Can't Enable SSH X11 Forwarding

I am trying to get ssh X11 forwarding to work for administrating my server. Just plain ssh -X doesn’t work, so I edited /etc/ssh/ssh_config and /etc/ssh/sshd_config as follows:

sshd_config:


X11Forwarding yes

ssh_config:


ForwardX11 yes

I then restarted ssh and logged with ssh -X user@server. I tried running

$ xclock

and got

Error: Can't open display:

Any hints?

Hi
What X client are you running, else look at installing NX from
nomachine.com. It’s free, fast and uses ssh.


Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.0 x86 Kernel 2.6.25.18-0.2-default
up 1 day 19:20, 2 users, load average: 0.07, 0.10, 0.15
GPU GeForce 6600 TE/6200 TE - Driver Version: 177.80

Hi
Just noticed, you need to look at sshd_config and modify that and
restart sshd. ssh_config is for the client on the machine.


Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.0 x86 Kernel 2.6.25.18-0.2-default
up 1 day 19:27, 2 users, load average: 0.15, 0.08, 0.10
GPU GeForce 6600 TE/6200 TE - Driver Version: 177.80

As Malcolm points out, you have to modify sshd_config at the server end and restart the sshd daemon there. If you don’t have the rights to, bad luck. The sysadmin of the other end may have disallowed X forwarding.

I am sorry, I should have clarified. I made the both the above changes on both the client and server. I don’t think it’s my firewall because I can login fine with ssh. Also, after ssh -X ing into the server, the $DISPLAY variable is not set.

Run ssh with the -v option so that you can see the debug messages. Sometimes a program is missing at the other end like xauth missing will cause the X auth cookie to be not registered. Focus on solving the empty $DISPLAY variable.

Here is the output right after logging in with ssh -v -X

debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Requesting authentication agent forwarding.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8

And when trying to launch an X app:

# xclock
Error: Can't open display:

Maybe DISPLAY is one of the environment variables filtered out? Check for any settings that might block this.

Have you checked with netstat to see if a socket at port 6010 (usually) is opened for the X forwarding? What about the sshd logs at the other end, are there any messages about X forwarding being denied? Is the other end running something like selinux or apparmor that would block that?

If there is a open X forwarding port, can you manually set DISPLAY to localhost:10 and run an X app (10 = 6010 - 6000)?

What is the other end? Another SUSE machine? An OS that perhaps doesn’t have all the X libraries installed? A non-Linux machine?

You’re going to have to do quite a bit of detective work at the server end.

Maybe DISPLAY is one of the environment variables filtered out? Check for any settings that might block this.

To be honest, I don’t know what to look for.

Have you checked with netstat to see if a socket at port 6010 (usually) is opened for the X forwarding? What about the sshd logs at the other end, are there any messages about X forwarding being denied? Is the other end running something like selinux or apparmor that would block that?

Netstat shows nothing on port 6010. No selinux or AppArmor, but here’s from the logfiles:

Nov  3 17:33:56 remoteServer sshd[15840]: Server listening on :: port 22.
Nov  3 17:33:56 remoteServer sshd[15840]: Server listening on 0.0.0.0 port 22.
Nov  3 17:34:10 remoteServer sshd[15841]: Accepted keyboard-interactive/pam for zak from 71.117.39.128 port 52404 ssh2
Nov  3 17:34:11 remoteServer sshd[15844]: error: Failed to allocate internet-domain X11 displaysocket.

Are there some hints there?

What is the other end? Another SUSE machine? An OS that perhaps doesn’t have all the X libraries installed? A non-Linux machine?

openSUSE 11.0 on both ends. Both are up to date, and have the X libraries installed (KDE on the local, GNOME on the remote).

You’re going to have to do quite a bit of detective work at the server end.

Yes sir. :slight_smile:

I believe this is the problem:

error: Failed to allocate internet-domain X11 display socket.

from /var/log/messages.

But googling the error turns up nothing but Solaris posts. It appears that somthing was wrong with Sun’s version os ssh. But I am using OpenSSH from the Yast repositories; nothing unusual at all! What is going on here?

Found the solution here:https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/136947

Apparently my lo was not being assigned an ip address. I just ran ifconfig lo up and it works like a charm (even without editing sshd_config!). Why is my lo not being brought up at boot though?

Oh well. At least this part is working.

Interesting. Thanks for reporting back. Hope I remember this oddity next time I encounter it.

Very odd, I can assure you. By the way, I can’t figure out how to mark this thread (or any thread) as SOLVED. If someone could let me know I’d appreciate it!

sudo zypper install xorg-x11-xauth

I had the same problem, getting ‘error: Failed to allocate internet-domain X11 display socket’ in /var/log/messages. I enabled IPv6 using yast and this resolved my problem. I can now launch X apps using X11 forwarding.

Hope this helps.

Hi,

I also had troubles forwarding X11 to my Windows 7 host running the Xming X-Server:


tail /var/log/messages
error: Failed to allocate internet-domain X11 display socket.

I solved the problem by adding this to /etc/ssh/sshd_config


AddressFamily inet

Now everything is fine and my PuTTY sets automatically the DISPLAY variable for me.

I hope this can help.

That worked for me too. Thx for the info

Same here. I had ipV6 Disabled. Enabling it fixed x11 forwarding… anyone run into a reason openSuSE may be having issues with X11 forwarding with IPv6 disabled?

I finally decided to explore X11 forwarding and was able to get it working on 11.4.

Hanapurna’s tip on editing sshd_config did the trick for me. Thanks!

I just wanted to add that enabling IPv6 did the trick for me as well. Thanks, I was tearing my hair out.