X over SSH is a nice feature which allow the X traffic to be encrypted in the SSH tunnel.
Executing su / sudo will although break the X traffic and result in a error
X11 connection rejected because of wrong authentication.
X connection to localhost:10.0 broken (explicit kill or server shutdown).
The problem is that the MIT-MAGIC-COOKIE not will survive sudo/su
Here is a little trick to add the originating users MIT-MAGIC-COOKIE to the end user
# ssh -X <username>@<hostname> # xauth list
Output similar to:
<hostname>/unix:<display> MIT-MAGIC-COOKIE-1 <unique MIT-MAGIC-COOKIE key>
Copy output from xauth list (whole line), then sudo / su
As new user:
# xauth add <the output of the above xauth list> # export DISPLAY=<hostname>:<display>
Hostname & DISPLAY variable, which is also seen in the xauth list.
You might skip the EXPORT DISPLAY command if the DISPLAY variable is already configured correct.