SSH X-11 forwarding and magic cookies

It’s been years since I stumbled across this, but today I was trying to launch a GUI from new Linux server and got this instead 🙁

X11 connection rejected because of wrong authentication.
Error: cannot open display: localhost:12.0

So, I dug out my notes and thought it would make sense to then blog it for next time!

Once an SSH connection is established, the server will  generate a random authorization (xauth) cookie and store it in ~./Xauthority on the server, known as a MIT-MAGIC-COOKIE-1 entry.

Every time you login, a new cookie is generated, and because I’m switching to another user, its lost.  In order to access the local display again, I need to add my cookie entry from the previous connection like this…

On this occasion, I was using my personal account to login initially, then “su” to the “oracle” account.

[garth@server1 ~]$ echo $DISPLAY
localhost:12.0

Fetch the magic cookie entry relevant to your local display:

[garth@server1 ~]$ echo xauth add `xauth list ${DISPLAY#localhost}`
xauth add server1.localdomain/unix:12 MIT-MAGIC-COOKIE-1 2928a6e16b7d6d57041dcee632764b72

Switch user to “oracle” and add the entry into your /home/oracle/.Xauthority file (by copying the ‘xauth add…’ line from above:

[garth@server1 ~]$ sudo su - oracle
[oracle@server1 garth]$ echo $DISPLAY
localhost:12.0
[oracle@server1 garth]$ xauth add server1.localdomain/unix:12 MIT-MAGIC-COOKIE-1 2928a6e16b7d6d57041dcee632764b72
xauth:  creating new authority file /home/oracle/.Xauthority

After this your X-session should work…try something like “xcalc” or “firefox” to test it first and you should be ready to go!

[oracle@server1 garth]$ xcalc
[oracle@server1 garth]$ cd /tmp/client
[oracle@server1 garth]$ ./runInstaller

 

5 thoughts on “SSH X-11 forwarding and magic cookies

Leave a comment

Your email address will not be published.