Re: upgrade to bookworm broke ssh x11 forwarding
On Thu, Nov 9, 2023 at 11:43 AM Greg Wooledge <greg@wooledge.org> wrote:
>
> On Thu, Nov 09, 2023 at 03:01:29PM +0000, fxkl47BF@protonmail.com wrote:
> > i upgraded from bullseye to bookworm with no problems
> > when i try ssh with -X/-Y to the bookworm machine x11 forwarding fails
> >
> > debug1: Requesting X11 forwarding with authentication spoofing.
> > debug1: Sending environment.
> > debug1: Sending env LANG = en_US.UTF-8
> > debug1: Sending env LC_ALL = en_US.UTF-8
> > X11 forwarding request failed on channel 0
> >
> > the .Xauthority file is not updated
> > is there new security or configuration
>
> On the server, run:
>
> grep X11 /etc/ssh/sshd_config
>
> That should tell you whether X11Forwarding and its related options have
> been disabled.
Probably need a 'grep -IR' since overrides can be provided in sshd_config.d/ :
$ sudo ls /etc/ssh/sshd_config.d/
10-pubkey_auth.conf 20-no_root_login.conf
And:
$ sudo cat /etc/ssh/sshd_config.d/10-pubkey_auth.conf
PasswordAuthentication no
ChallengeResponseAuthentication no
KerberosAuthentication no
KerberosOrLocalPasswd no
GSSAPIAuthentication no
UsePAM no
PubkeyAuthentication yes
Jeff
Reply to: