Mobatek Blog

Latest news, tips and tricks about MobaXterm
and other Mobatek applications

How to keep X11 display after su or sudo

How to keep X11 display after su or sudo

Posted on by MobaXterm dev team
Share:    Permalink

Hi everyone!

We receive a lot of emails asking how to keep X11-forwarding working after changing user to root inside a SSH session in MobaXterm. This is by default not allowed on Unix/Linux systems, because the X11 display connection belongs to the user you used to log with when connecting to your remote SSH server. X11-forwarding mechanism does not allow anyone to use the open display.

However, in some cases you may need to start a graphical application like nedit or firefox in a sudo or su context. In order to achieve this, you could manually retrieve X credentials in the su/sudo context by looking up the “xauth list” for the original username and then adding them using “xauth add” to the current context.

You can also use a single (magic) command in order to achieve this!

For instance, here is a simple scenario:

  • I start a SSH session to remote server “Server1” with user “john”
  • In this session, I perform a “su -” command in order to become “root”
  • If I run “xclock”, the following error occurs:

MobaXterm X11 proxy: Authorisation not recognised
Error: Can’t open display: localhost:10.0

I just have to execute the following command in order to retrieve my display and make “xclock” work:
xauth add $(xauth -f ~john/.Xauthority list|tail -1)

We hope this will help you if you need to have a working X11 display through SSH after becoming root.