ssh X11 forwarding won't work

Question

I have been trying to get X11 port forwarding to work from my laptop. I can\'t figure out why it won\'t work.

I get this message when I try to run xterm:

Answer 1

I finally found the answer (at least for my situation)! The problem was SELinux. I turned off SELinux, and it worked with no problem.

If you interested in all of the gory details, you can read about it on my blog, but let me detail the pertinent facts here...

On the remote machine, I used dmesg to view the logging messages:

dmesg | tail

I found a number of messages like this:

type=1400 audit(1332520527.110:51337): avc: denied { read } for pid=25240 comm="sshd" name="authorized_keys" dev=dm-5 ino=167 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=file

You can check the status of SELinux with this command:

$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
Policy version: 24
Policy from config file: targeted

You can turn it to permissive mode with this command:

setenforce 0

For more information on SELinux, I found Red Hat's guide helpful. Also, for other SSH issues, I found David's blog helpful for getting logging to help.

For me, after that, my X11 forwarding started working with no problem.

SELinux was preventing several other different things. It could not create the necessary files to make key authentication work. I also found it blocking ssh-keygen from creating keys in the home directory.