Version 14 (modified by mitty, 9 years ago) (diff)


X11Forwarding with another user

  • My Cup of Tea / X Forwarding and sudo

    The reason for this is that:

    X authentication is based on cookies — secret little pieces of random data that only you and the X server know… So, you need to let the other user in on what your cookie is (

    me@localbox:~$ ssh -X remotebox
    me@remotebox:~$ chmod 644 .Xauthority
    me@remotebox:~$ su - otheruser
    otheruser@remotebox:~$ export DISPLAY=localhost:10.0
    otheruser@remotebox:~$ export XAUTHORITY=/home/me/.Xauthority
    • sudo する場合は「chmod 644 .Xauthority」は必要ない(rootからは必ず読めるため)

disable certain users to login with ssh

  • /etc/pam.d/sshd
    @@ -15,7 +15,7 @@
     # Uncomment and edit /etc/security/access.conf if you need to set complex
     # access limits that are hard to express in sshd_config.
    -# account  required
    +account  required
     # Standard Un*x authorization.
     @include common-account
  • /etc/security/access.conf

avoid sshd brute force

Cluster SSH