Home » How To » Getting “Xlib: PuTTY X11 proxy: wrong authentication protocol attempted”? I have the answer :)

Getting “Xlib: PuTTY X11 proxy: wrong authentication protocol attempted”? I have the answer :)

Here’s the scenario:

You ssh to a remote server with your login and either sudo or su to another user to run some application that uses a X Windows front end.  There is a firewall between your desktop and the remote server that allows only ssh connections (port 22).  When you run into the error “Xlib: PuTTY X11 proxy: wrong authentication protocol attempted”.  What to do?

ssh jason@remote-server -X
jason $ echo $DISPLAY
jason $ su - oracle
oracle's Password:
oracle $ xterm
Xlib: connection to "localhost:10.0" refused by server
Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
xterm Xt error: Can't open display: localhost:10.0

On recent OpenSSH Server releases, you can simply enable “ForwardX11Trusted yes” in the /etc/ssh/sshd_config file and restart the OpenSSH server.  If you’re not using a recent OpenSSH Server release or if you can’t for security or political reasons, what could you do? Give up? It’s simpler than you think.

You need to temporarily transfer the authorization to the other account. First, get the key from your account:

jason $ xauth list
aspc2o1/unix:10 MIT-MAGIC-COOKIE-1 bc334c66cfec3c5c3d5b0efc4ee9d3ad

Next, sudo/su to the other account and add the authorization key.

jason $ su - oracle
oracle $ xauth add aspc2o1/unix:10 MIT-MAGIC-COOKIE-1 bc334c66cfec3c5c3d5b0efc4ee9d3ad

Now, you should be able to start any X Windows application, assuming that your DISPLAY variable is set to go through the ssh tunnel:

oracle $ xterm


Kyle McBride provided an easy way to automate adding the key to xauth. Add the following to your .bashrc or .profile file.

xauth list | while read x ; do sudo -u oracle xauth add $x ; done

The -u oracle will run the xauth command as the user oracle otherwise the keys will be added to the root user.

Share Button

119 thoughts on “Getting “Xlib: PuTTY X11 proxy: wrong authentication protocol attempted”? I have the answer :)

  1. Muneeb says:

    Sweet. Worked like a charm.

    thanks man.

    1. Nick says:

      Wow!! Thanks a ton man!!

  2. Srini says:

    This is worked perfectly to me.

    Appreciate your help.

  3. MagneS says:

    You made my day! Thanks a lot.

  4. Fabian says:

    You have really made my day…thank you very very much…slogged for days..setting display…Great solution..

  5. Arun says:

    I get this error after the above procedure while launching xterm command:
    X connection to localhost:10.0 broken (explicit kill or server shutdown).

  6. Ritesh says:

    Superb.. worked like a charm.. Saved my days.

  7. FromFrance says:


    Thank you very much.
    Works on a Raspbian, Jan 2015.
    Took me some time to reach your page but solved the problem !
    Beware of the ForwardX11Trusted sshd_config fix which blocks you ssh server from starting.

  8. I have a Global solution for this.

    Edit /etc/pam.d/su

    Change the line
    session optional pam_xauth.so
    session optional pam_xauth.so systemuser=1

    This change basically does the same thing you were doing manually. Found the solution here. https://www.novell.com/support/kb/doc.php?id=7003743

  9. neeraj says:

    Worked well

Facebook login by WP-FB-AutoConnect