Jason L. Froebe – Tech tips and How Tos for Fellow Techies

Tips & Tricks for Databases (Sybase, Oracle, MySQL, PostgreSQL, SQLite), Windows, Linux, Solaris, Perl, Java, Bash and so much much more

Getting “Xlib: PuTTY X11 proxy: wrong authentication protocol attempted”? I have the answer :)

by Jason L Froebe on November 14, 2008, 97 comments

Here’s the scenario:

You ssh to a remote server with your login and either sudo or su to another user to run some application that uses a X Windows front end.  There is a firewall between your desktop and the remote server that allows only ssh connections (port 22).  When you run into the error “Xlib: PuTTY X11 proxy: wrong authentication protocol attempted”.  What to do?

ssh jason@remote-server -X
jason $ echo $DISPLAY
localhost:10.0
jason $ su – oracle
oracle‘s Password:
oracle $ xterm
Xlib: connection to "localhost:10.0" refused by server
Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
xterm Xt error: Can’
t open display: localhost:10.0

On recent OpenSSH Server releases, you can simply enable “ForwardX11Trusted yes” in the /etc/ssh/sshd_config file and restart the OpenSSH server.  If you’re not using a recent OpenSSH Server release or if you can’t for security or political reasons, what could you do? Give up? It’s simpler than you think.
You need to temporarily transfer the authorization to the other account. First, get the key from your account:

jason $ xauth list
aspc2o1/unix:10 MIT-MAGIC-COOKIE-1 bc334c66cfec3c5c3d5b0efc4ee9d3ad

Next, sudo/su to the other account and add the authorization key.

jason $ su – oracle
oracle $ xauth add aspc2o1/unix:10 MIT-MAGIC-COOKIE-1 bc334c66cfec3c5c3d5b0efc4ee9d3ad

Now, you should be able to start any X Windows application, assuming that your DISPLAY variable is set to go through the ssh tunnel:

oracle $ xterm
Share Button

97 thoughts on “Getting “Xlib: PuTTY X11 proxy: wrong authentication protocol attempted”? I have the answer :)

  1. Hi

    Thank you for the article…Each time when I logout and login I see this error.
    Is there any one time fix that can be incorporated. I used Xming.

    • You could write a script that writes the DISPLAY and xauth info to a file prior to changing users. As long as the user you changed to as read access to that file, you should be able to. :)

  2. Great article. Wish I would have seen this before wasting 10 hours troubleshooting and testing.

    Since you brought up politics, my question is — Should I let the security people who locked down all of our servers without warning or workaround know about your great solution? When they treated my like an annoying thorn for asking them to help? Muhahaha

  3. Pingback: X Redirect - Untangle Forums

  4. Thanks for the article. Its the exact situation I’m in. (windows laptop but have to run oracle install xwindows gui from solaris box – I don’t have login to ‘oracle’ user but sudo privs.)

    I got putty’s ssh (with x11 forwarding) to finally allow my login to run xclock, but couldn’t run it after sudo to the oracle user. When I tried to add the cookie as described in the article, I got:

    xauth: timeout in locking authority file $HOME/.Xauthority

    All I had to do was change my home directory to ‘read/writable’ (ie. chmod a+rw $HOME/.) and it worked. Thanks a bunch.

    XWindows is not really that complicated – but since its a networked based GUI system, its getting the networking to work that can be a pain.

  5. Pingback: Fix Xlib: PuTTY X11 proxy: wrong authentication protocol attempted | TurboLinux Blog

  6. Pingback: X11 authorization » SwitchBL8's gebazel

  7. I had also been under the same circumstances. But now, I am locked and loaded & I am pretty hopeful I will get rid of this error and can easily use applications that require X Windows frontend. Thanks a lot for sharing this wonderful post.

  8. I’m still having the same problem. If i login .xclock is ok. then if i sudo su – > follow the steps also okay.

    problem is if i try su – oracle .then i try same steps i will get

    -bash-3.2$ xauth add XYZ.com/unix:11 MIT-MAGIC-COOKIE-1 2c12495022c0fca1668f4dd662562ceczzz
    xauth: error in locking authority file /home/oracle/.Xauthority
    -bash-3.2$ xclock
    Xlib: connection to “localhost:11.0″ refused by server
    Xlib: PuTTY X11 proxy: wrong authorisation protocol attempted
    Error: Can’t open display: localhost:11.0

    ive been having this problem since last thursay..im getting crazy on this.

    please advice

    additional info ->
    -bash-3.2$ whoami
    oracle
    -bash-3.2$ id oracle
    uid=8647(oracle) gid=10001(oinstall) groups=10001(oinstall)
    -bash-3.2$

    thanks

  9. This was fantastic. Just as a heads up, you can use:

    xauth list | while read x ; do sudo xauth add $x ; done

    Which will automate the process of adding the information into xauth. I put it in my .bashrc so when I log in it just simply works. You might want to add that to the post so other people might benefit it as well.

  10. Thanks a lot Jason, your article helped me fix the issue in a giffy. I was stuck with it for 5 long hours.

  11. I wasted 12 hrs figuring out how to make it work. export display to this, set xhost to that.. blah crap blah… but this article fixed the problem in a trice!

    thank you sir!

  12. Pingback: Anonymous

  13. Hello,

    I ran it with oracle user which I logged in but I got the error listed below.

    Please give me some advice to fix this.

    Xlib: connection to “localhost:0.0″ refused by server
    Xlib: No protocol specified.
    If you are not able to run xclock successfully, please refer to your PC-X Server or OS vendor for further assistance.
    Typical path for ‘xclock’: ‘/usr/openwin/bin/xclock’

    Thanks,

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Facebook login by WP-FB-AutoConnect