yes, but in a terminal window, or in a console, or during the boot, or? Have you looked at the log of ssh and sshd? try to increase the log level (DEBUG). I still do not know if ssh was really successful and you can log in with it. Also I would like to see the config of ssh and sshd, maybe something is not set correctly. There a lot of things to check and actually there is no info to work with.

I'm SSHing from a terminal in XFCE. Both machines are logged into XFCE desktops.
I've attached sshd_config and ssh_config though I've made no changes to ssh_config and use the -X option to forward X. I'm not sure how to start the server with debugging on and where to look for the information it gives.

Attached Files

	ssh_config.txt (1.6 KB, 147 views)
	sshd_config.txt (2.4 KB, 154 views)

You can set the log by adding this to the config (both sides):
LogLevel DEBUG
Gives the verbosity level that is used when logging messages from ssh(1). The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and
DEBUG3. The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of verbose output.

Well, xauth is being called as I see the following on my netbook when I connect:I'm not seeing anything else related to X in the output at either end apart from when trying to run xclock I receive the same error on the netbook of:

It turns out ifupdown was missing after an update, so re-installing it fixed this.

I had similar problem. Thanks for all the hints.

I had to add "X11UseLocalhost no" do sshd_config, which removed the error during ssh connection.
Then the problem with "Can't open display: ..." appeared despite the $DISPLAY variable was set properly, and netstat reported no port 6010.
I have found out that I had no 'lo' interface (only ethN) configured. Adding it allowed proper opening of port :6010 which was missing.

Maybe proper setting up / enabling / diabling INET6 addresses would also do the trick, but I'm fine with my solution

The X11 Forwarding is effected by disabling IP6 in the Network configuration and not removing all of the IP6 host references. If IP6 is active as in openSUSE 13.1, and you disable IP6, X11 no longer forwards. If your reactivate IP6 then it works again.

I believe you have to remove all references in Hostnames so that is can properly find the IP4 addresses properly when X11 checks.

I think that will solve almost all issues with X11 forwarding from several web sites that I have seen which at no time has this been discussed. Also if X11 has a setting which uses IP6 forwarding and you disable it, you may also need to turn that off so it defaults to IP4 use.

I hope this helps.

Normally, X doesn't support TCP connections (it usually lacks encrypted sessions, so the authentication is unprotected). It uses local domain sockets in /tmp/.X11-unix/<display number>.

Thus xhost+ does nothing special, except allow any other local user to connect to your X session. It doesn't do anything for remote connections.

sshd establishes its own authentication on the remote (sshd) side. That is where it uses "localhost" or the local host name for a network name. If you have "X11UseLocalHost no" then it will use the host name. If that host name isn't in the /etc/hosts file (or a DNS entry) then it will fail (no IP number available to use for forwarding). If you have "X11UseLocalHost yes", then it will use 127.0.0.1 for the IP number (which should work), followed by the 6000+"X11DisplayOffset" (for the first attempt. If error, it adds one and tries again).

The major advantage "localhost" has is that it helps prevent remote attacks - they must be local attacks instead.

Personally, I think sshd should use domain sockets instead - but that limits using a ssh connection from being a possible network collection point for multiple OTHER connections on the remote network.

1 members found this post helpful.

You will also get this message if you don't have X packages installed on the remote system. "ssh -v -X hostname" will mention something like "xauth not found". On RHEL6 (CentOS6, etc.), the only change required to fix this message is to 'yum groupinstall "X Window System"' on the remote system. There's probably a smaller set o packages that could be use to fulfil the requirements, but that's the easiest.

It should be in the package xorg-x11-xauth. That is the only thing in there, but it will pull in any X libraries that may be necessary.