# ssh x forwarding [SOLVED]

## BiggJ

I know it's possible to do x forwarding over ssh. I enabled it in sh_conf, but it still isn't working. Is there something else I need to do?

--JLast edited by BiggJ on Thu Dec 11, 2003 5:42 pm; edited 1 time in total

----------

## triad

need to uncomment

```

# Host *

#   ForwardAgent no

#   ForwardX11 no

```

in

```
/etc/ssh/ssh_config
```

then you can access via:

```
ssh -X username@hostname
```

Hope this is what you where looking for.

Triad

----------

## BiggJ

 *triad wrote:*   

> 
> 
> ```
> 
> # Host *
> ...

 

I am guessing I also need to change them to yes.

--J

----------

## ewan.paton

dont you also need to change the sshd_conf on the pc you log into

----------

## BiggJ

 *ewan.paton wrote:*   

> dont you also need to change the sshd_conf on the pc you log into

 

turned on X11Forwarding there too, same error

----------

## amne

try using verbose messages by

```
ssh -X -v user@host
```

maybe the output helps tracking down the problem.

----------

## BiggJ

Just to be clear ... I want to ssh into a server, and then launch an X app on it and have it appear on my desktop machine. I have never had to use the "-X" flag to do that before.

That being said... here is the output ...

```
jmerv@hayden: ~ $ ssh -X -v italy.maskdomain.com

OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6k 30 Sep 2003

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug1: Connecting to italy.maskdomain.com [###.###.###.###] port 22.

debug1: Connection established.

debug1: identity file /home/jmerv/.ssh/identity type 0

debug1: identity file /home/jmerv/.ssh/id_rsa type 1

debug1: identity file /home/jmerv/.ssh/id_dsa type 2

debug1: Remote protocol version 2.0, remote software version OpenSSH_3.7.1p2

debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host 'italy.maskdomain.com' is known and matches the RSA host key.

debug1: Found key in /home/jmerv/.ssh/known_hosts:10

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug1: Next authentication method: publickey

debug1: Offering public key: /home/jmerv/.ssh/id_rsa

debug1: Server accepts key: pkalg ssh-rsa blen 149

debug1: read PEM private key done: type RSA

debug1: Authentication succeeded (publickey).

debug1: channel 0: new [client-session]

debug1: Entering interactive session.

debug1: Requesting X11 forwarding with authentication spoofing.

Last login: Tue Dec  9 23:46:59 2003 from 24.126.199.65

jmerv@scribe: ~ $ ssh -X -v bostrom

OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6k 30 Sep 2003

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug1: Connecting to bostrom [10.40.36.175] port 22.

debug1: Connection established.

debug1: identity file /home/jmerv/.ssh/identity type -1

debug1: identity file /home/jmerv/.ssh/id_rsa type -1

debug1: identity file /home/jmerv/.ssh/id_dsa type -1

debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p2

debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host 'bostrom' is known and matches the RSA host key.

debug1: Found key in /home/jmerv/.ssh/known_hosts:3

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug1: Next authentication method: publickey

debug1: Trying private key: /home/jmerv/.ssh/identity

debug1: Trying private key: /home/jmerv/.ssh/id_rsa

debug1: Trying private key: /home/jmerv/.ssh/id_dsa

debug1: Next authentication method: keyboard-interactive

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug1: Next authentication method: password

jmerv@bostrom's password:

debug1: Authentication succeeded (password).

debug1: channel 0: new [client-session]

debug1: Entering interactive session.

Last login: Tue Dec  9 23:47:01 2003 from scribe.weblab.pas.maskdomain.com

jmerv@bostrom: ~ $ gvim

E233: cannot open display

```

Note: I masked the domain's and IP's because it's a company gate that I am logging in through. I, however, control the machines on either side of the gate. They are my home and work workstations.

--J

----------

## ewan.paton

have you done a /etc/init.d/sshd restart as well

----------

## triad

biggj can you try another app besides gvim?  The only reason i suggest this is that i googled on the error message you received and it appears to be an issue with gvim.

If I send you on a wild goose chase I apologize but my philosphy is Hey you never know!

Triad

----------

## fleed

You can also test by looking at the DISPLAY variable. If echo $DISPLAY shows you anything then the problem is (probably) not with ssh.

----------

## BiggJ

 *ewan.paton wrote:*   

> dont you also need to change the sshd_conf on the pc you log into

 

This worked. Thanks! Also, was able to launch 'gvim'.

--J

----------

## anil_et

Hi

Can you tell me step by step how you managed to open X sessions on remote box? I am trying to get it working on my winXP machine with Cygwin

----------

## mariux2

I would like that too!

----------

## yaneurabeya

That would be helpful. Trying to find out how to X11 forward properly to login via xdm since all this time I've been using tightvnc and old school term logins. Just wanted to see if network performance was better for X11 forwarding.

Apparently it's not forwarding the ports or setting up the x11 forwarding properly in SSH.

My config:

moto-matic's sshd_config server snippet:

```
AllowTcpForwarding yes

GatewayPorts no

X11Forwarding yes

X11DisplayOffset 10

X11UseLocalhost yes

#PrintMotd yes

#PrintLastLog yes

#TCPKeepAlive yes

UseLogin no
```

sprsd's ssh_config client snippet:

```
Host *

   ForwardAgent yes

   ForwardX11 yes
```

ssh -v -X gman@moto-matic output:

```
bash-2.05b# ssh -v -X gman@moto-matic

OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug1: Connecting to moto-matic [128.208.47.172] port 22.

debug1: Connection established.

debug1: permanently_set_uid: 0/0

debug1: identity file /root/.ssh/identity type -1

debug1: identity file /root/.ssh/id_rsa type -1

debug1: identity file /root/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1

debug1: match: OpenSSH_3.9p1 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.9p1

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host 'moto-matic' is known and matches the RSA host key.

debug1: Found key in /root/.ssh/known_hosts:3

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: publickey

debug1: Trying private key: /root/.ssh/identity

debug1: Trying private key: /root/.ssh/id_rsa

debug1: Trying private key: /root/.ssh/id_dsa

debug1: Next authentication method: password

gman@D-128-208-47-172 gman $ exit

debug1: channel 0: free: client-session, nchannels 1

Connection to moto-matic closed.

debug1: Transferred: stdin 0, stdout 0, stderr 34 bytes in 1.1 seconds

debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 29.7

debug1: Exit status 0
```

...and I have restarted sshd a couple of times since I updated my sshd_config file...

----------

