How to troubleshoot failed X11 forwarding with ssh?

ssh x11 osx xauth
20,038

Solution 1

For me, it has previously helped to erase .Xauthority-files. You should probably back them up.

 mkdir ~/Xauth-old
 mv ~/.X* ~/Xauth-old/

Further, in ~/.ssh/config you can avoid some other woes with authentication using

ForwardX11Trusted yes

Reasoning to be found here.

Solution 2

Try steps here: http://www.cyberciti.biz/faq/x11-connection-rejected-because-of-wrong-authentication/

It might be ~/.Xauthority ownership or /etc/ssh/sshd_config problem. You also can check $ tail /var/log/messages

Solution 3

Adding this line to /etc/ssh/sshd_config fixed it for me:

X11UseLocalhost yes

Solution 4

Please some Unix expert, correct me if I am incorrect:

This is particularly difficult because most of the answers do not clearly explain what side of the connection you are supposed to change.

For this example:

Host A is running X (this is sometimes confusing because it is a display server)

Host B is running sshd (the secure shell server)

The confusion starts if the instructions say "on the server, do x" so in this example we call them host-a and host-b

You are trying at the command line in Host A and you are trying to 

user1@host-a:~$ ssh -v -X user2@host-b

You must configure the ssh daemon on host-b

Edit your /etc/ssh/sshd_config on host-b Add

AddressFamily inet
X11Forwarding yes

Restart sshd on host-b

sudo restart ssh

This should be working now

To test, try:

user1@host-a:~$ ssh -v -X user2@host-b

Again, this time echo $DISPLAY should show the DISPLAY value and xterm should create a xterm on host-a

Share:
20,038

Related videos on Youtube

kjo
Author by

kjo

Updated on September 18, 2022

Comments

  • kjo
    kjo over 1 year

    When I try to establish an X11-forwarding connection to myserver, I get the following error:

    % ssh -X myserver xlogo
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
Error: Can't open display: localhost:10.0
%

    (I get the same error if I use -Y instead of -X. Either way, I never see the xlogo window.)

    If I use the same command to connect to a different server it works fine (i.e. the xlogo window pops up, as expected), so I suspect the problem is with myserver (and not with my local configuration).

    Also, if instead I use

    % ssh -X myserver

    the connection succeeds, and I get logged in to myserver. If then I run xlogo, I get the same error as shown above.

    BTW, the local ssh client/X11 server is an Ubuntu laptop, and the remote ssh server/X11 client is a workstation running OS X Lion.

    I've also run ssh -vvvX myserver xlogo, but the copious output is not very meaningful to me, and I'm not able to diagnose the problem from it. (FWIW, I've copied this output below.)

    How can I troubleshoot this problem further?

