I have been trying to get X11 port forwarding to work from my laptop. I can't figure out why it won't work.
I get this message when I try to run xterm:
X11 connection rejected because of wrong authentication.
xterm Xt error: Can't open display: localhost:10.0
I don't know if this is related or not, but when I login, I get this message:
/usr/bin/xauth: timeout in locking authority file /home/sphillips/.Xauthority
I have wondered if the problem is that my local user on my laptop is skp and the username on this server is sphillips. I have been able to get X11 forwarding to work with my other computers that use the same skp login.
Also, the X11 port forwarding works from a Windows machine using Xming and Putty to the same server. I have to manually configure the DISPLAY variable to the IP address and display 0.0, but it works.
I have run an xhost + on my machine with the attempt to try to bypass any security issues. That still didn't work.
On the server, I check the configuration:
$ sudo grep X11Forwarding /etc/ssh/sshd_config
#X11Forwarding no
X11Forwarding yes
# X11Forwarding no
And on my machine as well:
$ sudo grep X11Forwarding /etc/ssh/sshd_config
[sudo] password for skp:
#X11Forwarding no
X11Forwarding yes
# X11Forwarding no
My server is RedHat Enterprise Linux 6 and my laptop is Fedora 15.
Can anyone give me any thoughts on things to try to get SSH X11 forwarding to work from my laptop?
I finally found the answer (at least for my situation)! The problem was SELinux. I turned off SELinux, and it worked with no problem.
If you interested in all of the gory details, you can read about it on my blog, but let me detail the pertinent facts here...
On the remote machine, I used dmesg to view the logging messages:
dmesg | tail
I found a number of messages like this:
type=1400 audit(1332520527.110:51337): avc: denied { read } for pid=25240 comm="sshd" name="authorized_keys" dev=dm-5 ino=167 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=file
You can check the status of SELinux with this command:
$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
Policy version: 24
Policy from config file: targeted
You can turn it to permissive mode with this command:
setenforce 0
For more information on SELinux, I found Red Hat's guide helpful. Also, for other SSH issues, I found David's blog helpful for getting logging to help.
For me, after that, my X11 forwarding started working with no problem.
SELinux was preventing several other different things. It could not create the necessary files to make key authentication work. I also found it blocking ssh-keygen from creating keys in the home directory.