Failed X11 authentication does the wrong thing
Dave Dykstra
dwd at bell-labs.com
Fri Jul 27 04:31:22 EST 2001
That's a fundamental limitation of the way ssh does forwarding of X
connections; it stores the authentication information in ~/.Xauthority,
and doing su - both changes the value of ~ and makes it impossible for
you to read the file because it has to be readable only by the owner.
Old SSH did the same thing.
- Dave Dykstra
On Sat, Jul 21, 2001 at 01:34:50PM +0100, Matthew Vernon wrote:
> Hi,
>
> if I do the following:
>
> ssh -X localhost
> su - another_user
> xterm
>
> I get:
>
> X connection to ming:10.0 broken (explicit kill or server shutdown).
>
> Where what is really wanted was something like:
>
> Xlib: connection to ":0.0" refused by server
> Xlib: Client is not authorized to connect to Server
> xterm Xt error: Can't open display: :0.0
>
> 'tis easy to reproduce the bug, but the debug output that seems
> relevant is:
> debug1: X11 connection uses different authentication protocol.
>
> I'm not sure I want to go hacking ssh'x X11 forwarding just yet (there
> are more easy things to do first), so I thought I'd let you know.
>
> Cheers,
>
> Matthew
>
> --
> "At least you know where you are with Microsoft."
> "True. I just wish I'd brought a paddle."
> http://www.debian.org
More information about the openssh-unix-dev
mailing list