SOLVED -- Re: X11 display forwarding

From: nobody@xxxxxxx (Kevin the Drummer)
Date: 19 Apr 2006 16:29:15 GMT

Kevin the Drummer <nobody@xxxxxxx> wrote:

I'm having a bit of trouble with X11 display forwarding. This started
when I upgraded to OpenSSH 4.3p1. I've read the FAQ and I know about
the usual problem when upgrading involving ForwardX11Trusted. This is
how I have my config's set:

/etc/ssh/ssh_config: ForwardAgent yes
/etc/ssh/ssh_config: ForwardX11 yes
/etc/ssh/ssh_config: ForwardX11Trusted yes

/etc/ssh/sshd_config: X11Forwarding yes
/etc/ssh/sshd_config: X11UseLocalhost no

The error message I get is:

X11 connection rejected because of wrong authentication.
X connection to myfirewall.mydom.com:11.1 broken \
(explicit kill or server shutdown).

I launch apps in one of two ways.

ssh myfirewall.mydom.com -f 'ssh otherhost.mydom.com xterm'

or

ssh myfirewall.mydom.com -f xterm

[snip]

For what it's worth, all this worked just fine with OpenSSH
3.7.1p2 for a long time. This also worked with OpenSSH 4.3p1 for
about a week, which *might* have been how long it was until I
finally rebooted myfirewall.mydom.com.

I found the problem. I'm not sure why this is, but I now need to
set "X11UseLocalhost yes" in sshd_config. A *long* time ago I
got used to setting this to "no", otherwise X forwarding wouldn't
work. Now for the first time I'm required to set it to "yes".
I found the answer by trial and error with all of the relevant
parameters in sshd_config. Everything seems to be working again,
including stuff like this:

ssh myfirewall.mydom.com -f 'ssh otherhost.mydom.com xterm'

I hope this helps someone....
--
PLEASE post a SUMMARY of the answer(s) to your question(s)!
Show Windows & Gates to the exit door.
Unless otherwise noted, the statements herein reflect my personal
opinions and not those of any organization with which I may be affiliated.
.

References:
- X11 display forwarding
  - From: Kevin the Drummer

Prev by Date: How restrict network login on AIX for everything BUT SSH? (RLOGIN=FALSE & loginrestrictions question)
Next by Date: Re: SSH'ing between machines with private IPs
Previous by thread: Re: X11 display forwarding
Next by thread: BIG BIG PROBLEM OPENSSH PUBLIC KEY AUTH NOT WORKING
Index(es):
- Date
- Thread

Relevant Pages

Re: Message Text Missing
... (Microsoft Office Compatibility Checker) ... Author of Microsoft Outlook 2007 Programming: ... since upgrading users to 2007, the form's functionality works as always but ... When forwarding the e-mail form, select option for that e-mail back to HTML ...
(microsoft.public.outlook.program_forms)
Openssh 3.7.1 HPUX 11.x - X11 forwarding broken or misconfigured?
... I upgraded an HPUX box's OpenSSH from a patched 3.0.x (where forwarding ... X11 forwarding turned on in sshd_config: ... Any ventured guesses on whether the null DISPLAY is working-as-designed? ... Are there other configurables I could be looking at? ...
(comp.security.ssh)
Re: Portable openssh.
... >>What´s the difference between openssh from RedHat and from www.openssh.org? ... nothing quite like upgrading sshd over an SSH session and blowing away ... init scripts seem to only kill the master daemon, not the client session ...
(comp.os.linux.networking)
Re: Portable openssh.
... >>What´s the difference between openssh from RedHat and from www.openssh.org? ... nothing quite like upgrading sshd over an SSH session and blowing away ... init scripts seem to only kill the master daemon, not the client session ...
(comp.os.linux)
Re: Portable openssh.
... >>What´s the difference between openssh from RedHat and from www.openssh.org? ... nothing quite like upgrading sshd over an SSH session and blowing away ... init scripts seem to only kill the master daemon, not the client session ...
(comp.os.linux.security)