putty x11 forwarding stops working after su

After finding this once, scouring the web again trying to find the solution, I figured this time I would take note. If you ever have to forward x11 locally using putty, you’ve probably noticed that it doesn’t work after switching users with su. Here’s what you need to do to fix this:

First try to forward xclock

[user@localhost ~]$ xclock
Xlib: connection to "localhost:10.0" refused by server
Xlib: PuTTY X11 proxy: MIT-MAGIC-COOKIE-1 data did not match
Error: Can't open display: localhost:10.0

Notice the MIT-MAGIC-COOKIE-1 error – next let’s see what xauthorization is setup. Drop back down to the user you su’d from:

[user@localhost ~]$ exit
[root@localhost ~]# xauth list
localhost/unix:10  MIT-MAGIC-COOKIE-1  1234567890abcdefghijklmnopqrstuv

Now let’s add this “magic cookie” to the authorized x11 terminals list for the user we need to su to:

[root@localhost ~]# su - user
[user@localhost ~]$ xauth add localhost/unix:10  MIT-MAGIC-COOKIE-1  1234567890abcdefghijklmnopqrstuv
[user@localhost ~]$ xclock

Now your forwarding should work.

9 thoughts on “putty x11 forwarding stops working after su

  1. Gregory

    I did this and it worked.

    I put a script on .bash_profile of the user, to when it log in, sincronyze with the magic cookie with the first user loged.

    For example. I log into sever with user test, and perform a sudo su – test2. When I do that, it will automatically transfer the magic cookie of test user to test2. It worked well. The problem is that i have more then one user performing the sudo command to test2, and when this happens, the magic cookie is not sincornized anymore with the first person logged in the server.

    Like this:

    test logs in, performs sudo to application user…magic cookie sincronyzed..
    test2 logsi, performs sudo to application user…magic cookie sincronyzed to test2 user, but not for test user anymore.

    Is there anyone to configure an magic cookie to be persistent to all users, then all will have the same and this problem won’t happen again/

    Thanks

  2. MrSmith Post author

    For some reason I thought I replied to this. I would look into mkxauth. Otherwise I’ll do some research and get back to you.

  3. Tom

    Thanks – always appreciate when people post the solutions to common issue like this! 30 mins of pulling out hair, then 2 mins to fix after Googling the error and finding this page. Saved me a good chunk of time!

  4. Stephen

    Finally, someone who knows how to provide clear concise instructions that a dumb-ass like me can follow. Thank you :)

  5. Bart Brashers

    To make this happen automatically, according to this page, add a line to /etc/sudoers like so:


    Defaults env_keep += HOME

  6. Roadworrier

    Very much appreciated. Perfectly solved my issued. (Using SecureCRT not PuTTY this time.)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>