https://t2bwiki.iihe.ac.be/index.php?action=history&feed=atom&title=TunnelSSHThroughSuTunnelSSHThroughSu - Revision history2026-04-20T22:33:40ZRevision history for this page on the wikiMediaWiki 1.43.5https://t2bwiki.iihe.ac.be/index.php?title=TunnelSSHThroughSu&diff=336&oldid=prevMaintenance script: Created page with " How to tunnel ssh display through su on fedora:<br>
When you su through root like that and then to another (non-root) user you need to copy root's xauthorization first (this..."2015-08-26T12:29:24Z<p>Created page with " How to tunnel ssh display through su on fedora:<br>
When you su through root like that and then to another (non-root) user you need to copy root's xauthorization first (this..."</p>
<p><b>New page</b></p><div><br />
How to tunnel ssh display through su on fedora:<br><br />
When you su through root like that and then to another (non-root) user you need to copy root's xauthorization first (this is regardless of whether you are in an ssh session or not)<br><br />
so, while you are still root type 'xauth list' to get the cookie, and copy the whole line by highlighting it, then su to the other user and use 'xauth add' to add the authorization<br><br />
<br />
<pre><br />
[root@linux1 ~]# xauth list<br />
linux1/unix:10 MIT-MAGIC-COOKIE-1 6a84e4f2561f9b25858f7e2e4b969d60<br />
</pre><br />
<br />
<pre><br />
su - user1<br />
xauth add linux1/unix:10 MIT-MAGIC-COOKIE-1 6a84e4f2561f9b25858f7e2e4b969d60<br />
</pre><br />
<br />
alternate solution:<br><br />
You can either use the xauthority of the original ssh user or root's, probably best to do it your way. Note that if you don't go through root then this isn't required eg<br />
<br />
ssh -X -l user1 <server><br><br />
su - user2<br><br />
su - user3<br><br />
su - user4<br><br />
<br />
then xapps work fine for user4, the authority is propagated through the chain of logins. Once you switch user to root the chain is broken and you must manually create the xauthority.<br />
<br />
EDIT<br />
This behaviour is controlled by pam_xauth, and apparently you can make it automatic for root to forward the xauth key to a user by creating a file /root/.xauth/export and adding the allowed users to it, see http://www.kernel.org/pub/linux/libs...pam_xauth.html<br />
<br />
<br />
<br />
{{TracNotice|{{PAGENAME}}}}</div>Maintenance script