How to use X11-Forwarding in SSH as root or sudo user
X11-Forwarding allows you to run graphical program on the remote host and tunnel the display back to your local machine.
If you're connecting to remote SSH server for system administration work, chances are you'll be running programs using sudo or su to switch to other user such as root. You will likely get Can't open display and maybe X11 connection rejected because of wrong authentication error when running GUI program in SSH via sudo or su.
$ sudo xclock [sudo] password for user: X11 connection rejected because of wrong authentication. Error: Can't open display: localhost:10.0
This is because SSH X11-Forwarding requires authorization for connecting to the X server which is stored in ~/.Xauthority file and with the correct value for DISPLAY environment variable.
Steps to use SSH X11-Forwarding for sudo or su:
- Make sure you're already able to run graphical program via SSH X tunneling as normal user.
Related: How to run GUI application via SSH
- Connect to SSH server with X11-Forwarding enabled.
~$ ssh -X remote-host [email protected]'s password: Welcome to Ubuntu 20.10 (GNU/Linux 5.8.0-26-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage 0 updates can be installed immediately. 0 of these updates are security updates. Last login: Sun Nov 1 21:17:13 2020 from 192.168.111.27
- Get X authorization entry for current display.
$ xauth list $DISPLAY host/unix:10 MIT-MAGIC-COOKIE-1 742d024faeb3d29a15ff06f1b8c3b21e
This info is stored in ~/.Xauthority file.
$ cat ~/.Xauthority host10MIT-MAGIC-COOKIE-1t-O��Қ��ò
- Get DISPLAY environment variable value.
$ echo $DISPLAY localhost:10.0
- Switch to root or other user using sudo and/or su
$ sudo su - [sudo] password for user: [email protected]:~#
- Generate ~/.Xauthority file using xauth command.
# xauth add host/unix:10 MIT-MAGIC-COOKIE-1 742d024faeb3d29a15ff06f1b8c3b21e
- Check .Xauthority file to confirm.
# cat ~/.Xauthority host10MIT-MAGIC-COOKIE-1t-O��Қ��ò
- Export DISPLAY environment variable value for current user.
# export DISPLAY=localhost:10.0
- Run X program
# xclock
Cloud architect by profession but always consider himself as a developer, entrepreneur and an opensource enthusiast.
Comment anonymously. Login not required.
