MobaXterm X11 proxy: Authorisation not recognised

Learn how to resolve Authorisation not recognized error while using xterm in Linux

xclock error

Error :

Sometimes your users complain they can’t use GUI via X server from Linux box (in this case mobaXterm). They are receiving their display authorization is not recognized. An error like below –

appuser@kerneltalks@ xclock
MobaXterm X11 proxy: Authorisation not recognised
Error: Can't open display: localhost:10.0

Sometimes these errors show up when you switch user from the root account or any other account.

Quick Solution:

Login directly with user on which you want to use xclock

appuser needs to log in directly on the server and you won’t see this issue. Most of the time it arises once you su to appuser from root or different users.

Read further if you have to switch user and then use x-term.

appuser need to add its entry to authorization. This entry will be the last entry in .Xauthority file in a home directory of the previous user with which you have logged in the server in the first place. Let’s say its root in our case. i.e. we logged in as root and then su to appuser

root@kerneltalks # xauth -f .Xauthority list |tail -1
kerneltalks/unix:10 MIT-MAGIC-COOKIE-1 df22dfc7df88b60f0653198cc85f543c

appuser@kerneltalks $ xauth add kerneltalks/unix:10 MIT-MAGIC-COOKIE-1 df22dfc7df88b60f0653198cc85f543c

So here we got values from root home directory file and then we added it in using xauth in currently su user i.e. appuser

and you are good to go!

Bit of an explanation :

This error occurs since your ID doesn’t have the authorization to connect to the X server.  Let’s walk through how to resolve this error. List out authorization entries for displays using xauth list

appuser@kerneltalks $ xauth list
kerneltalks/unix:12  MIT-MAGIC-COOKIE-1  60c402df81f68e721qwe531d1c99c1eb
kerneltalks/unix:11  MIT-MAGIC-COOKIE-1  ad81da801d778fqwe6aea383635be27d
kerneltalks/unix:10  MIT-MAGIC-COOKIE-1  0bd591485031d0ae670475g46db1b8b9

The output shows entries column wise –

  1. Display name
  2. Protocol name (MIT-MAGIC-COOKIE-1 referred to single period)
  3. hexkey

If you have many sessions and you are on test/dev environment and you are the only one using your system you can remove all the above entries using xauth remove to make sure you have a clean slate and getting only your session cookie. Or, you can save this output for reference. Log in again, try  xclock and new the entry will be generated. Compare the latest output with the older one and get your new entry filtered out. Or as mentioned above in a quick solution it will be last entry in .Xauthority file in a home directory of appuser. You can not read  .Xauthority file like text file so you have to use xauth -f command to view its content.

Logout from all sessions. Login again with the app user and run xclock once. This will generate a new session cookie token which you can see in xauth list .

appuser@kerneltalks $ xauth list
kerneltalks/unix:10  MIT-MAGIC-COOKIE-1  df22dfc7df88b60f0653198cc85f543c

Now, grab this entry and add authorization using below command –

appuser@kerneltalks $ xauth add APCSFIOGWDV02/unix:10  MIT-MAGIC-COOKIE-1  df22dfc7df88b60f0653198cc85f543c

and that’s it. You xclock should work now!


Error :

You are seeing below error in mobaXterm

X11-forwarding  : ✘  (disabled or not supported by server)

Solution :

The best way to make sure you have all X11 stuff installed is to run the install package xclock. Additionally, you need to install xauth package as well.

Secondly, make sure you have X11Forwarding yes set in your /etc/ssh/sshd_config. If not then set and restart sshd daemon.

That’s all! Try re-logging to the server and it should work. You should see the below message after login using MobXterm.

 X11-forwarding  : ✔  (remote display is forwarded through SSH)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.