X11 Forwarding Not Working

Chuck McCrobie mccrobie2000 at gmail.com
Fri May 5 03:45:17 UTC 2017 

Not sure if this is the correct mailing list.  I've attempted to include 
all relevant information.

Synopsis
------------
Attempting to ssh -X fedora23 freebsd11-stable.  I get

usr/local/bin/xauth: (stdin):1:  bad display name "unix:10.0" in 
"remove" command
/usr/local/bin/xauth: (stdin):2:  bad display name "unix:10.0" in "add" 
command

----- FreeBSD -----
$ echo $DISPLAY
localhost:10.0

$ konsole
X11 connection rejected because of wrong authentication.
Segmentation fault (core dumped)

----------- /etc/rc.conf ----------
ifconfig_em0="DHCP"

vboxguest_enable="YES"
vboxservice_enable="YES"

dbus_enable="YES"
hald_enable="YES"
kdm4_enable="YES"

sshd_enable="NO"
openssh_enable="YES"

----------- /usr/local/etc/ssh/sshd_config ----------  default as 
installed by pkg add openssh-portable
#       $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /usr/local/etc/ssh/ssh_host_rsa_key
#HostKey /usr/local/etc/ssh/ssh_host_dsa_key
#HostKey /usr/local/etc/ssh/ssh_host_ecdsa_key
#HostKey /usr/local/etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and 
.ssh/authorized_keys2
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in 
/usr/local/etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.
#PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum FreeBSD-openssh-portable-7.5.p1,1

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/local/libexec/sftp-server

# the following are HPN related configuration options
# tcp receive buffer polling. disable in non autotuning kernels
#TcpRcvBufPoll yes

# disable hpn performance boosts
#HPNDisabled no

# buffer size for hpn to non-hpn connections
#HPNBufferSize 2048


# allow the use of the none cipher
#NoneEnabled no

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server

---------- pkg info openssh-portable ---------

pkg info openssh-portable
openssh-portable-7.5.p1,1
Name           : openssh-portable
Version        : 7.5.p1,1
Installed on   : Fri May  5 01:30:06 2017 UTC
Origin         : security/openssh-portable
Architecture   : FreeBSD:11:amd64

---------- .XAuthority ----------  EMPTY

------ uname -a on Linux ------
Linux gti-no6.my.domain 4.8.12-100.fc23.x86_64 #1 SMP Fri Dec 2 17:52:27 
UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

------ uname -r on FreeBSD -----
11.0-STABLE

------ ssh -v -X me at 192.168.2.179 ------ (192.168.2.179 is the FreeBSD 
11-STABLE machine)
ssh -v -X me at 192.168.2.179
OpenSSH_7.2p2, OpenSSL 1.0.2j-fips  26 Sep 2016
debug1: Reading configuration data /home/xxx/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to 192.168.2.179 [192.168.2.179] port 22.
debug1: Connection established.
debug1: identity file /home/xxx/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xxx/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xxx/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xxx/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xxx/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xxx/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xxx/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/xxx/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2
debug1: Remote protocol version 2.0, remote software version 
OpenSSH_7.5-hpn14v5 FreeBSD-openssh-portable-7.5.p1,1
debug1: match: OpenSSH_7.5-hpn14v5 FreeBSD-openssh-portable-7.5.p1,1 pat 
OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.2.179:22 as 'me'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256 at libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: 
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: 
<implicit> compression: none
debug1: kex: curve25519-sha256 at libssh.org need=64 dh_need=64
debug1: kex: curve25519-sha256 at libssh.org need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 
SHA256:nGH5+5gHLLkPxS1JF/ccT9dI9KiplE72Y6YJMwMZD8Y
debug1: Host '192.168.2.179' is known and matches the ECDSA host key.
debug1: Found key in /home/xxx/.ssh/known_hosts:71
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: 
server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/xxx/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /home/xxx/.ssh/id_dsa
debug1: Trying private key: /home/xxx/.ssh/id_ecdsa
debug1: Trying private key: /home/xxx/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
Password for me@:
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to 192.168.2.179 ([192.168.2.179]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug1: pledge: exec
debug1: client_input_global_request: rtype hostkeys-00 at openssh.com 
want_reply 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env XMODIFIERS = @im=none
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LANGUAGE =
Last login: Fri May  5 03:15:53 2017 from 192.168.2.237
FreeBSD 11.0-STABLE (GENERIC) #0 r317153: Thu Apr 20 05:43:02 UTC 2017

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: 
https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
/usr/local/bin/xauth:  file /home/me/.Xauthority does not exist
/usr/local/bin/xauth: (stdin):1:  bad display name "unix:10.0" in 
"remove" command
/usr/local/bin/xauth: (stdin):2:  bad display name "unix:10.0" in "add" 
command
You can automatically download and install binary packages by doing

         pkg install <package>

This will also automatically install the packages that are dependencies
for the package you install (ie, the packages it needs in order to work.)

---------- pkg info xauth ----------
pkg info xauth
xauth-1.0.10
Name           : xauth
Version        : 1.0.10
Installed on   : Fri May  5 02:20:59 2017 UTC
Origin         : x11/xauth
Architecture   : FreeBSD:11:amd64

--------- Linux (source system) /etc/ssh/ssh_config ----------
Host *
         GSSAPIAuthentication yes
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the 
untrusted
# mode correctly we set this to yes.
         ForwardX11 yes
         ForwardX11Trusted yes
# Send locale-related environment variables
         SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY 
LC_MESSAGES
         SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
         SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
         SendEnv XMODIFIERS

---------- on FreeBSD ----------
host gti-no6.my.domain
gti-no6.my.domain has address 192.168.2.237

---------- on FreeBSD ---------
more /etc/resolv.conf
# Generated by resolvconf
search my.domain
nameserver 192.168.2.1

More information about the freebsd-x11 mailing list