Learn how to resolve Authorisation not recognized error while using xterm in Linux
Sometimes your users complain they can’t use GUI via X server from Linux box (in this case mobaXterm). They are receiving their display authorization is not recognized. An error like below –
appuser@kerneltalks@ xclock MobaXterm X11 proxy: Authorisation not recognised Error: Can't open display: localhost:10.0
Sometimes these errors show up when you switch user from the root account or any other account.
Login directly with user on which you want to use xclock
appuser needs to log in directly on the server and you won’t see this issue. Most of the time it arises once you su to
appuser from root or different users.
Read further if you have to switch user and then use x-term.
appuser need to add its entry to authorization. This entry will be the last entry in
.Xauthority file in a home directory of the previous user with which you have logged in the server in the first place. Let’s say its
root in our case. i.e. we logged in as
root and then su to
root@kerneltalks # xauth -f .Xauthority list |tail -1 kerneltalks/unix:10 MIT-MAGIC-COOKIE-1 df22dfc7df88b60f0653198cc85f543c appuser@kerneltalks $ xauth add kerneltalks/unix:10 MIT-MAGIC-COOKIE-1 df22dfc7df88b60f0653198cc85f543c
So here we got values from root home directory file and then we added it in using xauth in currently su user i.e.
and you are good to go!
Bit of an explanation :
This error occurs since your ID doesn’t have the authorization to connect to the X server. Let’s walk through how to resolve this error. List out authorization entries for displays using
appuser@kerneltalks $ xauth list kerneltalks/unix:12 MIT-MAGIC-COOKIE-1 60c402df81f68e721qwe531d1c99c1eb kerneltalks/unix:11 MIT-MAGIC-COOKIE-1 ad81da801d778fqwe6aea383635be27d kerneltalks/unix:10 MIT-MAGIC-COOKIE-1 0bd591485031d0ae670475g46db1b8b9
The output shows entries column wise –
- Display name
- Protocol name (MIT-MAGIC-COOKIE-1 referred to single period)
If you have many sessions and you are on test/dev environment and you are the only one using your system you can remove all the above entries using xauth remove to make sure you have a clean slate and getting only your session cookie. Or, you can save this output for reference. Log in again, try
xclock and new the entry will be generated. Compare the latest output with the older one and get your new entry filtered out. Or as mentioned above in a quick solution it will be last entry in
.Xauthority file in a home directory of
appuser. You can not read
.Xauthority file like text file so you have to use
xauth -f command to view its content.
Logout from all sessions. Login again with the app user and run
xclock once. This will generate a new session cookie token which you can see in
xauth list .
appuser@kerneltalks $ xauth list kerneltalks/unix:10 MIT-MAGIC-COOKIE-1 df22dfc7df88b60f0653198cc85f543c
Now, grab this entry and add authorization using below command –
appuser@kerneltalks $ xauth add APCSFIOGWDV02/unix:10 MIT-MAGIC-COOKIE-1 df22dfc7df88b60f0653198cc85f543c
and that’s it. You
xclock should work now!
You are seeing below error in mobaXterm
X11-forwarding : ✘ (disabled or not supported by server)
The best way to make sure you have all X11 stuff installed is to run the install package
xclock. Additionally, you need to install
xauth package as well.
Secondly, make sure you have
X11Forwarding yes set in your
/etc/ssh/sshd_config. If not then set and restart sshd daemon.
That’s all! Try re-logging to the server and it should work. You should see the below message after login using MobXterm.
X11-forwarding : ✔ (remote display is forwarded through SSH)