X11 connection rejected because of wrong authentication.

This is a nice one, while you’re configuring the ssh port forwarding to get your display from the source server onto destination server using SUDO.

In case you don’t know the oracle user’s password on the destination server, but you have sudo privilege, you’re going to do something like this:

On the source:
Change the X11Forwarding from NO to YES in the following file /etc/ssh/sshd_config

ssh server1 -X (using your local user)

On the destination server you get this:

/usr/bin/xauth: file /home/localuser/.Xauthority does not exist
 [localuser@server1 ~]$ ls -l /home/localuser/.Xauthority
 -rw-------. 1 localuser localuser 83 Jan 14 08:41 /home/localuser/.Xauthority
 [localuser@server1 ~]$ xclock

But now you would like to sudo as oracle user and you’ll get this:

[localuser@server1 ~]$ sudo su - oracle
 Last login: Mon Jan 14 03:09:02 UTC 2018
 [oracle@server1 ~]$ xclock
 Error: Can't open display:
 [oracle@server1 ~]$ export DISPLAY=localhost:10.0
 [oracle@server1 ~]$ xclock
 X11 connection rejected because of wrong authentication.
 Error: Can't open display: localhost:10.0
 [oracle@server1 ~]$ exit

One of the solutions would be this:

The reason for not being able to open the display is because on the user oracle we don’t have the same .Xauthority file. So we’re going to add it:

localuser@server1 ~]$ xauth list
 server1/unix:10 MIT-MAGIC-COOKIE-1 0ee9eda295cad0ba2913f8d9df5c61d
-- as oracle user do this:
oracle@server1 ~]$ xauth add server1/unix:10 MIT-MAGIC-COOKIE-1 0ee9eda295cad0ba2913f8d9df5c61d

Problem solved.

Leave Comment

Your email address will not be published. Required fields are marked *