Here’s the scenario:
You ssh to a remote server with your login and either sudo or su to another user to run some application that uses a X Windows front end. There is a firewall between your desktop and the remote server that allows only ssh connections (port 22). When you run into the error “Xlib: PuTTY X11 proxy: wrong authentication protocol attempted”. What to do?
jason $ echo $DISPLAY
localhost:10.0
jason $ su – oracle
oracle‘s Password:
oracle $ xterm
Xlib: connection to "localhost:10.0" refused by server
Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
xterm Xt error: Can’t open display: localhost:10.0
On recent OpenSSH Server releases, you can simply enable “ForwardX11Trusted yes” in the /etc/ssh/sshd_config file and restart the OpenSSH server. If you’re not using a recent OpenSSH Server release or if you can’t for security or political reasons, what could you do? Give up? It’s simpler than you think.
You need to temporarily transfer the authorization to the other account. First, get the key from your account:
aspc2o1/unix:10 MIT-MAGIC-COOKIE-1 bc334c66cfec3c5c3d5b0efc4ee9d3ad
Next, sudo/su to the other account and add the authorization key.
oracle $ xauth add aspc2o1/unix:10 MIT-MAGIC-COOKIE-1 bc334c66cfec3c5c3d5b0efc4ee9d3ad
Now, you should be able to start any X Windows application, assuming that your DISPLAY variable is set to go through the ssh tunnel:
Thanks, very helpfull info.
Thanks, that was very helpful!!
Fantastic! Thanks a million! It wasted my 1 work day to debug this tricky X windows auth problem before I saw this article.
This is looking very usefull. Thank you for sharing this.
Great. I’ve found it really useful!!!
Thanks for article. I was not aware of such utility on linux as well.
Thanks much for that.
Hi
Thank you for the article…Each time when I logout and login I see this error.
Is there any one time fix that can be incorporated. I used Xming.
You could write a script that writes the DISPLAY and xauth info to a file prior to changing users. As long as the user you changed to as read access to that file, you should be able to.
Great article. Wish I would have seen this before wasting 10 hours troubleshooting and testing.
Since you brought up politics, my question is — Should I let the security people who locked down all of our servers without warning or workaround know about your great solution? When they treated my like an annoying thorn for asking them to help? Muhahaha
Pingback: X Redirect - Untangle Forums
Thanks for the article. Its the exact situation I’m in. (windows laptop but have to run oracle install xwindows gui from solaris box – I don’t have login to ‘oracle’ user but sudo privs.)
I got putty’s ssh (with x11 forwarding) to finally allow my login to run xclock, but couldn’t run it after sudo to the oracle user. When I tried to add the cookie as described in the article, I got:
xauth: timeout in locking authority file $HOME/.Xauthority
All I had to do was change my home directory to ‘read/writable’ (ie. chmod a+rw $HOME/.) and it worked. Thanks a bunch.
XWindows is not really that complicated – but since its a networked based GUI system, its getting the networking to work that can be a pain.
Well done, thanks for this article! Hopefully I won’t have this problem again, otherwise I’ll have to bookmark this site.
Pingback: Fix Xlib: PuTTY X11 proxy: wrong authentication protocol attempted | TurboLinux Blog
Solved my problem. Thanks a lot!
Thanks for the great article. This worked for me on Linux.
Thanks! Was very helpfull!
it’s work fine thanks
Thanks a lot. It worked fine.
Excellent piece of suggestion.
Pingback: X11 authorization » SwitchBL8's gebazel
I had also been under the same circumstances. But now, I am locked and loaded & I am pretty hopeful I will get rid of this error and can easily use applications that require X Windows frontend. Thanks a lot for sharing this wonderful post.
Owesome! Thanks for this article! Was very useful!
I’m still having the same problem. If i login .xclock is ok. then if i sudo su – > follow the steps also okay.
problem is if i try su – oracle .then i try same steps i will get
-bash-3.2$ xauth add XYZ.com/unix:11 MIT-MAGIC-COOKIE-1 2c12495022c0fca1668f4dd662562ceczzz
xauth: error in locking authority file /home/oracle/.Xauthority
-bash-3.2$ xclock
Xlib: connection to “localhost:11.0″ refused by server
Xlib: PuTTY X11 proxy: wrong authorisation protocol attempted
Error: Can’t open display: localhost:11.0
ive been having this problem since last thursay..im getting crazy on this.
please advice
additional info ->
-bash-3.2$ whoami
oracle
-bash-3.2$ id oracle
uid=8647(oracle) gid=10001(oinstall) groups=10001(oinstall)
-bash-3.2$
thanks
pilotHans, check the permissions on the .Xauthority file. The oracle user needs to own it and have read/write on it (chmod 0600 ~oracle/.Xauthority)
Thank you very much! It really helped me with my problem.
This was fantastic. Just as a heads up, you can use:
xauth list | while read x ; do sudo xauth add $x ; done
Which will automate the process of adding the information into xauth. I put it in my .bashrc so when I log in it just simply works. You might want to add that to the post so other people might benefit it as well.
Thanks a lot Jason, your article helped me fix the issue in a giffy. I was stuck with it for 5 long hours.
I wasted 12 hrs figuring out how to make it work. export display to this, set xhost to that.. blah crap blah… but this article fixed the problem in a trice!
thank you sir!
Thanks a million! That helped me to fix my problem! The article is really useful!
Thank you for sharing this.
thank you Jason, you saved my day!
Thank you very much Jason.Wonderful article,solution worked for me in linux.
Thanks a lot Jason for this solution
Thank you very much, this information is very useful to me!
Thanks. Another great mystery solved for me.
Thanks a ton……saved my day…
Worked great–thanks!
Can’t thank you enough! Excellent work.
Thanks
Pingback: Anonymous
Hello,
I ran it with oracle user which I logged in but I got the error listed below.
Please give me some advice to fix this.
Xlib: connection to “localhost:0.0″ refused by server
Xlib: No protocol specified.
If you are not able to run xclock successfully, please refer to your PC-X Server or OS vendor for further assistance.
Typical path for ‘xclock’: ‘/usr/openwin/bin/xclock’
Thanks,
Super explanation. Solved my question in few min.
Many Thanks…
Thanks for info, helped me to save much time at work
Thank you very much
nice simple fix.