X11 forwarding request failed on channel 0 after 2.5.0

chudak

@bingo600 thx !

The question is - why is it popping up after 2.5.0 and never before ?

johnpoz

While it might be popping up for you - its not popping up here.. I have been unable to even get it to pop up even using ssh with -X

do a ssh -x, do you still get it? What is your client settings specifically?

Do a verbose connection -v so you see some details..

For example I can see this when do -Xv

debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: X11 forwarding requested but DISPLAY not set

chudak

@johnpoz

I don't see the error with ssh -x, nothing special about ssh client settings AFAIK

See verbose here https://pastebin.com/hTDiEfJz

johnpoz

Not seeing the rest of this - it stops where your having to auth with password. What is the rest after you auth.

chudak

@johnpoz

sorry missed that

debug1: Authentication succeeded (keyboard-interactive).
Authenticated to pfsense ([192.168.0.1]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: exec
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
X11 forwarding request failed on channel 0
pfSense - Netgate Device ID:xyz

johnpoz

What is your local clients that your sshing from config

Should be on your client in /etc/ssh/ssh_config

chudak

@johnpoz said in X11 forwarding request failed on channel 0 after 2.5.0:

/etc/ssh/ssh_conf

cat /etc/ssh/ssh_config

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Include /etc/ssh/ssh_config.d/*.conf

Host *
#   ForwardAgent no
   ForwardX11 yes
   ForwardX11Trusted yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes

johnpoz

@chudak said in X11 forwarding request failed on channel 0 after 2.5.0:

ForwardX11 yes
ForwardX11Trusted yes

Comment those out, or set to no and your error will go away ;)

chudak

@johnpoz said in X11 forwarding request failed on channel 0 after 2.5.0:

@chudak said in X11 forwarding request failed on channel 0 after 2.5.0:

ForwardX11 yes
ForwardX11Trusted yes

Comment those out, or set to no and your error will go away ;)

My fault after all :( has nothing to do with 2.5.0 !

Thx @johnpoz
But it's good to be sure :)

johnpoz

Did you change something there between going to 2.5? I don't think that is default on ssh install to enable that..

But if your using some gui term or package in your OS, maybe it set that?

But you mentioned you don't use X11 forwarding, and not sure how you would do X11 to pfsense anyway ;) But yeah can understand why you would want the error not to be there ;)

chudak

@johnpoz said in X11 forwarding request failed on channel 0 after 2.5.0:

Did you change something there between going to 2.5? I don't think that is default on ssh install to enable that..

But if your using some gui term or package in your OS, maybe it set that?

But you mentioned you don't use X11 forwarding, and not sure how you would do X11 to pfsense anyway ;) But yeah can understand why you would want the error not to be there ;)

Hard to say if I did change anything, but as long as it's not 2.5.0 I am happy :)

jimp

I don't recall exactly when, I thought it was in 2.4.x, but we disabled X11 forwarding in the SSH daemon on the firewall for security reasons.

The error is harmless though, you can ignore it, or like you've done, disable it on the client side.