# x11 forwarding via ssh fails

## Adel Ahmed

when I try sshing to my pc: $ssh -x 192.168.1.6

I get:

Warning: untrusted X11 forwarding setup failed: xauth key data not generated

Warning: No xauth data; using fake authentication data for X11 forwarding.

X11 forwarding request failed on channel 0

I honestly cannot provide any info on when this started happening, if any log files are needed please tell me

thanks

----------

## chiefbag

Use:

```
ssh -Y 92.168.1.6
```

don't forger to xhost + on your local machine first. 

then do the above and export the display, log out and log in again.

----------

## depontius

Don't do "xhost +", at least not if your system is on a network.  In fact "xhost" is just plain a horrible security hole.  "xauth" is much better, and there are those-who-wear-tin-hats that will insist that MIT-MAGIC-COOKIE-1 is weak.

chiefbag alluded to, but didn't quite state succintly: (from "man ssh")

```
     -X      Enables X11 forwarding.  This can also be specified on a per-host

             basis in a configuration file.

             X11 forwarding should be enabled with caution.  Users with the

             ability to bypass file permissions on the remote host (for the

             user’s X authorization database) can access the local X11 display

             through the forwarded connection.  An attacker may then be able

             to perform activities such as keystroke monitoring.

             For this reason, X11 forwarding is subjected to X11 SECURITY

             extension restrictions by default.  Please refer to the ssh -Y

             option and the ForwardX11Trusted directive in ssh_config(5) for

             more information.

     -x      Disables X11 forwarding.

     -Y      Enables trusted X11 forwarding.  Trusted X11 forwardings are not

             subjected to the X11 SECURITY extension controls.
```

Your line had a lowercase "-x", which is backwards from what you wanted.

----------

## Adel Ahmed

well I don't want to use Y

i want to fix ssh -X like it used to be

and -x was a misspell I meant -X

----------

## Hu

 *chiefbag wrote:*   

> Use:
> 
> ```
> ssh -Y 92.168.1.6
> ```
> ...

 In addition to being wrong about advising xhost +, this is also wrong to suggest manipulation of $DISPLAY.  When ssh X11 forwarding is done properly, $DISPLAY will be set automatically.

OP: why do you want to use untrusted X11 forwarding?  That is typically only used in cases where you do not trust the administrator of the remote machine.  It imposes some performance problems by disallowing use of X11 features that modern programs assume will be present.

----------

## Adel Ahmed

here's what I get when I ssh -Y:

X11 forwarding request failed on channel 0

even if I log in via -Y i still prefer not having something not working on linux, I use this laptop at work as well and you can never tell when you need an option

----------

## Ant P.

Does the server have X11Forwarding enabled in the config file?

----------

## Adel Ahmed

how can I tell?

----------

