Getting “Xlib: PuTTY X11 proxy: wrong authentication protocol attempted”? I have the answer :)
Here’s the scenario:
You ssh to a remote server with your login and either sudo or su to another user to run some application that uses a X Windows front end. There is a firewall between your desktop and the remote server that allows only ssh connections (port 22). When you run into the error “Xlib: PuTTY X11 proxy: wrong authentication protocol attempted”. What to do?
jason $ echo $DISPLAY
localhost:10.0
jason $ su – oracle
oracle’s Password:
oracle $ xterm
Xlib: connection to "localhost:10.0" refused by server
Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
xterm Xt error: Can’t open display: localhost:10.0
On recent OpenSSH Server releases, you can simply enable “ForwardX11Trusted yes” in the /etc/ssh/sshd_config file and restart the OpenSSH server. If you’re not using a recent OpenSSH Server release or if you can’t for security or political reasons, what could you do? Give up? It’s simpler than you think.
You need to temporarily transfer the authorization to the other account. First, get the key from your account:
aspc2o1/unix:10 MIT-MAGIC-COOKIE-1 bc334c66cfec3c5c3d5b0efc4ee9d3ad
Next, sudo/su to the other account and add the authorization key.
oracle $ xauth add aspc2o1/unix:10 MIT-MAGIC-COOKIE-1 bc334c66cfec3c5c3d5b0efc4ee9d3ad
Now, you should be able to start any X Windows application, assuming that your DISPLAY variable is set to go through the ssh tunnel:
Very useful and rare to get this kind of exact and precise work around. Million thanks.
wonderful solution….thanks a ton….
Awesome. Glad I was able to find this. Works perfectly and exactly what I was looking for!
Glad I could help
Thank you for the tip Jason! I’ve been struggling with this issue for months and been doing silent Oracle installations as a result at one of my clients. I just tried your suggestion and it worked like a charm.
Many, many thanks!
hey i m not able to open the display when i want to open text editor or gvim it gives the error
Xlib: connection to “yamsrv1.ece.gatech.edu:11.0″ refused by server
Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
(gedit:16728): Gtk-WARNING **: cannot open display:
any help is appreciated
Rahul,
If you’re using Windows, you may have to tell your X Windows software to allow the incoming connection from the putty session. Which X Windows software are you using?
I’m guessing you’re using Windows because putty isn’t too terribly common on Unix/Linux/MacOSX desktops.
Jason
hey i am using xming + putty
on windows desktop
xming version 6.9.0.31
i am trying to access linux based server remotely
regards
rahul
Hi Rahul,
I haven’t used xming very often but the last time I followed http://www.straightrunning.com/XmingNotes/trouble.php Does this help?
jason
I went thru that before only but the thing is my xserver is somehow not able to connect…
I still dont know
i m sure abt this cos none of my friends had this problem and we are accessing the same remoyte server so no change is required at the remote server side and neways we dont have root rights at remote server
can thre be any fire wall problem i m gonna try tht now …but i m not sure
but i am activatin xming before starting putty…which is how we are suppose to do
but still i donno wats the problem
which X11 authentication protocol do you have set in PuTTY?
hey I got it running
I used X11 forwarding only
The problem I gess was with my user account the xterm parameters were not set properly
and I dont have the root accesss
I donno whther you can do nething abt it without the root access…ne suggestions is welcome
I have sent the request to the college support staff
I am currently working on my friends account
congrats Rahul! I’m glad you got the x11 forwarding to work using putty
Thank you for posting this precise answer. It was just what I was looking for.
Debra, no problem
i came in to start my oracle install on a new box ( via sudo not a direct login as in the past ) at 8am monday morning and get this error – not a good start. so i cut and paste the whole message into google. your page comes up first on the list. the solution works as advertised
too easy.
thanx heaps.
I ran into the same problem, thanks for pointing me in the direction of xauth. Further googling got me the solution for my Ubuntu server:
Install pam_xauth to transfer xauth cookies between users on su. Now the problem is solved!
Thanks a bunch Jason.
I normally never post messages..but GOD bless for passing on the knowledge and information.
Thanks again!
Thanks bud, i owe you one!
Thanks a lot, it worked really well.
Thanks. It is 4 am on a Friday morning, and this write up was the solution I needed!
Thanks Jason!!… good luck man.
Thanks God you have the answer, and easy way to do it, the most importa thing, it is works, trying a lot before with out result, but you did it on easy 3 step.
Great post!
Excellent and clear explanation for an issue that bugged me big time.
BTW: I was also striving to start some Oracle UI as oracle.
Thanks for the article!
thanks!
This worked perfectly. Thanks for a simple solution to a (seemingly) simple problem.
Jason, does that mean we can now access X11 applications for instance, pidgin or any other thing from someone’s else computer and see the screen on our PC? I mean it’s been long since I’ve used putty, I used to use it for Shells for IRC and some other work but now I don’t have use it as I dual-boot with Linux.
If that so, that seems a great discovery to me.
yup
putty is very useful on windows boxes
[...] you try the steps described here to transfer the authorization to the other account. But if you follow the steps and it simply doesnt work, check the filesystem where the home [...]
Thanks for putting this exact information. really appreciate.
I have been working on this exact problem for two hours till I found your suggestion! You rule!
Thanks for this exact and excellent solution
Hmm. I’m still getting the infamous –
PuTTY X11 proxy: wrong authentication protocol attempted
Error: Can’t open display: localhost:10.0
My Windows (Vista) PuTTY settings include everything I’ve seen here (but I note that my PuTTY 0.60 has slightly different configuration screens than the screenshots at straightrunning.com).
Hi Jeff,
Are you able to open xterm or another x11 program as the person you’re logging in as (before the sudo)? If so, then run “xauth list” as yourself and as the user you sudo to. Make sure that all the xauth lines match up. Also verify the DISPLAY before and after sudo.
jason
Many thanks for this post, you saved me lots of “exploration”.
Thanks! – saved my butt on a Oracle install. Worked perfect.
Thats good to knwo keep it up!
I got the same error message, but I already entered the key from xauth some weeks ago. The last day I connected was yesterday. The problem was that no space was left. I deleted some files from /home/…/Downloads/ and restarted the server.
By “df -h” you get left space on your system.
[http://setaoffice.com/2009/09/19/xlib-putty-x11-proxy-wrong-authentication-protocol-attempted/]
Thank you!
One more detail
The recent 10/2009 release of Solaris (x86) requires the “ForwardX11 yes” entry in the client config file (/etc/shh/ssh_config) not the daemon config file (/etc/shh/sshd_config).
sshd will reject it as a bad configuration option in the daemon config file
HECK YES!
$$$