2

Connecting from an Ubuntu 18.04 computer to a headless Lubuntu 18.04 computer using X11 forwarding. It works great for apps that don't require root privileges: lxterminal, leafpad, etc. I can run sudo commands in the forwarded lxterminal window just fine.

But, applications like synaptic-pkexec that would normally pop up the Authentication window and ask me to enter a password, fail, like so:

$ synaptic-pkexec
==== AUTHENTICATING FOR com.ubuntu.pkexec.synaptic ===
Authentication is required to run the Synaptic Package Manager
Authenticating as: [my realname],,, ([my username])
Password: 
polkit-agent-helper-1: error response to PolicyKit daemon: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie
==== AUTHENTICATION FAILED ===
Error executing command as another user: Not authorized

This incident has been reported.

I supplied the correct password.

Is there a setting in sshd-config that governs this? What must I change to get this to work?

Organic Marble
  • 24,696

2 Answers2

2

Suboptimal solution:

After sshing in with X11 forwarding, run

/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 &

After that, synaptic-pkexec works great, the Authentication box pops up on the client computer and accepts my password.

You have to kill the authentication agent process before exiting the ssh session or it hangs, though.

I got the tip from here: https://github.com/NixOS/nixpkgs/issues/18012 but there it states that you can start the authentication agent on the server. That part didn't work for me, I got an error:

Cannot register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: An authentication agent already exists for the given subject

So this works, but is a bit clumsy.

Hoping for a better answer.

Organic Marble
  • 24,696
0
sudo -E synaptic-pkexec

and

sudo --preserve-env=HOME synaptic-pkexec

both work for me.

elmicha
  • 9,960