How can I prevent the warning No xauth data; using fake authentication data for X11 forwarding?

ssh x11

170,523

Solution 1

Found the cause, my ~/.ssh/config was incomplete, you need both:

Host *
    ForwardAgent yes
    ForwardX11 yes

My mistake was that I included only the ForwardX11 option.

Solution 2

None of the posted solutions worked for me. My client (desktop) system is running macOS 10.12.5 (Sierra). I added -v to the options for the ssh command and it told me,

debug1: No xauth program.

which means it doesn't have a correct path to the xauth program. (On this version of macOS the path to xauth is nonstandard.) The solution was to add this line to /etc/ssh/ssh_config (may be /etc/ssh/config in some setups) or in ~/.ssh/config (if you don't have admin rights):

XAuthLocation /opt/X11/bin/xauth

Now the warning message is gone.

Solution 3

Letting Ubuntu bash on Windows 10 run `ssh -X` to get a GUI environment on a remote server

First

Install all the following. On Window, install Xming. On Ubuntu bash, use sudo apt install to install ssh xauth xorg.

sudo apt install ssh xauth xorg

Second

Go to the folder contains ssh_config file, mine is /etc/ssh.

Third

Edit ssh_config as administrator(USE sudo). Inside ssh_config, remove the hash # in the lines ForwardAgent, ForwardX11, ForwardX11Trusted, and set the corresponding arguments to yes.

# /etc/ssh/ssh_config
Host *
    ForwardAgent yes
    ForwardX11 yes
    ForwardX11Trusted yes

Forth

In ssh_config file, remove the front hash # before Port 22 and Protocol 2, and also append a new line at the end of the file to state the xauth file location, XauthLocation /usr/bin/xauth, remember write your own path of xauth file.

# /etc/ssh/ssh_config
#   IdentifyFile ...
    Port 22
    Protocol 2
#   Cipher 3des
#   ...
#   ...
    ...
    ...
    GSSAPIDelegateCredentials no
    XauthLocation /usr/bin/xauth

Fifth

Now since we are done editing ssh_config file, save it when we leave the editor. Now go to folder ~ or $HOME, append export DISPLAY=localhost:0 to your .bashrc file and save it.

# ~/.bashrc
...
...
export DISPLAY=localhost:0

Last

We are almost done. Restart your bash shell, open your Xming program and use ssh -X [email protected]. Then enjoy the GUI environment.

ssh -X [email protected]

The problem is also in Ubuntu subsystem on Windows, and the link is at

https://gist.github.com/DestinyOne/f236f71b9cdecd349507dfe90ebae776

Note: the linked text includes 2 typos (XauthLocaion instead of XauthLocation)

Solution 4

As noted, it seems that xauth on OS X Yosemite has regressed to an old version that doesn't work with XQuartz's $DISPLAY setting:

% xauth -V
1.0.9
% xauth generate $DISPLAY .
xauth: (argv):1:  bad display name "/private/tmp/com.apple.launchd(...)/org.macosforge.xquartz:0" in "add" command

Solution 5

I would add this as a comment, but I don't have enough rep. Adding one more line to sorin's solution worked for me.

On the client machine, edit your ssh config file with vim ~/.ssh/config

Then add these lines to it:

Host *
    ForwardAgent yes
    ForwardX11 yes
    XAuthLocation /opt/X11/bin/xauth

You can double check your xauth location with:

which xauth

View more solutions

170,523

sorin

Another geek still trying to decipher the meaning of “42”. It seems that amount his main interest are: online communities of practice and the way they evolve in time product design, simplicity in design and accessibility productivity and the way the IT solutions are impacting it

Updated on September 18, 2022

Comments

sorin 3 months
Every time I initiate an ssh connection from my Mac to a Linux (Debian) I do get this warning:
```
No xauth data; using fake authentication data for X11 forwarding.
```
This also happens for tools that are using ssh, like git or mercurial.

I just want to make a local change to my system in order to prevent this from appearing.

Note: I do have X11 server (XQuartz 2.7.3 (xorg-server 1.12.4)) on my Mac OS X (10.8.1) and it is working properly, I can successfully start clock locally or remotely.
- DerfK over 10 years
  
  What command are you using to ssh?
- sorin over 10 years
  
  @DerfK just ssh hostname but in my ~/.ssh/config I added ForwardX11 yes some time ago. Still this is something that I do want to have there.
- SDsolar over 5 years
  
  Using Ubuntu 16.04 LTS (August 2017) I give up. Bottom line is that even though it gives the error, it works. I use ssh -Y hostname from Linux, and ssh -x hostname when using OpenSSH on Windows.
sorin almost 7 years

I tested the same lines on OS X 10.11, and I do not get any error. Still same version of XQuartz.
sorin almost 7 years

