[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: upgrade to bookworm broke ssh x11 forwarding

On Thu, 9 Nov 2023, Jeffrey Walton wrote:

> On Thu, Nov 9, 2023 at 11:43 AM Greg Wooledge <greg@wooledge.org> wrote:
>>
>> On Thu, Nov 09, 2023 at 03:01:29PM +0000, fxkl47BF@protonmail.com wrote:
>>> i upgraded from bullseye to bookworm with no problems
>>> when i try ssh with -X/-Y to the bookworm machine x11 forwarding fails
>>>
>>> debug1: Requesting X11 forwarding with authentication spoofing.
>>> debug1: Sending environment.
>>> debug1: Sending env LANG = en_US.UTF-8
>>> debug1: Sending env LC_ALL = en_US.UTF-8
>>> X11 forwarding request failed on channel 0
>>>
>>> the .Xauthority file is not updated
>>> is there new security or configuration
>>
>> On the server, run:
>>
>>     grep X11 /etc/ssh/sshd_config
>>
>> That should tell you whether X11Forwarding and its related options have
>> been disabled.
>
> Probably need a 'grep -IR' since overrides can be provided in sshd_config.d/ :
>
>   $ sudo ls /etc/ssh/sshd_config.d/
>   10-pubkey_auth.conf  20-no_root_login.conf
>
> And:
>
>    $ sudo cat /etc/ssh/sshd_config.d/10-pubkey_auth.conf
>    PasswordAuthentication no
>    ChallengeResponseAuthentication no
>    KerberosAuthentication no
>    KerberosOrLocalPasswd no
>    GSSAPIAuthentication no
>    UsePAM no
>    PubkeyAuthentication yes
>
> Jeff
>

my /etc/ssh/sshd_config.d/ is empty
Reply to: