Hi everyone!
We receive a lot of emails asking how to keep X11-forwarding working after changing user to root inside a SSH session in MobaXterm.
This is by default not allowed on Unix/Linux systems, because the X11 display connection belongs to the user you used to log with when connecting to your remote SSH server. X11-forwarding mechanism does not allow anyone to use the open display.
However, in some cases you may need to start a graphical application like nedit or firefox in a sudo or su context. In order to achieve this, you could manually retrieve X credentials in the su/sudo context by looking up the “xauth list” for the original username and then adding them using “xauth add” to the current context.
You can also use a single command in order to achieve this!
For instance, here are 2 simple use cases:
1. Using “sudo” command:
- Let’s assume that you are connected to a remote server using SSH with username “john”
- In this session, if you want to launch a graphical application using the “sudo” command (like “sudo firefox” for instance), the following error will occur:
MoTTY X11 proxy: Authorisation not recognised
In order to make it work, you just have to execute the following command before the “sudo firefox”: sudo xauth add $(xauth -f ~john/.Xauthority list|tail -1)
2. Using “su” command:
- Let’s assume that you are connected to a remote server using SSH with username “john”
- In this session, you want to perform a “su” command in order to become “root”
- If you run a graphical application in the “su” context, like “firefox” or “xclock”, the following error will occur:
MoTTY X11 proxy: Authorisation not recognised
In order to make it work, you just have to execute the following command in order to retrieve your display and make “firefox” or “xclock” work: xauth add $(xauth -f ~john/.Xauthority list|tail -1)
We hope this will help you if you need to have a working X11 display through SSH after becoming root.