Centos 7 - X11 forwarding
 

I've read quite a few articles on this now and I still don't seem to be able to do this so am hoping someone can tell me where I am going wrong...

Background:-
Centos v7 running in a VM
Cygwin installed on the desktop (fresh install)

I have amended the sshd_config on the VM to :-
X11Forwarding yes
X11UseLocalhost no
Disabled selinux and restarted the sshd daemon.

Within cygwin before making the connection I set:-
export DISPLAY=:0
Then run startxwin

Within Xwin.exe I run the following and get the error:-
$ ssh -XY root@192.168.246.130
root@192.168.247.131's password:
X11 forwarding request failed on channel 0
Last login: Tue Jun 2 20:40:44 2015 from 192.168.246.10

Is it something I'm missing?
I'll admit X11 is a weak area for me.

X11UseLocalhost no

Should be yes - not because it is wrong, but because it is just a little bit better security (it prevents other hosts from making connections to your X server via the external IP number and port).

SELinux will not affect how sshd works for forwarding; and it provides a lot better security.

The "export DISPLAY=:0" should not be used... It may or may not be correct, as starting Xwin.exe should define what the display is... But I don't have Xwin to check that - so it may depend on how Xwin uses that.

Now, on the server, you still need to include the package "xauth". This is because of how sshd works with X forwarding. The sshd server creates a port (prefereably localhost:6010, or whatever the offset is specified - and is identified in the user environment as "DISPLAY=10:0"). Sshd also generates an authorization key that is local to the server and uses xauth to enter it into the users .Xauthority file.

Note: By default the xauth package isn't installed... And this may be the primary reason things don't work.

Thanks for the reply, sorry I forgot to mention I installed that package although I haven't configured anything on it:-

[root@wibble etc]# xauth
xauth: file /root/.Xauthority does not exist
Using authority file /root/.Xauthority
xauth>

So I don't need to set the $DISPLAY variable within cygwin, do I need to set it on the VM to the IP of my desktop? As I have tried that too:-

[root@wibble etc]# grep -i display /etc/ssh/sshd_config
#X11DisplayOffset 10

[root@wibble etc]# echo $DISPLAY
192.168.246.10:0

A quick google tells me netstat has been deprecated and I should be using ss instead, however when I try that I don't see the results I expect:-

[root@wibble etc]# ss | grep -i xauth
[root@wibble etc]# ss | grep -i sshd
[root@wibble etc]# ss | grep -i 22
u_str ESTAB 0 0 * 15924 * 15922
u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 16123 * 16122
u_str ESTAB 0 0 * 17922 * 17992
u_str ESTAB 0 0 /run/systemd/journal/stdout 17992 * 17922
u_str ESTAB 0 0 * 15922 * 15924
u_str ESTAB 0 0 * 16122 * 16123
[root@wibble etc]# ss | grep -i 6010
[root@wibble etc]#

You're making this MUCH more complicated than it needs to be. There is literally zero setup you have to do to get X11 forwarding working, other than installing an X server on your Windows box and setting DISPLAY on cygwin.

I just installed a CentOS 7 VM this morning, and I just installed an X server on my Windows 7 VM to test it, works fine.

On CentOS 7 - DO NOTHING. Don't change anything, don't modify your sshd_config, you don't need to touch it

On Windows - Install XMing, in Cygwin run "export DISPLAY=localhost:0", and then just "ssh -Y" over and run your X application.

So I'm getting there...

I rebooted the VM which re-enabled selinux, uncommented the following lines from sshd_config:-
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes

Restarted sshd.
Checked xauth was working.
Removed the $DISPLAY variable from the Centos host.

Restarted cygwin and exported $DISPLAY=localhost:0.0
I then ran startxwin and connected to the VM using ssh:-

$ ssh -Y root@192.168.246.130
root@192.168.247.131's password:
Last login: Tue Jun 2 21:36:59 2015 from 192.168.246.10
/usr/bin/xauth: file /root/.Xauthority does not exist

Then ran virt-manager and success the GUI window opened.
However all the text is [][][][][] while the icons look OK, the banner across the window states a connection failure.

What type of installation did you do on your CentOS machine? If you did a minimal or other CLI installation, you may still need to install some of the X libraries, fonts, etc. for your GUIs to work correctly.

That always happens at least the first time, and anytime after you delete the .Xauthority file. Though why you have changed the sshd service to allow root logins I don't understand. That is normally disabled.
That depends on xming... I believe you are missing some fonts. The connection failure may be due to not having the virtd service running to support VMs.

I changed the ssh access because it's a test VM (although I take your point about not allowing it in a production environment).

The install itself was a minimum server install, as I go along it appears to be missing quite a few packages.

Regardless I think I've fixed it by installing:- dejavu-lgc-sans-fonts.noarch

Thanks for you help!