X11 connection rejected because of wrong authentication

Asked 30/6, 2014 at 14:45 Answered 15/7, 2022 at 13:50

I am getting a error while accessing the firefox using X11Forwarding.

[root@station2 ~]# firefox
KiTTY X11 proxy: wrong authorisation protocol attemptedKiTTY X11 proxy: wrong authorisation protocol attemptedError: cannot open display: localhost:10.0

setup the following values: /etc/ssh/sshd_config

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes

** Installed the package**

#yum install xorg-x11-xauth
#yum -y install xauth

[root@station2 .ssh]# echo $DISPLAY
localhost:10.0

#mkxauth -c
adding key for station2.example.com to /root/.Xauthority ... done

Profanatory answered 30/6, 2014 at 14:45 Comment(3)

The answer from Michael is correct. This is the best tutorial I have found: blog.linuxjunkie.com/blog/2012/09/26/… – Stedman 3/8, 2015 at 15:52

Note that Stack Overflow is only for questions about writing software; questions about using your UNIX system belong at Unix & Linux. – Unders 15/7, 2022 at 13:52

Where is "mkxauth" command coming from? Did you mean "xauth"? "mkxauth" is not available neither on my fedora nor ubuntu, whereas xauth works on both (although there is no "-c" option) – Dordrecht 28/2, 2023 at 1:50

128

export XAUTHORITY=$HOME/.Xauthority

This fix worked for me

Morisco answered 19/6, 2019 at 6:34 Comment(9)

I could not enable X forwarding into my Raspberry Pi 4 running Ubuntu 20.04, and this fixed it. – Sarong 8/5, 2020 at 7:39

thanks, this works for my case. (Enabling ssh X in RHEL 8 on AWS EC2) – Harkness 8/3, 2021 at 11:7

Can you please provide an explanation of how this solves the problem ? – Beeman 13/7, 2021 at 0:37

This worked for me. Would be nice to know why. For some reason XAUTHORITY had been set to /tmp/kde-<username>/xauth-<numbers>. – Fondly 27/8, 2021 at 10:46

This worked for me on ubuntu server on raspberry pi 4. Thanks! – Infrastructure 9/9, 2021 at 8:51

How can I make it work with other $XAUTHORITY? – Anallese 17/11, 2021 at 12:6

Forwarding X11 like it is 1990 – Dordrecht 28/2, 2023 at 1:46

My setup very strangely worked for some thing (e.g. xeyes) but failed with others (e.g. firefox). This fixed it for me – Facetiae 5/4, 2023 at 15:13

Considering the fact that there are recent comments on this, I'd say forwarding X11 like it's 1990 is very 2023 :) – Lydie 6/7, 2023 at 18:50

There is a hard, if not even impossible, to find (by search engine) scenario that may may cause that error message.

Preliminary note: The topic of this answer is not to discuss if it is a safety risc or recommondable at all to use a graphical desktop as root on an remote, display-less, webserver.

Scenario:

A remote internet connected Linux server S has assigned the domain name example.com to it's public IP4-address 192.0.2.1.
The /etc/hostname file on S contains the single line example.
The /etc/hosts file on S contains the line 127.0.0.1 localhost example.com example.
The (remote) ssh access to S is by (sshd-) configuration (on S) forbidden for root by the line DenyUsers root in /etc/ssh/sshd_config, but allowed for a dummy user user1. From a client computer C a ssh connection, using the ssh parameter -X or -Y, is established to S as user user1.

Then, in a remote terminal on S owned by user1, if any X11 related command is tried to be executed as root, may it be by

su, then trying to start the X11 desktop environment

or, as in the concrete case executing a script containing

#!/bin/bash
su --preserve-environment -c "xfce4-session &" root

the error message

X11 connection rejected because of wrong authentication.

is output and the start of any X11 related program fails. The DISPLAY variable of root's environment contains

example.com:10.0

then.

One solution to the problem is, in this special case, to modify the line

127.0.0.1 localhost example.com example

in /etc/hosts to

127.0.0.1 localhost

Perlaperle answered 26/6, 2015 at 10:5 Comment(3)

Man, your answered saved me! The problem was my hostfile, and now it is fixed! Could you please mention this at the top of your answer, so others could possibly find the solution? – Stedman 3/8, 2015 at 15:23

@Ho1: As i experienced myself when searching the internet for "my" reason of that error message, it is not really helpful to just read the headlines. Since many parameters may take effect, it needs always a thoroughly reading. It is not my opinion to refuse help, but that it is neccessary to study the case in detail first so one could decide for him/herself if to try what was the solution for others. – Perlaperle 15/8, 2015 at 16:26

You are a life saver, just going to the solution down there this one line is magic! – Rockfish 30/12, 2015 at 7:39

Solution: run the application with the same user you are SSHing.

I have also encounter such errors while using X11.

The source of my problem was that i used SSH with my own username (which was not root).

Then, once logged in i tired running stuff with X11 while doing "su" or doing "sudo", the problem with that is that the SSH session is configured with your own username - e.g: Raj, but then you switch to user root which is not part of the X11 session.

So what you should do is simply try to run the application (firefox in your case) with the same user you started the X11 session.

Hope this helps.

Talel.

Ensanguine answered 7/11, 2014 at 13:8 Comment(0)

I ran into this running gvim over ssh -t -Y and the solution that worked for me was:

xauth add $(xauth -f ~<logon_user>/.Xauthority list | tail -1) ; export NO_AT_BRIDGE=1 # gvim X11 fix for remote GUI failure after su

I do not know where I stumbled on this answer so I cannot give credit to the author.

Permeability answered 15/7, 2022 at 13:50 Comment(0)

Recommended topics

Hot tags