System
xauth
Manage X server authentication credentials.
Additional Notes
xauth manages the .Xauthority file, which stores the authentication credentials (MIT-MAGIC-COOKIE-1 or other protocol entries) used to connect to X servers. The X server requires clients to present a matching cookie before allowing a connection, providing basic access control.
It is commonly used when forwarding X11 connections over SSH (where the cookie is automatically added and removed), when debugging "cannot open display" errors, or when manually setting up X11 access across a network. Each display on the system has a unique cookie stored in the user's .Xauthority file.
Syntax
xauth [options] [command [args]]
Commands
list: Show all entries in the authority file.add display protocol key: Add a new authentication entry.remove display: Remove an entry for a specific display.generate display: Generate a new cookie for a display.extract file display: Copy an entry to a file.merge file: Merge entries from a file into the authority file.info: Show the authority file name and status.
Parameters
options: Flags that change howxauthbehaves.target: Optional file, device, interface, user, service, or command target when the command supports one.
Common Options
-f file: Use an alternative authority file instead of~/.Xauthority.-i: Ignore authority file lock errors.-b: Break authority file locks.-q: Quiet mode (suppress warnings).
Examples
xauth list
List all X authentication entries.
xauth add :0 . 0123456789abcdef0123456789abcdef
Add a MIT-MAGIC-COOKIE-1 key for display :0.
xauth generate :0 .
Generate a new random cookie for display :0.
xauth extract - :0 | ssh remote xauth merge -
Copy the current display's cookie to a remote host over SSH.
xauth remove :0
Remove the authentication entry for :0.
Practical Notes
- The
.Xauthorityfile is typically owned by the user and readable only by the user. - SSH X11 forwarding (
ssh -X) automatically manages the cookie — do not manually modify it on forwarded connections. - If
xauth listshows no entries, the display may be untrusted or the file may not exist. - The cookie is a hexadecimal string; its length depends on the authentication protocol.
- The environment variable
XAUTHORITYoverrides the default.Xauthorityfile path.