Re: gparted

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, 7 Jun 2025 at 20:05, Patrick Dupre via users <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
After ssh -X on a remote machine
If I tried to run

sudo gparted
I get
X11 connection rejected because of wrong authentication.

while I can sudo on this machine.

This isn't parted specific, you'll see similar behaviour from things like gnome-terminal and other windowing applications.

There are a bunch of things around propagating/copying SSH_AUTH_SOCK, MIT-MAGIC-COOKIE (as Marco alludes) that can help work through/around this.

See these articles for more info:

https://www.baeldung.com/linux/ssh-agent-forwarding-sudo-another-user
https://www.simplified.guide/ssh/x11-forwarding-as-root

1. Check how your 'local' machine is configured:

$ set | grep SSH
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
$ ssh-add -l
256 SHA256:XXXxxxxXXXXXXXXX user@host 2025-05-07 (ED25519)

2. Connect to a 'remote' machine (it's the same system but essentially SSH treats it as a new machine):

$ ssh -X localhost
$ set | grep SSH
SSH_CLIENT='::1 33410 22'
SSH_CONNECTION='::1 33410 ::1 22'
SSH_TTY=/dev/pts/3

Note there's no SSH_AUTH_SOCK set.

If you just 'sudo' then none of those local SSH environment variables are inherited in the root shell:

$ sudo gparted
X11 connection rejected because of wrong authentication.

(gpartedbin:132496): Gtk-WARNING **: 23:15:05.136: cannot open display: localhost:10.0

If you 'sudo -Es' that should work (unless some defaults have been messed with):

$ sudo -Es gparted
X11 connection rejected because of wrong authentication.

(gpartedbin:132690): dbind-WARNING **: 23:19:48.688: Could not open X display
GParted 1.7.0
configuration --enable-libparted-dmraid
libparted 3.6

There's a warning, but gparted runs.

Note that neither sudo -Es nor xauth appear to allow root to run gnome-terminal (I was just testing a different application for completeness) but that's a Dbus thing and probably fixable.



 
-- 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux