Xauth/X11 ssh forwarding errors with .Xauthority file not writable

5

4

When logging in with ssh -Y remotehost I get the following error message:

/usr/bin/xauth: /home/hlovdal/.Xauthority not writable, changes will be ignored

And xclock and similar fails to start. There is nothing wrong with the permissions of the .Xauthority file despite the error message.

(hlovdal) remotehost:~>xclock
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
Error: Can't open display: localhost:10.0
(hlovdal) remotehost:~>ls -l /home/hlovdal/.Xauthority
-rw-------. 1 hlovdal hlovdal 70 Jul 25 23:30 /home/hlovdal/.Xauthority
(hlovdal) remotehost:~>

What might be the cause here?

(This is between my two laptops where I have shh-ed back and forth hundreds of times before.)

Update:

While debugging further, xauth again complained that it could not write to .Xauthority This does not make sense since the file is writable by my user, and out of curiously I ran strace to see exactly what it tried to do.

(hlovdal) remotehost:~>xauth list
xauth:  /home/hlovdal/.Xauthority not writable, changes will be ignored
(hlovdal) remotehost:~>strace -oout -f -s9000 xauth list
xauth:  error in locking authority file /home/hlovdal/.Xauthority
(hlovdal) remotehost:~>tail out
16634 brk(0xf03000)                     = 0xf03000
16634 brk(0)                            = 0xf03000
16634 rt_sigaction(SIGINT, {0x4050d0, [INT], SA_RESTORER|SA_RESTART, 0x3957035350}, {SIG_DFL, [], 0}, 8) = 0
16634 rt_sigaction(SIGTERM, {0x4050d0, [TERM], SA_RESTORER|SA_RESTART, 0x3957035350}, {SIG_DFL, [], 0}, 8) = 0
16634 rt_sigaction(SIGHUP, {0x4050d0, [HUP], SA_RESTORER|SA_RESTART, 0x3957035350}, {SIG_DFL, [], 0}, 8) = 0
16634 rt_sigaction(SIGPIPE, {0x4050d0, [PIPE], SA_RESTORER|SA_RESTART, 0x3957035350}, {SIG_DFL, [], 0}, 8) = 0
16634 stat("/home/hlovdal/.Xauthority-c", {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
16634 open("/home/hlovdal/.Xauthority-c", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EEXIST (File exists)
16634 write(2, "xauth:  error in locking authority file /home/hlovdal/.Xauthority\n", 66) = 66
16634 exit_group(1)                     = ?
(hlovdal) remotehost:~>ls -l .Xauthority*
-rw-------. 1 hlovdal hlovdal 70 Jul 25 23:30 .Xauthority
-rw-------. 2 hlovdal hlovdal  0 Jul 26 01:26 .Xauthority-c
-rw-------. 2 hlovdal hlovdal  0 Jul 26 01:26 .Xauthority-l
(hlovdal) remotehost:~>

This explains better why xauth fails since it fails to create .Xauthority-c. But removing those two probably stale files does not help, they are recreated on the next ssh login. syslog in remotehost contains the following related to the ssh login.

sshd[17551]: Accepted publickey for hlovdal from x.x.x.x port 36545 ssh2
sshd[17552]: fatal: mm_request_receive: read: Connection reset by peer
sshd[17551]: pam_unix(sshd:session): session opened for user hlovdal by (uid=0)

This mm_request_receive error message have never occured before, so I guess there is the clue for further debugging.

hlovdal

Posted 2011-07-26T00:45:42.230

Reputation: 2 760

Answers

1

This seems to be an already known issue reported at Redhat's bugzilla, so I'll "close" this question and continue reporting to that bug report.

hlovdal

Posted 2011-07-26T00:45:42.230

Reputation: 2 760

17

I had same issue after syncing my home folder on Ubuntu 12.04. I resolved it using following commands:

rm ~/.Xaut*

Then I logged out and re-logged in. Following warning arisen:

/usr/bin/xauth:  file /home/iranice/.Xauthority does not exist

After that, Linux created .Xauthority file automatically. I logged out and re-logged in and everything was OK.

S.M.Mousavi

Posted 2011-07-26T00:45:42.230

Reputation: 381

I started having the same message after upgrading Unbuntu 17.10 on a Azure VM. I don't quite remember if I started seeing that message right after the upgrade when I remotely logged in with Putty or after i installed xrdp, since I wanted to have a remote Desktop Connection from my Windows 7 machine. Anyways, your suggested solution fixed that. – Diego Tercero – 2017-12-07T10:08:34.837

This is what fixes raspberry pi to Ubuntu 12.04 connection for me, both in the home. – klausnrooster – 2014-03-22T21:22:06.967

1

For me I had this error :

/usr/bin/xauth: error in locking authority file /home/toto/.Xauthority

because my /home partition was full.

Freeing some space on this partition solved this issue.

The strace command: strace -oout -f -s9000 xauth list has been useful in identifying the problem.

Paul

Posted 2011-07-26T00:45:42.230

Reputation: 11

1

Might help to explain the command - I've taken a look at the strace manpage, but I don't get what the arguement -oout means. Explaining it would turn a good answer, into an awesome one.

– Journeyman Geek – 2013-10-17T08:52:35.217

0

The problem for me were SELinux permissions. They must be configured as follows:

chcon -Rv unconfined_u:object_r:xauth_home_t: s0 /PATH/.Xauthority

Diego Reyes

Posted 2011-07-26T00:45:42.230

Reputation: 1

3OPs problem was a known bug. What "The problem" are you speaking about? Please expand on your answer to include why this helps. – Ƭᴇcʜιᴇ007 – 2013-09-23T16:30:25.607

Asked: 2011-07-26T00:45:42.230

Viewed: 40 555 times

Active: 2018-06-14T10:45:50.463