[plug] X11 connection rejected with updated ssh

Craig Ringer craig at postnewspapers.com.au
Thu Sep 25 00:10:10 WST 2003


> rubber# ssh lycra
> robd at lycra's password:
> Last login: Wed Sep 24 23:13:32 2003 from rubber
> lycra# xterm  &        -- this  works
> lycra# su
> Password:
> [root at lycra ssh]# rpm -q openssh
> openssh-3.1p1-13
> [root at lycra]# xterm &
> [1] 1531
> [root at lycra robd]# X11 connection rejected because of wrong authentication.
> X connection to localhost:11.0 broken (explicit kill or server shutdown).

This should never have worked at all. Root doesn't by default have the 
xauth cookie for the X server, and you'd have to merge it yourself. "man 
xauth" is a good start.

> [root at lycra robd]#
> [root at lycra robd]# kppp
> X11 connection rejected because of wrong authentication.
> Gdk-ERROR **: X connection to localhost:11.0 broken (explicit kill or server shutdown).
> [root at lycra robd]#

You should not need to run kppp as root. Set the option "noauth" in 
/etc/ppp/peers/kppp (this is a priveleged option, see "man pppd", that 
tells pppd it need not require the remote server to authenticate, since 
most ISP's servers can't/wont anyway), then run it as a normal user. 
pppd is setuid root anyway, and so long as the right options are set in 
the appropriate peers file all should be well. You will also need to set 
'call kppp' in the KPPP options for each ISP, to make sure pppd uses the 
options you've configured.

Avoiding running kppp as root is probably a good idea for security 
reasons, and the natural "don't run it as root if you don't have to" reason.

Craig Ringer



_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug


More information about the plug mailing list