Solved

How to run a X-program with sudo using putty and xming?

Posted on 2009-05-14
9
9,143 Views
Last Modified: 2013-12-21
Hi all,

I do want to run a X-program, lets say xclock, on a linux server. The program should be displayed on a windows pc running xming as X-server.

Or in detail:
1. I logon using putty with X-forwaring as user THEUSER to the server from my pc
2. I start xming as X-server on my pc
3. I run sudo -u THEOTHERUSER /usr/bin/X11/xclock
4. xclock is displayed on my pc ...

The problem is, that there is an error message regarding to the X-settings (DISPLAY)

Xlib: connection to "localhost:10.0" refused by server
Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
Error: Can't open display: localhost:10.0

I tried to copy the xauth stuff from one user to the other, but the DISPLAY and the cookie change every logon... if the user THEOTHERUSER is offline, there is no xauth information to be copied....

Can give any suggestions?

Thank you very much

Best regards
gnurl
0
Comment
Question by:gnurl
  • 4
  • 2
  • 2
9 Comments
 
LVL 4

Assisted Solution

by:amrox
amrox earned 100 total points
ID: 24386235
Looks like you've got X11 server access control
try 'xhost +'
then try again

If that doesn't work, check that your $DISPLAY var is correct - before sudo'ing do an 'echo $DISPLAY', and set the value for your new session to this value using 'export DISPLAY=<value>'
 
0
 
LVL 61

Expert Comment

by:gheist
ID: 24393376
For X11 to be forwarded correctly you need:
Xming running in listen mode on workstation
SSH X11 forwarding enabled in SSH server's /etc/ssh/sshd_config, and sshd reloaded afterwards - kill -HUP `cat /var/run/sshd.pid'
X11 forwarding enabled in putty (default setting)

xdpyinfo should show whats wrong or right with display environment.

If X11 forwarding is disabled on SSH server then it attempts X11 connections to display outside secure channel - bad for firewalled environment.
If no X11 forwarding on client you get error DISPLAY not set.

0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 50 total points
ID: 24393382
You mentioned sudo - X11 will not forward for sudo-ed user.
It might be done with sux from SuSE or kdesu from kde, but never with su or sudo.
0
 
LVL 7

Author Comment

by:gnurl
ID: 24394493
Hi amrox,

I added the linux server (running xclock) to the windows pc (running xming and sadly NOT displaying xclock). This does not help.

The problem with the display variable is, how do I set this in sudo and start the program I want to run?

For me the problem is following:

1. start Xming (Xming.exe :0 -clipboard -multiwindow) on local pc (to display xclock)
2. start putty on local pc (with X11 forwarding) usind login USER
3. xauth list on remote server shows
    <remoteserver>/unix:10  MIT-MAGIC-COOKIE-1 <cookiestring>
    echo $DISPLAY on remote server shows
    localhost:10.0
4. xclock on remote server starts xclock, and xclock is displayed on local pc using xming
5. starting  sudo -u <THEOTHERUSER> /usr/bin/X11/xclock on remote server shows
Xlib: connection to "localhost:10.0" refused by server
Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
Error: Can't open display: localhost:10.0

6. xauth nextract /home/<THEOTHERUSER>/xauth1 as user USER
    extracts the cookiestring to be merged to THEOTHERUSERs .Xauthority file
7. xauth nmerge xauth1 as user THEOTHERUSER merges the cookie to .Xauthority
    so xauth list as user USER and user THEOTHERUSER shows the same cookie
    <remoteserver>/unix:10  MIT-MAGIC-COOKIE-1 <cookiestring>
8. adding set DISPLAY=localhost:10.0 to .cshrc for user THEOTHERUSER leads to a DISPLAY
    localhost:10.0 everytime the USER logs on.
9. in conclusion:
    the xauth information for USER and THEOTHERUSER is the same
    the DISPLAY for USER and THEOTHERUSER ist the same
10. but:
      sudo -u <THEOTHERUSER> /usr/bin/X11/xclock
      throws the same error:
     Xlib: connection to "localhost:10.0" refused by server
     Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
     Error: Can't open display: localhost:10.0

Does anybody hava any suggestions?

Thank you,
Best Regards
gnurl
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 61

Expert Comment

by:gheist
ID: 24394529
sudo does not work with X11 even on local consoles for most systems.
0
 
LVL 7

Accepted Solution

by:
gnurl earned 0 total points
ID: 24410509
Hi all,

@gheist I am sorry, but I could not find sux or kdesu as one of my SLES9 packages in yast.

@amrox I could make it (partly) work with syncing the xauth and DISPLAY values for both users (as described mby me) adding the server to XMING (with the additional tool xauth.exe) showed me the X-session. But sudo is so secure, that shell variables I need are wiped from the environment. So the program starts but does not work. ... I gave it up.

Thanks for you help
0
 
LVL 61

Expert Comment

by:gheist
ID: 24411827
You can find sux in suse 10.
You can find kdesu in kdebase.

Hint: search for respective files in package repository
0
 
LVL 4

Expert Comment

by:amrox
ID: 24416468
My vote: close it in the way that the original poster wanted it closed before the objection.  Not sure if that is 1, 2 , 3, or 4  But as the objection is not valid then I vote for the 4 day closure to continue.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Have you ever been frustrated by having to click seven times in order to retrieve a small bit of information from the web, always the same seven clicks, scrolling down and down until you reach your target? When you know the benefits of the command l…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now