A solution for X11 forwarding on AFP OS X clients
Apr 14, '06 04:57:00AM • Contributed by: Anonymous
Apr 14, '06 04:57:00AM • Contributed by: Anonymous
When ssh'ing into an OS X client as a user whose home directory is mounted on an AFP server, the following errors can occur. First, during the login process:
Afterwards, the user's shell environment needs to be updated to point X to the proper file to obtains it authority data. The following are the changes I made to my clients to get X11 forwarding working on these machines:
/usr/X11R6/bin/xauth: error in locking authority file ~/.XAuthority
Second, if one tries to start an X11 application, the following error occurs:
X11 connection rejected because of wrong authentication.
X connection to localhost:10.0 broken (explicit kill or server shutdown).
The problem seems to be that xauth cannot update the .Xauthority file when the ssh session starts up, rendering the user unable to authenticate to the X server connected to their ssh session. A workaround to this problem is to have xauth write the session authnetication cookie info to a file on the local disk, not in the AFP-mounted home directory. One needs to create an /etc/sshrc file to do this.Afterwards, the user's shell environment needs to be updated to point X to the proper file to obtains it authority data. The following are the changes I made to my clients to get X11 forwarding working on these machines:
#########################################################
# /etc/sshrc
# Set up the local file in which to store the .Xauthority information:
export XAUTHORITY=/tmp/.Xauthority.$USER
# Now create and write the magic cookie information:
if read proto cookie && [ -n "$DISPLAY" ]; then
if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
# X11UseLocalhost=yes
echo add unix:`echo $DISPLAY |
cut -c11-` $proto $cookie
else
# X11UseLocalhost=no
echo add $DISPLAY $proto $cookie
fi | /usr/X11R6/bin/xauth -q -
fi
#########################################################
The user needs to have the proper .Xauthority file location set up when their shell starts up. The users in my group have bash as their default shell, and the additions to their ~/.bashrc script needed to set up X11 correctly are as follows:
###########################################################
# ~/.bashrc X11 configuration
if [[ -z $DISPLAY ]]; then
# DISPLAY is not set, so check to see what X display is owned
# by the current user and set DISPLAY to this value:
X11_FOLDER=/tmp/.X11-unix
currentUser=`id -u`
bb=`ls -ln $X11_FOLDER | grep $currentUser`
bbb=${bb/*X/:}
usedDISPLAY=$bbb.0
export DISPLAY=$usedDISPLAY
else
# DISPLAY is set, so we assume remote user login via
# ssh and set the XAUTHORITY variable to point to
# proper file.
export XAUTHORITY=/tmp/.Xauthority.$USER
fi
###########################################################
With these changes, ssh users should be able to use X11 programs.
•
[16,806 views]
