
> 
> I'm not sure I want to go hacking ssh'x X11 forwarding just yet (there
> are more easy things to do first), so I thought I'd let you know.
> 
> Cheers,
> 
> Matthew
> 
> -- 
> "At least you know where you are with Microsoft."
> "True. I just wish I'd brought a paddle."
> http://www.debian.org



More information about the openssh-unix-dev mailing list