I have been trying to get X11 port forwarding to work from my laptop. I can't figure out why it won't work.

I get this message when I try to run xterm:

X11 connection rejected because of wrong authentication.
xterm Xt error: Can't open display: localhost:10.0

I don't know if this is related or not, but when I login, I get this message:

/usr/bin/xauth:  timeout in locking authority file /home/sphillips/.Xauthority

I have wondered if the problem is that my local user on my laptop is skp and the username on this server is sphillips. I have been able to get X11 forwarding to work with my other computers that use the same skp login.

Also, the X11 port forwarding works from a Windows machine using Xming and Putty to the same server. I have to manually configure the DISPLAY variable to the IP address and display 0.0, but it works.

I have run an xhost + on my machine with the attempt to try to bypass any security issues. That still didn't work.

On the server, I check the configuration:

$ sudo grep X11Forwarding /etc/ssh/sshd_config
#X11Forwarding no
X11Forwarding yes
#   X11Forwarding no

And on my machine as well:

$ sudo grep X11Forwarding /etc/ssh/sshd_config
[sudo] password for skp: 
#X11Forwarding no
X11Forwarding yes
#   X11Forwarding no

My server is RedHat Enterprise Linux 6 and my laptop is Fedora 15.

Can anyone give me any thoughts on things to try to get SSH X11 forwarding to work from my laptop?

I finally found the answer (at least for my situation)! The problem was SELinux. I turned off SELinux, and it worked with no problem.

If you interested in all of the gory details, you can read about it on my blog, but let me detail the pertinent facts here...

On the remote machine, I used dmesg to view the logging messages:

dmesg | tail

I found a number of messages like this:

type=1400 audit(1332520527.110:51337): avc: denied { read } for pid=25240 comm="sshd" name="authorized_keys" dev=dm-5 ino=167 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=file

You can check the status of SELinux with this command:

$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
Policy version: 24
Policy from config file: targeted

You can turn it to permissive mode with this command:

setenforce 0

For more information on SELinux, I found Red Hat's guide helpful. Also, for other SSH issues, I found David's blog helpful for getting logging to help.

For me, after that, my X11 forwarding started working with no problem.

SELinux was preventing several other different things. It could not create the necessary files to make key authentication work. I also found it blocking ssh-keygen from creating keys in the home directory.

I got the same issue on a Debian OpenVZ container and the problem seemed to come from my /etc/hosts file where "localhost" was affected to the LAN IP, not 127.0.0.1.

Before :

192.168.0.15  dagi dagi.domain.net localhost localhost.localdomain

After :

192.168.0.15  dagi dagi.domain.net
127.0.0.1     localhost localhost.localdomain

After that, both ssh -X and ssh -Y worked like a charm without even restarting sshd.

I bumped into this, too. But in my case it was because I removed IPv6 support some days ago. I then bumped into this thread explaining how to make sure sshd uses IPv4 only.

This is how I did it, add this:

AddressFamily inet

to your ssh_config-file (on Ubuntu /etc/ssh/sshd_config) and make sshd reload its configuration (kill -SIGHUP pid-of-sshd).

Apart from @Chl s answer above, I also had a corrupt ~/.Xauthority file.

For some reason it was owned by root even under my home directory. So I had to sudo -s and then deleted it.

Then recreated it with touch ~/.Xauthority

After that X forwarding worked for me, under Ubuntu 14.04.

sudo grep X11Forwarding /etc/ssh/sshd_config

X11Forwarding yes 
#sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
Policy version: 24
Policy from config file: targeted
#You can turn it to permissive mode with this command:
#setenforce 0