I doubt this would solve the error in GUI OS X apps, like SourceTree.
Mark Mullin about 6 years

Confirming it does work on Sierra for running emacs using X - as the Mac is the server. this should work broadly in cases where the client is on a remote machine
jagan jackson over 5 years

I can confirm this is an answer on Mac OS Sierra 10.12.4. Removing ~/.Xauthority on SSH server does the trick: ~$ mv ~/.Xauthority ~/.Xauthority.bak A new magic cookie was automatically put back in ~/.Xauthority once I logged in again. No Bash scripting is required at all.
Demitri over 5 years

OMG. Years I’ve been trying to find a solution, and this worked. Years I say! Note that I did this by adding that line under the Host * entry in my ~/.ssh/config file instead of editing /etc/ssh/ssh_config. The only documentation I found for this was in man sshd_config.
AlanObject over 5 years

This worked for me as well. I understand that at the moment XQuartz is not being well maintained due to lack of funding. So I think porting issues like this are actually fewer than I would expect.
Aaron Hudon over 5 years

That does not sound right, what helps is to actually turn off X11 forwarding or fix the xauth configuration to set it up. It is not related to ssh agents.
DestinyOne over 5 years

On MacOS it is almost the same, the differences are instead of Xming, we should get XQuartz, and the ssh_config file is in a different location, mine is /private/etc/ssh.
DestinyOne over 5 years

And also, the last line for ssh_config will be: XAuthLocation /opt/X11/bin/xauth
echristopherson almost 5 years

Edit needed: XauthLocaion -> XauthLocation (that edit is too small for me to make).
Eponymous almost 5 years

Besides installing xming, ssh,xauth, and xorg (step 1), the only thing needed for me was export DISPLAY=localhost:0
MarcH over 4 years

Note you may experience this issue even when your shell can find xauth in your PATH! I guess the ssh client is sanitizing your PATH for security reasons?
Tony B over 4 years

Thanks. This helped me quite a bit. My mistake was so simple. The other directions I read way back for windows said to use DISPLAY=:0, but your advice to add localhost fixed my issue.
David M. Karr almost 4 years

This solution didn't work for me. I'm using Cygwin on Win7. Adding "XAuthLocation /usr/bin/xauth", either under the "Host *" entry, or before that line, in ~/.ssh/config , made no difference.
David M. Karr almost 4 years

This solution did not work for me.
sorin almost 4 years

Not sure if this would really work because xauth location would be different on each remote machine. Yours looks like a MacOS one, but Linux has it in different location. I mostly started to disable ForwardX11 completly because I almost never user it.
Nathan over 3 years

@DavidM.Karr It's not working for me, either. I'm using "terminal" on Ubuntu 16.04. Did you find a solution, Mr. Karr?
Max Coplan over 3 years

Is this ~/.ssh/config on the macOS client or the Linux server? I have these files on neither. I do have a similar /etc/ssh/sshd_config
clearlight about 3 years

@sorin maybe he updated the question because he explains how to find the right location in the answer. BTW: This works for me!
thoni56 about 3 years

This is the correct solution to the real problem in the question. Obviously you can turn the message of by disabling the X11 forwarding, but this is probably not what you want to do. You would have X11 forwarding on in your ssh config for a reason...
Tropilio over 2 years

This is the only one that worked for me! I'd just like to add that the command didn't work at first try for me, I was getting a .../.Xauthority does not exist error. To fix it I simply had to create an empty file using touch .Xauthority in my home folder, and then re-run the above xauth command again.
Irfy over 2 years

I did have an existing ~/.Xauthority file from tinkering around trying to find the solution, thanks for letting me know it's essential!
Vladislav Ivanishin over 2 years

Setting DISPLAY=localhost:0 saved me (e.g. I do DISPLAY=localhost:0 ssh -X host). I don't really dig what is happening here, but it was the missing piece for me. I am connecting from WSL to an Ubuntu server. There was no need for this dance for connecting from Arch to Arch.
심희수 over 2 years

This isn't just OS X specific - running xauth generate :0 made the warning disappear on my WSL/Debian client.
beOn about 2 years

On Mac OS, I also had to add "XAuthLocation /opt/X11/bin/xauth"
nelsonspbr almost 2 years

I also had issues to connect from a MacOS to a Linux box. In my case I also had to install xauth on the remote host. It was a CentOS box, so yum -y install xauth did the trick.
fchen 10 months

My cause was different. This solved my problem: stackoverflow.com/a/44100171/1139559
fchen 10 months

xauth add :0 . mcookie (From: stackoverflow.com/a/44100171/1139559)
Timo 9 months

@sandyscott I use wsl2 with Debian and wanted the linux gui apps on windows 11, but I probably made the mistake to use debian instead of ubuntu. So maybe wsl --update was the bad guy. Now I want to revert to not get the warning the OP has which is annoying.