I know the risk, I know there is ssh -X, etc etc. What I want is to be able from one remote machine (X client) to connect to my local machine (X server) on a user (cookie) basis.
I understood that any session using my cookie in ~/.Xauthority will be able to connect to my X server (got it from this). So, this is the scenario:
local machine (X server):
$ xauth nlist
<a bunch of numbers>
$ xauth nextract xauth-extracted :0
$ cat xauth-extracted | ssh user@<X client IP> xauth nmerge -
remote machine (X client):
$ xauth nlist
<2 bunches of numbers, the second one is identical to the one from my X server machine>
$ export DISPLAY=<X server IP>:0
$ xeyes
No protocol specified
Error: Can't open display: <X server IP>:0
On the X server machine, as soon as I allow my X client IP host $ xhost +<X client IP> and run xeyes again, it opens fine on the X server. But I don't want to allow it to all users, only to the one that is holding my xauth cookie. What am I doing wrong?
EDIT: I realized that extracting the :0 and merging into the other host and then listing the cookies gives me:
$ xauth list
<X server hostname>/unix:1 MIT-MAGIC-COOKIE-1 <hex key - the same as my X server hex key>
I don't know for sure what that /unix there means (unix socket I read somewhere) but that seems to have something to do with it.
To kinda make it works, on the X client I opened X connections to any host with xhost + and from the X server I ran xauth generate <X server IP>:0 .. That connected to the X server and downloaded not the cookie but a related (?) cookie, and now when I list the cookies it says:
$ xauth list
<X server hostname>:0 MIT-MAGIC-COOKIE-1 <another hex key>
An now it "works" but:
- After some minutes it stops working again
- If, from the same machine, I xauth generate a cookie for another user, the first one stops working
When they stop working they say:
$ xclock
Invalid MIT-MAGIC-COOKIE-1 keyError: Can't open display: <X server IP>:0
Can anyone point me to a good resource regarding xauth?