    % ssh -vvvX myserver xlogo
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /home/yrstruly/.ssh/config
debug1: /home/yrstruly/.ssh/config line 19: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to myserver [10.0.140.33] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/yrstruly/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/yrstruly/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/yrstruly/.ssh/id_rsa-cert type -1
debug1: identity file /home/yrstruly/.ssh/id_dsa type -1
debug1: identity file /home/yrstruly/.ssh/id_dsa-cert type -1
debug1: identity file /home/yrstruly/.ssh/id_ecdsa type -1
debug1: identity file /home/yrstruly/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.6
debug1: match: OpenSSH_5.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "myserver" from file "/home/yrstruly/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/yrstruly/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 129/256
debug2: bits set: 521/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 3b:5b:22:9e:e4:d1:12:7a:b9:6e:1a:e6:25:6d:b8:0e
debug3: load_hostkeys: loading entries for host "myserver" from file "/home/yrstruly/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/yrstruly/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "10.0.140.33" from file "/home/yrstruly/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/yrstruly/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'myserver' is known and matches the RSA host key.
debug1: Found key in /home/yrstruly/.ssh/known_hosts:3
debug2: bits set: 511/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/yrstruly/.ssh/id_rsa (0xb7a97898)
debug2: key: yrstruly@mylaptop (0xb7a991c8)
debug2: key: yrstruly@mylaptop (0xb7a99398)
debug2: key: /home/yrstruly/.ssh/id_dsa ((nil))
debug2: key: /home/yrstruly/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/yrstruly/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp 0e:d0:ba:5c:c1:39:a9:c7:7b:c4:b7:11:87:33:b7:d7
debug3: sign_and_send_pubkey: RSA 0e:d0:ba:5c:c1:39:a9:c7:7b:c4:b7:11:87:33:b7:d7
debug1: Authentication succeeded (publickey).
Authenticated to myserver ([10.0.140.33]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug2: callback start
debug2: x11_get_proto: /usr/bin/xauth -f /tmp/ssh-gMzJTOiJ3041/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null
debug2: x11_get_proto: /usr/bin/xauth -f /tmp/ssh-gMzJTOiJ3041/xauthfile list :0.0 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 1
debug2: client_session2_setup: id 0
debug2: fd 3 setting TCP_NODELAY
debug1: Sending environment.
debug3: Ignored env PWD
debug3: Ignored env DISPLAY
debug3: Ignored env TERM
debug3: Ignored env TERMCAP
debug3: Ignored env COLUMNS
debug3: Ignored env EMACS
debug3: Ignored env INSIDE_EMACS
debug3: Ignored env _
debug3: Ignored env VENV_DIR
debug3: Ignored env VIRTUALENVWRAPPER_LOG_DIR
debug3: Ignored env VIRTUALENVWRAPPER_HOOK_DIR
debug3: Ignored env WORKON_HOME
debug3: Ignored env VIRTUALENVWRAPPER_PROJECT_FILENAME
debug3: Ignored env RSYNC_GLOBAL_INCLUDES
debug3: Ignored env RSYNC_GLOBAL_EXCLUDES
debug3: Ignored env RSYNC_PARTIAL_DIR
debug3: Ignored env RSYNC_DIR
debug3: Ignored env CVSEDITOR
debug3: Ignored env EDITOR
debug3: Ignored env GIT_PAGER
debug3: Ignored env LESS
debug3: Ignored env PAGER
debug3: Ignored env PERL_RL
debug3: Ignored env HISTCONTROL
debug3: Ignored env HISTFILESIZE
debug3: Ignored env HISTFILE
debug3: Ignored env SAVEHIST
debug3: Ignored env HISTSIZE
debug3: Ignored env LSCOLORS
debug3: Ignored env perld
debug1: Sending env LC_ALL = en_US.utf8
debug2: channel 0: request env confirm 0
debug3: Ignored env LANGUAGE
debug3: Ignored env ZSHVARDIR
debug3: Ignored env ZDOTDIROS
debug3: Ignored env ZDOTDIRLOCAL
debug3: Ignored env ZDOTDIR
debug3: Ignored env OLDPWD
debug3: Ignored env SHLVL
debug3: Ignored env GPG_AGENT_INFO
debug3: Ignored env XDG_SESSION_PATH
debug3: Ignored env USER
debug3: Ignored env HOME
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env PATH
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env WINDOWID
debug3: Ignored env XDG_SESSION_COOKIE
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env UBUNTU_MENUPROXY
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env GNOME_DESKTOP_SESSION_ID
debug3: Ignored env GNOME_KEYRING_CONTROL
debug3: Ignored env GDMSESSION
debug3: Ignored env DEFAULTS_PATH
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env COLORTERM
debug3: Ignored env XAUTHORITY
debug3: Ignored env GNOME_KEYRING_PID
debug3: Ignored env MANDATORY_PATH
debug3: Ignored env LOGNAME
debug1: Sending env LANG = en_US.utf8
debug2: channel 0: request env confirm 0
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env XDG_SEAT_PATH
debug3: Ignored env SHELL
debug3: Ignored env WINDOW
debug3: Ignored env STY
debug3: Ignored env LD_LIBRARY_PATH
debug1: Sending command: xlogo
debug2: channel 0: request exec confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: X11 forwarding request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 51763
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: X11 connection uses different authentication protocol.
X11 connection rejected because of wrong authentication.
debug2: X11 rejected 1 i0/o0
debug2: channel 1: read failed
debug2: channel 1: close_read
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug2: channel 1: input drain -> closed
debug2: channel 1: write failed
debug2: channel 1: close_write
debug2: channel 1: output open -> closed
debug2: X11 closed 1 i3/o3
debug2: channel 1: send close
debug2: channel 1: rcvd close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: x11, nchannels 2
debug3: channel 1: status: The following connections are open:
  #0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
  #1 x11 (t7 r3 i3/0 o3/0 fd 7/7 cc -1)

debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 51764
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: X11 connection uses different authentication protocol.
X11 connection rejected because of wrong authentication.
debug2: X11 rejected 1 i0/o0
debug2: channel 1: read failed
debug2: channel 1: close_read
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug2: channel 1: input drain -> closed
debug2: channel 1: write failed
debug2: channel 1: close_write
debug2: channel 1: output open -> closed
debug2: X11 closed 1 i3/o3
debug2: channel 1: send close
debug2: channel 1: rcvd close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: x11, nchannels 2
debug3: channel 1: status: The following connections are open:
  #0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
  #1 x11 (t7 r3 i3/0 o3/0 fd 7/7 cc -1)

debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 51765
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: X11 connection uses different authentication protocol.
X11 connection rejected because of wrong authentication.
debug2: X11 rejected 1 i0/o0
debug2: channel 1: read failed
debug2: channel 1: close_read
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug2: channel 1: input drain -> closed
debug2: channel 1: write failed
debug2: channel 1: close_write
debug2: channel 1: output open -> closed
debug2: X11 closed 1 i3/o3
debug2: channel 1: send close
debug2: channel 1: rcvd close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: x11, nchannels 2
debug3: channel 1: status: The following connections are open:
  #0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
  #1 x11 (t7 r3 i3/0 o3/0 fd 7/7 cc -1)

debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 51766
debug2: fd 7 setting O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 1: new [x11]
debug1: confirm x11
debug2: X11 connection uses different authentication protocol.
X11 connection rejected because of wrong authentication.
debug2: X11 rejected 1 i0/o0
debug2: channel 1: read failed
debug2: channel 1: close_read
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug2: channel 1: input drain -> closed
debug2: channel 1: write failed
debug2: channel 1: close_write
debug2: channel 1: output open -> closed
debug2: X11 closed 1 i3/o3
debug2: channel 1: send close
debug2: channel 1: rcvd close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: x11, nchannels 2
debug3: channel 1: status: The following connections are open:
  #0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
  #1 x11 (t7 r3 i3/0 o3/0 fd 7/7 cc -1)

debug2: channel 0: rcvd ext data 42
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: obuf_empty delayed efd 6/(42)
Error: Can't open display: localhost:10.0
debug2: channel 0: written 42 to efd 6
debug3: channel 0: will not send data after close
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

Transferred: sent 3152, received 2728 bytes, in 0.4 seconds
Bytes per second: sent 8679.2, received 7511.7
debug1: Exit status 1
  • Mathieu CAROFF
    Mathieu CAROFF about 4 years
    <3 Tysm. This worked for me trying to connect from a WSL to a debian 10 (buster) running on AWS. Note: (maybe?) remember to run sudo systemctl restart ssh.service
  • jeremiah
    jeremiah over 3 years
    Reasoning URL 404's
  • Jan
    Jan over 3 years
    @jeremiah, tends to happen after close to a decade :-)
  • Jan
    Jan over 3 years
    @jeremiah - fixed link to web.archive version

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

XAUTHORITY environment variable set repeatedly on every login
Trying to open a GUI from a remote server using Mac but not successfully
No xauth data; using fake authentication. Unable to display remote windows
X11 forwarding and .Xauthority file
.Xauthority file is empty
How to run Google Chrome or Chromium on a remote ssh session?
SSH X11 forwarding does not work. Why?
why won't x11 display work through ssh login?
Error `No protocol specified` when running from remote machine via ssh
Can not connect remotly with X11 and SSH? err: Can't open display, What's wrong?