X Windows port forwarding with sudo and ssh

Jephe Wu - http://linuxtechres.blogspot.com

Objective: use X Windows port forwarding with sudo and ssh
Background: user jephe needs to sudo as another application user, and use sudosh shell, after switching to user application user, needs to run X application. CentOS 5.5, sudosh, websphere application server running as user was1

Concepts: user jephe will need to ssh -X into websphere application server first, then run 'sudo -u was1 sudosh' to switch to user was1 and use sudosh. After that, jephe needs to startup Websphere application server with username and password.



Steps:

1. Refer to http://linuxtechres.blogspot.com/2008/12/use-sudosh-to-enable-server-auditing.html to install sudosh

2. ssh into websphere application server with -X from a client X windows Linux server

To turn on X forwarding over ssh, use the command line switch -X or write the following in your local ssh configuration file:


Host remote.host.name
    ForwardX11 yes
$ ssh -X jephe@appserver
$ env | grep DISPLAY
DISPLAY=localhost:10.0

3. use sudosh and configure DISPlAY variable for was1 user


$ sudo -u was1 sudosh
$ export DISPLAY=localhost:10.0
$ scp jephe@localhost:.Xauthority /home/was1/

note: If you need to run 'sudo application' as root user, you need to copy /home/jephe/.Xauthority to /root first and check the DISPLAY environment variable. 

or this way:

$ ssh -X jephe@appserver
$ env | grep DISPLAY
DISPLAY=localhost:10.0
$ xauth list
appserver.domain.com/unix:10  MIT-MAGIC-COOKIE-1  32characterstring


$ sudo -u was1 sudosh
$ export DISPLAY=localhost:10.0
$ xauth
xauth> add appserver.domain.com/unix:10 .  32characterstring(same as above)
xauth> exit
Writing authority file /home/was1/.Xauthority 
$ xterm (test it first) 



4. start up websphere application server

$ cd websphere_directory
$ ./stopServer.sh server1
it will prompt username and password in jephe's ssh client X windows Linux PC.

5. useful commands and references:

xhost +appserver.domain.com
xhost -appserver.domain.com
xhost +
xhost -
xauth -v

Remote X Apps mini howto - http://tldp.org/HOWTO/Remote-X-Apps-6.html