X11forwarding yes: how to debug/setup after xauth fix

Michael Felt michael at felt.demon.nl
Wed Oct 4 20:07:25 AEDT 2017

I do not often use X11 - but when I do I prefer to enable X11forwarding, 
and when finished - turn it off. This is preferable, imho, to having 
"clear" X11 processing when local - and otherwise impossible when 
working remote.

Working with openssh-7.5p2 I cannot figure out what (extra) I need to do 
with sshd_config to get it working.

I know that there is a security-fix starting with openssh-7.2 
(https://www.openssh.com/security.html, March 9, 2016) - and when I load 
any version of openssh prior to Openssh-7.2 I get the expected X11 
behavior over an ssh(d) X11forwarding tunnel.

So, what should I be looking at on my server or client-side. Is there a 
different setting I should be using? I am still using the "putty" 
setting of: MIT-Magic-Cookie-1. (I'll test, in a moment using 
XDM-Authorization-1). However, the hint I am hoping for is the flag to 
set for sshd (e.g., -ddddd) and what debug string - to see if 
X11forwarding is attempted, and if so, why it is rejected by the sshd.

Again - no changes to client-side - openssh-7.1 and earlier work, 
openssh-7.2 and later do not.

Thanks for you time!


More information about the openssh-unix-dev mailing list