Sunday 20 October 2013

X Forwarding with SSH - Magic-Cookie problem

Hey there,

I've mentioned in one of my last posts, that it is possible to forward X via SSH. In my case I'm connecting from my Mac OS X client to my Rasperry PI running Kali Linux. I'm using the X forwarding feature of ssh to start tools that would need X on my Raspberry Pi, but the window will pop up in Mac OS X, as long as X11 is started on my Mac. If this was too confusing, you can just read this, and I think you will get it ;-)

I've just got one problem when doing this: When I log into Kali Linux I'm using an unprivileged account, let's say the account name is alice. The problem is that some tools need root-privileges, like Wireshark (of course you can also run tcpdump, but Wireshark is just an example). If I switch to the root account via su, the X forwarding for the application I want to start is not working anymore:

root@kali:~# wireshark
(wireshark:2810): Gtk-WARNING **: cannot open display: localhost:11.0

I'm getting this error because when the ssh connection is initiated a file called .Xauthority is created in the home directory of alice. This file contains a "session cookie" called Magic-Cookie. When I want to start now the application as root, the content of this file is not available to the root account, so I have to copy the .Xauthority file to the home folder of the root account:

# su -
# cp /home/alice/.Xauthoriy /root/

Then the Magic-Cookie will also be available for the root account and now wireshark can be started. If it is still not working you should check the environment variable DISPLAY. The DISPLAY variable of alice needs to be the same as in the root account.

To automate this task, I've created the file .bash_profile in the root directory:

# touch /root/.bash_profile
# vim /root/.bash_profile

and added the following content:

# cp /home/alice/.Xauthoriy /root/

Now everytime when I change to the root account the .Xauthority will be copied in the home folder of the root account and the X forwaring feature is still working.

If you have better/other solutions for this problem, feel free to leave a comment.
Cheers.