Me fue muy bien el post de Steven Edward sobre como mantener el forward de entorno gráfico X11 teniendo que hacer sudo. Os recomiendo que echeis un vistazo a su blog, aunque por desgracia hace tiempo que no hay contenido nuevo:

X11 forwarding is not working using PuTTY and ssh for users once you “become” them using SUDO. Here is the error message:

$ Xlib: connection to “xxx.xx.xx.xxx” refused by server
Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
Error: Can’t open display: xxx.xx.xx.xxx:xx.x

Below are the steps used to successfully transfer xauth information to another user (Oracle in this case)

  1. Enable X11 forwarding on your terminal application and login as you (as stated above), ‘chmod 644 .Xauthority’ (needs to be done every time service account needs access, it will reset when you log out)
  2. ‘become service account x’
  3. ‘xauth merge ~username/.Xauthority’ (needs to be done every time service account access is needed)

Once you get a copy of the .Xauthority file to /home/oracle it should work.

Ejecuté los pasos y lo conseguí sin problemas:

login as: user
Using keyboard-interactive authentication.
Password:
Last login: Tue Sep 14 12:58:20 2010 from user.domain.com
user@serverdb:~> echo $DISPLAY
localhost:11.0
user@serverdb:~> chmod 644 .Xauthority
user@serverdb:~> sudo su – oracle
oracle@serverdb:~> cat .Xauthority

&3eudevdb710MIT-MAGIC-COOKIE-1¥Ë¥É[+¥_;
serverdb11MIT-MAGIC-COOKIE-1§Þ©/¿ï
Ã]Ùضdoracle@serverdb:~>
oracle@serverdb:~>
oracle@serverdb:~>
oracle@serverdb:~> xauth merge /home/user/.Xauthority
oracle@serverdb:~> echo $DISPLAY

oracle@serverdb:~> export DISPLAY=localhost:11.0
oracle@serverdb:~> xclock

login as: asensada

Using keyboard-interactive authentication.

Password:

Last login: Tue Sep 14 12:58:20 2010 from bar-asensad-2xp.wks.tsh.thomson.com

asensada@pceudevdb7:~> echo $DISPLAY

localhost:11.0

asensada@pceudevdb7:~> cgmo

asensada@pceudevdb7:~> chmod 644 .Xauthority

asensada@pceudevdb7:~> sudo su – oracle

oracle@pceudevdb7:~> cat .Xauthority

&3eudevdb710MIT-MAGIC-COOKIE-1¥Ë¥É[+¥_;

pceudevdb711MIT-MAGIC-COOKIE-1§Þ©/¿ï

Ã]Ùضdoracle@pceudevdb7:~>

oracle@pceudevdb7:~>

oracle@pceudevdb7:~>

oracle@pceudevdb7:~> xauth merge /home/asensada/.Xauthority

oracle@pceudevdb7:~> echo $DISPLAY

oracle@pceudevdb7:~> export DISPLAY=localhost:11.0

oracle@pceudevdb7:~> xclock

oracle@pceudevdb7:~>

oracle@pceudevdb7:~> owm

Done.

oracle@pceudevdb7:~>

oracle@pceudevdb7:~>