X11 forwarding request failed on channel 0 after 2.5.0
-
After upgrading to 2.50 I see this:
X11 forwarding request failed on channel 0
pfSense - Netgate Device ID: XYZNot that I care much about X11 forwarding, but just sharing here.
Anybody else has seen this and knows what's up ?Never seen on 2.4.x releases.
Thx
-
Where are you seeing that, and what exactly are you trying to do. I have never had a need/want to forward via ssh.. Since I just vpn in if I want to do anything on my local network while remote..
-
I see it after ssh'inf to the pfsense box
ssh admin@XYZ
Password for user@XYZ:
X11 forwarding request failed on channel 0
pf - Netgate Device ID: XXX*** Welcome to pfSense 2.5.0-RELEASE (amd64) on pfsense ***
WAN (wan) -> igb0 -> v4/DHCP4: XYZ/20
LAN (lan) -> igb1 -> v4: 192.168.10.1/24
WIFI (opt1) -> igb2 -> v4: 192.168.20.1/24- Logout (SSH only) 9) pfTop
- Assign Interfaces 10) Filter Logs
- Set interface(s) IP address 11) Restart webConfigurator
- Reset webConfigurator password 12) PHP shell + pfSense tools
- Reset to factory defaults 13) Update from console
- Reboot system 14) Disable Secure Shell (sshd)
- Halt system 15) Restore recent configuration
- Ping host 16) Restart PHP-FPM
- Shell
-
What are you using to ssh (what is your client? putty, securecrt, ssh)
I don't see such an error - I ssh into pfsense pretty much every day..
I even enable x11 forwarding - and still don't see such an error
-
I ssh from ubuntu with term or terminator and never saw it before 2.5.0
I don't use putty but tried it and don't see this error
-
@chudak said in X11 forwarding request failed on channel 0 after 2.5.0:
X11 forwarding request failed on channel 0
Have a look here
https://www.linuxsecrets.com/1204-how-to-fix-x11-forwarding-request-failed-on-channel-0
https://stackoverflow.com/questions/38961495/x11-forwarding-request-failed-on-channel-0According to the above it could be localhost or ipv6 related
-
@bingo600 thx !
The question is - why is it popping up after 2.5.0 and never before ?
-
While it might be popping up for you - its not popping up here.. I have been unable to even get it to pop up even using ssh with -X
do a ssh -x, do you still get it? What is your client settings specifically?
Do a verbose connection -v so you see some details..
For example I can see this when do -Xv
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding debug1: X11 forwarding requested but DISPLAY not set
-
I don't see the error with ssh -x, nothing special about ssh client settings AFAIK
See verbose here https://pastebin.com/hTDiEfJz
-
Not seeing the rest of this - it stops where your having to auth with password. What is the rest after you auth.
-
sorry missed that
debug1: Authentication succeeded (keyboard-interactive). Authenticated to pfsense ([192.168.0.1]:22). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: pledge: exec debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 debug1: Requesting X11 forwarding with authentication spoofing. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 X11 forwarding request failed on channel 0 pfSense - Netgate Device ID:xyz
-
What is your local clients that your sshing from config
Should be on your client in /etc/ssh/ssh_config
-
@johnpoz said in X11 forwarding request failed on channel 0 after 2.5.0:
/etc/ssh/ssh_conf
cat /etc/ssh/ssh_config # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. Include /etc/ssh/ssh_config.d/*.conf Host * # ForwardAgent no ForwardX11 yes ForwardX11Trusted yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # GSSAPIKeyExchange no # GSSAPITrustDNS no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_ecdsa # IdentityFile ~/.ssh/id_ed25519 # Port 22 # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,umac-64@openssh.com # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h SendEnv LANG LC_* HashKnownHosts yes GSSAPIAuthentication yes
-
@chudak said in X11 forwarding request failed on channel 0 after 2.5.0:
ForwardX11 yes
ForwardX11Trusted yesComment those out, or set to no and your error will go away ;)
-
@johnpoz said in X11 forwarding request failed on channel 0 after 2.5.0:
@chudak said in X11 forwarding request failed on channel 0 after 2.5.0:
ForwardX11 yes
ForwardX11Trusted yesComment those out, or set to no and your error will go away ;)
My fault after all :( has nothing to do with 2.5.0 !
Thx @johnpoz
But it's good to be sure :) -
Did you change something there between going to 2.5? I don't think that is default on ssh install to enable that..
But if your using some gui term or package in your OS, maybe it set that?
But you mentioned you don't use X11 forwarding, and not sure how you would do X11 to pfsense anyway ;) But yeah can understand why you would want the error not to be there ;)
-
@johnpoz said in X11 forwarding request failed on channel 0 after 2.5.0:
Did you change something there between going to 2.5? I don't think that is default on ssh install to enable that..
But if your using some gui term or package in your OS, maybe it set that?
But you mentioned you don't use X11 forwarding, and not sure how you would do X11 to pfsense anyway ;) But yeah can understand why you would want the error not to be there ;)
Hard to say if I did change anything, but as long as it's not 2.5.0 I am happy :)
-
I don't recall exactly when, I thought it was in 2.4.x, but we disabled X11 forwarding in the SSH daemon on the firewall for security reasons.
The error is harmless though, you can ignore it, or like you've done, disable it on the client side.