How configure X11 Forwarding in RHEL7, CentOS7

1) Install the following packages
yum install -y xorg-x11-server-Xorg xorg-x11-xauth xorg-x11-apps

2) Enable X11 Fowarding
grep -i X11Forwarding /etc/ssh/sshd_config
Should be set to Yes

3) Logoff and login as
ssh -Y user@host

4) Test
xclock& , xeyes&

A dump of the sshd_config on my test server

grep -v ^#  /etc/ssh/sshd_config  | grep -v ^$
AddressFamily inet
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
SyslogFacility AUTHPRIV
LogLevel VERBOSE
PermitRootLogin without-password
MaxAuthTries 5
AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding yes
UsePrivilegeSeparation yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem       sftp    /usr/libexec/openssh/sftp-server

Troubleshooting

xclock&
Error: Can’t open display:

To fix this, I did the following:
rm /root/.Xauthority
systemctl restart sshd

Logout and login to create new /root/.Xauthority

AddressFamily inet
For some servers it only works by forcing to IPv4 only. AddressFamily should be set to inet(IPv4)

grep Family /etc/ssh/sshd_config
AddressFamily inet

man sshd_config
AddressFamily
Specifies which address family should be used by sshd(8). Valid arguments are “any”, “inet” (use IPv4 only), or “inet6” (use IPv6 only). The default is “any”.

X11 forwarding bug in SSH if IPv6 on the system is disabled.
http://unix.stackexchange.com/a/225642/95470

It does work on a different RHEL 7.1 server though with AddressFamily set to “any”.

Still not working
May be the server is behind a firewall. Where I work, I have to authenticate with the firewall to get this working.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s