Timothy Murphy
2013-Nov-25 01:08 UTC
[CentOS] X11 connection rejected because of wrong authentication
I'd like to run SELinux on my CentOS server in enforcing mode, but I get the above message when I run sealert. I assume this is because I am accessing the server from my laptop? In any case, I googled for the message, and this threw up dozens of similar queries over many years. Most of the ones I read offered methods of avoiding the problem rather than solving it. Am I right in thinking the message arises from my remote connection? And if so, is there a simple solution? -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland
James Hogarth
2013-Nov-25 09:15 UTC
[CentOS] X11 connection rejected because of wrong authentication
On 25 November 2013 01:08, Timothy Murphy <gayleard at eircom.net> wrote:> I'd like to run SELinux on my CentOS server in enforcing mode, > but I get the above message when I run sealert. > I assume this is because I am accessing the server from my laptop? > > In any case, I googled for the message, > and this threw up dozens of similar queries over many years. > Most of the ones I read offered methods of avoiding the problem > rather than solving it. > > Am I right in thinking the message arises from my remote connection? > And if so, is there a simple solution? >Too little information at present to tell. Does it work if the system is in permissive? Did you ever have the system in disabled and then switched to permissive/enforcing? Do you have xauth installed? 9 times out of 10 with this message it's just that there is no (or incorrect) .Xauthority so the X server rightfully denies the untrusted connection.
James B. Byrne
2013-Nov-25 13:50 UTC
[CentOS] X11 connection rejected because of wrong authentication
On Sun, November 24, 2013 20:08, Timothy Murphy wrote:> I'd like to run SELinux on my CentOS server in enforcing mode, > but I get the above message when I run sealert. > I assume this is because I am accessing the server from my laptop? > > In any case, I googled for the message, > and this threw up dozens of similar queries over many years. > Most of the ones I read offered methods of avoiding the problem > rather than solving it. > > Am I right in thinking the message arises from my remote connection?Yes. It arises from your ssh connection. You are probably using the -Y or -X option with xauth.> And if so, is there a simple solution?Perhaps. The error you have is caused by one of two things: 1. incorrect SELinux settings on the ~/.Xauthority file or your home directory. Run restorcon -vR ~ to fix those. 2. incorrect ownership or permissions on ~/.Xauthority. The second condition can also be triggered by logging in via ssh as one user and su -l to another on the remote host. In my case I find that the second circumstance is the most frequent cause of the exact error you report. HTH -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Maybe Matching Threads
- SELinux is preventing /bin/ps from search access
- SELinux is preventing /usr/bin/chcon "mac_admin" access
- setroubleshoot
- [Bug 1718] New: Spurious messages "X11 connection rejected because of wrong authentication."
- Digest Subcriber needs help with SELinux file context setting