On Sat, 7 Jun 2025 at 20:05, Patrick Dupre via users < users@lists.fedoraproject.org> wrote:
> After ssh -X on a remote machine > If I tried to run > > sudo gparted > I get > X11 connection rejected because of wrong authentication. > > while I can sudo on this machine. > This isn't parted specific, you'll see similar behaviour from things like gnome-terminal and other windowing applications. There are a bunch of things around propagating/copying SSH_AUTH_SOCK, MIT-MAGIC-COOKIE (as Marco alludes) that can help work through/around this. See these articles for more info: https://www.baeldung.com/linux/ssh-agent-forwarding-sudo-another-user https://www.simplified.guide/ssh/x11-forwarding-as-root 1. Check how your 'local' machine is configured: $ set | grep SSH SSH_AUTH_SOCK=/run/user/1000/keyring/ssh $ ssh-add -l 256 SHA256:XXXxxxxXXXXXXXXX user@host 2025-05-07 (ED25519) 2. Connect to a 'remote' machine (it's the same system but essentially SSH treats it as a new machine): $ ssh -X localhost $ set | grep SSH SSH_CLIENT='::1 33410 22' SSH_CONNECTION='::1 33410 ::1 22' SSH_TTY=/dev/pts/3 Note there's no SSH_AUTH_SOCK set. If you just 'sudo' then none of those local SSH environment variables are inherited in the root shell: $ sudo gparted X11 connection rejected because of wrong authentication. (gpartedbin:132496): Gtk-WARNING **: 23:15:05.136: cannot open display: localhost:10.0 If you 'sudo -Es' that should work (unless some defaults have been messed with): $ sudo -Es gparted X11 connection rejected because of wrong authentication. (gpartedbin:132690): dbind-WARNING **: 23:19:48.688: Could not open X display GParted 1.7.0 configuration --enable-libparted-dmraid libparted 3.6 There's a warning, but gparted runs. Note that neither sudo -Es nor xauth appear to allow root to run gnome-terminal (I was just testing a different application for completeness) but that's a Dbus thing and probably fixable.
-- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
