SSH / permissions problem

Phil Meyer pmeyer at
Tue Jul 13 17:37:21 UTC 2010

On 07/13/2010 09:49 AM, Gary Stainburn wrote:
> Hi folks,
> This seems like de ja vu, but I can't find anything in the archives.
> I've got F13 on my laptop, and also on a new virtual server.
> I've copied my home directory from my old server to my new one and then tried
> to ssh to the new server.  However, I have a problem
> If I ssh to root on the new server everything is fine, but if I ssh to my user
> I get errors and X forwarding doesn't work.
> Can anyone suggest things for me to look at / try.
> Gary
> [gary at dcomp5 ~]$ ssh -Y -C lcomp3 -l root
> root at lcomp3's password:
> Last login: Tue Jul 13 16:04:20 2010 from
> [root at lcomp3 ~]# kcalc
> [root at lcomp3 ~]# logout
> [gary at dcomp5 ~]$ ssh -Y -C lcomp3
> gary at lcomp3's password:
> Last login: Tue Jul 13 15:55:16 2010 from
> /usr/bin/xauth:  timeout in locking authority file /home/gary/.Xauthority
> [gary at lcomp3 ~]$ kcalc
> X11 connection rejected because of wrong authentication.
> kcalc: cannot connect to X server localhost:11.0
> [gary at lcomp3 ~]$

When you copy over a .ssh directory, there are at least two things to 

1. permissions.
     $ scp -rp .ssh <target_host>:

2. do you really want your private key on the target system?  Probably 
all you wanted was to be able to login with ssh key authentication.  To 
do that, you should run:
    $ ssh-copy-id <target_host>:

If you allow your private key to reside on other systems, then that key 
can be used against you quite easily.  If only the public key is exposed 
in authorized_keys, your account is as secure as it can be.

Rule of thumb is: never expose a private key on a host with direct 
internet access, like a web server.  Use only one private key on your 
desktop, and use ssh-copy-id to set up public keys for any remote ssh 

If you want access to those servers from another system, like a laptop, 
generate a new private key on the laptop and use ssh-copy-id again to 
enable ssh access to the other systems.

Good Luck!

More information about the users mailing list