login about faq

Step-by-Step instructions for configuring an alternative location for .Xauthority file to enable X11 forwarding for users without a home directory

asked Dec 23 '10 at 06:32

Alan%20-%20Tectia%20Support's gravatar image

Alan - Tectia Support ♦
236335


In Tectia 4.x:

  • Create a custom SSHRC file into /etc/ssh2 directory from where it is read by the server before executing user's shell. The SSHRC file sets the required xauth cookies manually and uses /tmp/xxx_ as the Xauthority file instead of the default ~/.Xauthority
[xtesting@turkey xtesting]$ cat /etc/ssh2/sshrc 
if read proto cookie; 
 then 
    echo "add $DISPLAY $proto $cookie" | /usr/X11R6/bin/xauth -q -f /tmp/xxx_$USER -;
    echo "add `echo $DISPLAY | sed 's/:/\/unix:/'` $proto $cookie" | /usr/X11R6/bin/xauth -q -f /tmp/xxx_$USER -;
fi
  • Add exporting of the XAUTHORITY environment variable to /etc/profile to have the correct Xauthority file read:
[xtesting@turkey xtesting]$ grep XAUTHORITY /etc/profile
export XAUTHORITY=/tmp/xxx_$USER
  • Once logged in, check that the XAUTHORITY and DISPLAY env variables are set and that the cookie can be read by the xauth:
[xtesting@turkey xtesting]$ echo $XAUTHORITY
/tmp/xxx_xtesting

[xtesting@turkey xtesting]$ echo $DISPLAY
turkey.tsu-lab.hel.fi.ssh.com:11.0

[xtesting@turkey xtesting]$ xauth
Using authority file /tmp/xxx_xtesting
xauth> list
turkey.tsu-lab.hel.fi.ssh.com:10  MIT-MAGIC-COOKIE-1  5ed3fc2c6cf83b32a283edb2515f9a8f
turkey.tsu-lab.hel.fi.ssh.com/unix:10  MIT-MAGIC-COOKIE-1  5ed3fc2c6cf83b32a283edb2515f9a8f
link

answered Dec 23 '10 at 06:34

Alan%20-%20Tectia%20Support's gravatar image

Alan - Tectia Support ♦
236335

edited Dec 23 '10 at 18:20

SSH%20KB's gravatar image

SSH KB ♦
509249246237

For Tectia Server versions 5.x and 6.x:

  • Create a wrapper script for xauth, where you set the XAUTHORITY to be under /var/tmp before running xauth. This example is for Solaris, the paths need to be modified for other platforms:
bash-3.00# ls -l /etc/ssh2/xauth-wrapper.sh 
-rwxr-xr-x   1 root     root         371 Nov 19 21:13 /etc/ssh2/xauth-wrapper.sh
bash-3.00# cat /etc/ssh2/xauth-wrapper.sh 
#!/bin/sh

XAUTH=/usr/openwin/bin/xauth
PATH=$PATH:/usr/bin:/usr/local/bin:/usr/ucb ; export PATH 
HOME=/var/tmp/.Xauthority-"`whoami`"
export HOME
XAUTHORITY=$HOME/Xauthority
export XAUTHORITY

( umask 077 && mkdir -p $HOME && chown "`whoami`" $HOME ) && $XAUTH "$@"
chmod 700 "$HOME"
chmod 600 "$XAUTHORITY"
# End of xauth-wrapper.sh
  • Configure the Tectia SSH Server to use the wrapper script instead of regular xauth:
bash-3.00# grep xauth ssh-server-config.xml
      xauth-path="/etc/ssh2/xauth-wrapper.sh" />
bash-3.00# 
  • Add exporting of the XAUTHORITY environment variable to /etc/profile to have the correct Xauthority file read:
bash-3.00# grep XAUTHORITY /etc/profile
export XAUTHORITY=/var/tmp/.Xauthority-$LOGNAME/Xauthority
  • Restart the SSH server to take the new configuration in use
link

answered Dec 23 '10 at 18:35

SSH%20KB's gravatar image

SSH KB ♦
509249246237

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×5
×4
×2

Asked: Dec 23 '10 at 06:32

Seen: 9,572 times

Last updated: Apr 01 '11 at 00:22

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.