TunnelSSHThroughSu

From T2B Wiki
Jump to navigation Jump to search

How to tunnel ssh display through su on fedora:
When you su through root like that and then to another (non-root) user you need to copy root's xauthorization first (this is regardless of whether you are in an ssh session or not)
so, while you are still root type 'xauth list' to get the cookie, and copy the whole line by highlighting it, then su to the other user and use 'xauth add' to add the authorization

[root@linux1 ~]# xauth list
linux1/unix:10  MIT-MAGIC-COOKIE-1  6a84e4f2561f9b25858f7e2e4b969d60
su - user1
xauth add linux1/unix:10  MIT-MAGIC-COOKIE-1  6a84e4f2561f9b25858f7e2e4b969d60

alternate solution:
You can either use the xauthority of the original ssh user or root's, probably best to do it your way. Note that if you don't go through root then this isn't required eg

ssh -X -l user1 <server>
su - user2
su - user3
su - user4

then xapps work fine for user4, the authority is propagated through the chain of logins. Once you switch user to root the chain is broken and you must manually create the xauthority.

EDIT This behaviour is controlled by pam_xauth, and apparently you can make it automatic for root to forward the xauth key to a user by creating a file /root/.xauth/export and adding the allowed users to it, see http://www.kernel.org/pub/linux/libs...pam_xauth.html


Template:TracNotice