Troubleshooting

Troubleshooting

If you started your ssh session with the verbose mode, -v, you will see debug messages similar to the following. Notice the statement “X11 connection uses different authentication protocol: ‘MIT-MAGIC-COOKIE-1’ vs. ‘’.

xsvr3: Received X11 open request.

xsvr3: Sending open confirmation to the remote host.

xsvr3: X11 connection uses different authentication protocol: ‘MIT- MAGIC-COOKIE-1’ vs. ‘’. X11 connection rejected because of wrong authentication at Tue Dec 31 15:11:30 2002. Rejected connection at Tue Dec 31 15:11:30 2002: X11 connection from ::ffff:15.27.232.106 port 56861

xsvr3: Channel 0 closes incoming data stream.

xsvr3: Channel 0 closes outgoing data stream.

xsvr3: Channel 0 sends oclosed.

xsvr3: Channel 0 sends ieof.

xsvr3: Channel 0 receives input eof.

xsvr3: X problem fix: close the other direction.

xsvr3: Channel 0 receives output closed.

xsvr3: Channel 0 terminates.

Cause: This is a simplified explanation.

When you log in to a remote host, and you try to run an X client program on the X server (that is, on your local host), the client needs to authenticate itself with the X server. To do this, it gets what is called an MIT-MAGIC-COOKIE, which is stored in ~/.Xauthority. If the file is not there, it is generated. If the file on the remote host does not match what the local host thinks it should say, it gives an error.

Now, you logged on as root and ran a X program, and it created a .Xauthority file. Then you switched to user ids and there is no .Xauthority file for user ids. See the xauth (1) manpage for details.

Solution: Extract the relevant information from user root’s X authority file, and create an X authority file for user ids. remotesys is the full name of your home system (the one you logged in from).

#id

uid=0(root) gid=3(sys) groups=0(root),1(other),2(bin),4(adm),5(daemon),6(mail),7(lp)

#xauth

Using authority file /.Xauthority xauth> list

remotesys:10 MIT-MAGIC-COOKIE-1 9533074095e317c40503821e41839941 remotesys:11 MIT-MAGIC-COOKIE-1 313a43a83192f719535e5b054fc26ac5 remotesys:12 MIT-MAGIC-COOKIE-1 2b4c68632e0310c2867e42c649f3d9f6 xauth> exit

#su ids

$ echo $DISPLAY x.x.x.x:10.0

$ echo $HOME

$ export HOME=/home/ids (this is necessary for xauth to work) $ /usr/bin/X11/xauth

Using authority file /home/ids/.Xauthority

xauth> add remotesys:10 MIT-MAGIC-COOKIE-1 9533074095e317c40503821e41839941 xauth> list

remotesys:10 MIT-MAGIC-COOKIE-1 9533074095e317c40503821e41839941 xauth> exit

Writing authority file /home/ids/.Xauthority

Appendix G

251

Page 263
Image 263
HP Host Intrusion Detection System (HIDS) manual Appendix G 251