Learn how to resolve Authorisation not recognized error while using xterm in Linux
Error :
Sometimes your users complain they can’t use GUI via X server from Linux box (in this case mobaXterm). They are receiving their display authorization is not recognized. An error like below –
appuser@kerneltalks@ xclock
MobaXterm X11 proxy: Authorisation not recognised
Error: Can't open display: localhost:10.0
Sometimes these errors show up when you switch user from the root account or any other account.
Quick Solution:
Login directly with user on which you want to use xclock
appuser needs to log in directly on the server and you won’t see this issue. Most of the time it arises once you su to appuser from root or different users.
Read further if you have to switch user and then use x-term.
appuser need to add its entry to authorization. This entry will be the last entry in .Xauthority file in a home directory of the previous user with which you have logged in the server in the first place. Let’s say its root in our case. i.e. we logged in as root and then su to appuser
root@kerneltalks # xauth -f .Xauthority list |tail -1
kerneltalks/unix:10 MIT-MAGIC-COOKIE-1 df22dfc7df88b60f0653198cc85f543c
appuser@kerneltalks $ xauth add kerneltalks/unix:10 MIT-MAGIC-COOKIE-1 df22dfc7df88b60f0653198cc85f543c
So here we got values from root home directory file and then we added it in using xauth in currently su user i.e. appuser
and you are good to go!
Bit of an explanation :
This error occurs since your ID doesn’t have the authorization to connect to the X server. Let’s walk through how to resolve this error. List out authorization entries for displays using xauth list
appuser@kerneltalks $ xauth list
kerneltalks/unix:12 MIT-MAGIC-COOKIE-1 60c402df81f68e721qwe531d1c99c1eb
kerneltalks/unix:11 MIT-MAGIC-COOKIE-1 ad81da801d778fqwe6aea383635be27d
kerneltalks/unix:10 MIT-MAGIC-COOKIE-1 0bd591485031d0ae670475g46db1b8b9
The output shows entries column wise –
- Display name
- Protocol name (MIT-MAGIC-COOKIE-1 referred to single period)
- hexkey
If you have many sessions and you are on test/dev environment and you are the only one using your system you can remove all the above entries using xauth remove to make sure you have a clean slate and getting only your session cookie. Or, you can save this output for reference. Log in again, try xclock and new the entry will be generated. Compare the latest output with the older one and get your new entry filtered out. Or as mentioned above in a quick solution it will be last entry in .Xauthority file in a home directory of appuser. You can not read .Xauthority file like text file so you have to use xauth -f command to view its content.
Logout from all sessions. Login again with the app user and run xclock once. This will generate a new session cookie token which you can see in xauth list .
appuser@kerneltalks $ xauth list
kerneltalks/unix:10 MIT-MAGIC-COOKIE-1 df22dfc7df88b60f0653198cc85f543c
Now, grab this entry and add authorization using below command –
appuser@kerneltalks $ xauth add APCSFIOGWDV02/unix:10 MIT-MAGIC-COOKIE-1 df22dfc7df88b60f0653198cc85f543c
and that’s it. You xclock should work now!
Error :
You are seeing below error in mobaXterm
X11-forwarding : ✘ (disabled or not supported by server)
Solution :
The best way to make sure you have all X11 stuff installed is to run the install package xclock. Additionally, you need to install xauth package as well.
Secondly, make sure you have X11Forwarding yes set in your /etc/ssh/sshd_config. If not then set and restart sshd daemon.
That’s all! Try re-logging to the server and it should work. You should see the below message after login using MobXterm.
X11-forwarding : ✔ (remote display is forwarded through SSH)