I need to change the .Xauthority
file location for a group of users to be $HOME/tmp/.Xauthority
rather than the default $HOME/.Xauthority
.
I already tried what I could catch up from several sources like:
I set the environment variable like this in several /etc/.profile
, .profile
, .bashrc
.... etc. with the following: XAUTHORITY=$HOME/tmp/.Xauthority
With the result of:
Any login attempt with a user of sshx group (ssh -X server
) results in timeout in locking $HOME/.Xauthority
. It is like having changed nothing. Interesting about is that if I echo $XAUTHORITY
it shows $HOME/tmp/.Xauthority
. authx
is working as well, but not at the time of login.
Therefore the processing I need must happen somewhere before ssh -X
or while establishing the X connection. Where do I have to change it so that I can address a group of users only since I do not want root or users without a sshX group be affected since they eventually do not have the directory?
The way I do it is to set XAUTHORITY=/tmp/Xauthority-username
in ~/.ssh/environment
, but that requires changing /etc/ssh/sshd_config
to say PermitUserEnvironment yes
.
I use /tmp
because that keeps it local to each machine. With home directories on NFS, that becomes a bottleneck and causes race conditions where starting several apps simultaneously on multiple remote hosts can cause some to fail.
I came up with something partial, but still I have now the .Xauthority relocated to ~/tmp/.Xauthority which is actually a great progress for now. (Ubuntu Server is the target OS)
All the settings stay the same only a file need to be created ~/.ssh/rc which is loaded upon connection of ssh -X servername:
if read proto cookie && [ -n "$DISPLAY" ]; then
if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
# X11UseLocalhost=yes
echo add unix:`echo $DISPLAY |
cut -c11-` $proto $cookie
else
# X11UseLocalhost=no
echo add $DISPLAY $proto $cookie
fi | xauth -q -f ~/tmp/.Xauthority -
fi
which starts the xauth and creates the file in the location you want, it also adds/creates entries in the .Xauthority file for proper authentication.
Now you need to modifiy the ~./profile since the shell is loaded it needs to know where the .Xauthority file is found. Therefore we add one line at the very top:
export XAUTHORITY=~/tmp/.Xauthority
This enables me to connect via ssh -X servername to a shell and start any X app. Lets try this by starting xeyes or xclock.
Cool, but still another issue came up to me to have it done right, but I have no solution for it now. If you try to start the X app directly from the remote, like:
x@y:~$ ssh -X servername xeyes
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
Error: Can't open display: localhost:11.0
This is a interesting error, since if you google it there are a lot of answers, but now the situation itself leads to that assumption that something is different when bash is loaded and it is left out. The only thing I assume is the line in .profile which sets the XAUTHORITY variable, but how do I set it without loading a shell. Why does it work if I have a user which has the .Xauthority file in the default location (~/.Xauthority)?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With