Wednesday, August 10, 2011

Getting X11 forwarding through ssh working after running su

Le problème est le suivant:
We want to export a display from a remote unix box, but from another user than the one we connect with.
i connect on a remote host with the user root, or the user user1.
but i want to export the display of a program started with the user oracle.
if i just do:
ssh user1@remotehost
su - oracle

i receive an error, display broken.
Lets see the tip:
X authentication is based on cookies -- secret little pieces of random data that only you and the X server know...
So, you need to let the other user in on what your cookie is. One way to do this is as follows:
Before you issue the su or sudo (but after having ssh'ed into the remote system), request the cookie for the current DISPLAY that's connecting to your X server:
Remote Host:
I assume we connected with ssh and X11 forwarding, and mmsdyy00 is my host with a screen/display:
$ xauth list
mmsdyy00/unix:13  MIT-MAGIC-COOKIE-1  c1825a6cb90d3c4f23368c6764c18989
mmsdyy00/unix:14  MIT-MAGIC-COOKIE-1  5f79f56e5fb5b801572fe0c07598a72b
mmsdyy00/unix:10  MIT-MAGIC-COOKIE-1  5a0510f245c81f1bb2741c6af0a13c8c
mmsdyy00/unix:11  MIT-MAGIC-COOKIE-1  146e0c800789cc7f0aceb75a5d6d9857
mmsdyy00/unix:12  MIT-MAGIC-COOKIE-1  59b4090b6ded3a79ad59523238925873

$ echo $DISPLAY # quel est notre display ?

$ su - oracle

$ export DISPLAY=localhost:12.0 #==> positionnement de la variable

$ xlogo # ==> erreur
X connection to localhost:12.0 broken (explicit kill or server shutdown).

$ xauth add mmsdyy00/unix:12  MIT-MAGIC-COOKIE-1  59b4090b6ded3a79ad59523238925873

$ xlogo # ==> OK

Remarque: j'ai pris dans la liste le dpyname qui contient un 12 :
    ( DISPLAY=localhost:12.0 )

No comments: