I keep getting

Warning: No xauth data; using fake authentication data for X11 forwarding.

when ssh-ing from the ArchLinux machine to the remote X-server. Looks like it does not like .Xauthority file at my place, is it true ? If so how I can fix it ? No 'xauth' command in this distro

Thanks anyone who helps

First, terminology - the remote machine (the 'server') is running X client applications, it is your local machine which supplies the X server. The remote machine doesn't need an X server to be installed at all in order to run X applications.

Normally the authority cookie is so that X client applications can be authenticated on connection with the X server. On the local machine, this is easy, because the Xauthority file contains the cookie generated by the X server, and connections are made directly with the server.

However, on a remote machine via ssh, the X connection is being forwarded by sshd. In order to prevent arbitrary remote applications connecting to the forwarder, an authorization key on the remote machine is used. This is a 'fake' key in the sense that it was not generated by the X server. The remote X client application is not being authorized at the X server on the local machine using that key, it is only being authorized by the sshd forwarder.

This means that there isn't end-to-end authorization, so sshd is just warning you of that. Finding a method to remove that warning is going to mean that you are removing even the remote authorization, and opening up a larger security issue.

Great, thanks, neonsignal, for the clarification.

The problem may be a missing xauth utility (or it isn't in the expected location).

The .Xauthority file can be placed anywhere you have write access to. This is because when sshd receives a connection it uses the xauth utility to store a generated authorization key (normally, a non-privileged key, so that things like xhost+ won't work remotely, and remote screen lock doesn't work).

Normally the path is specified in the sshd_config file on the sshd server (XAuthLocation).

You can also TRY to set the xauthority location using ~/.ssh/environment file (see ssh manpage). The authority file is identified by the environment variable XAUTHORITY (see manpage on xauth). The default is supposed to be the users home directory ($HOME/.Xauthority), but some distributions change that (or a site will change it) to point to a tmpfs filesystem belonging to the user, that is dismounted when the user logs out (automatic deletion of various files).