Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    X11 forwarding request failed on channel 0 after 2.5.0

    Scheduled Pinned Locked Moved General pfSense Questions
    18 Posts 4 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chudakC
      chudak @bingo600
      last edited by

      @bingo600 thx !

      The question is - why is it popping up after 2.5.0 and never before ?

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @chudak
        last edited by johnpoz

        While it might be popping up for you - its not popping up here.. I have been unable to even get it to pop up even using ssh with -X

        do a ssh -x, do you still get it? What is your client settings specifically?

        Do a verbose connection -v so you see some details..

        For example I can see this when do -Xv

        debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
        debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
        debug1: X11 forwarding requested but DISPLAY not set
        

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        chudakC 1 Reply Last reply Reply Quote 0
        • chudakC
          chudak @johnpoz
          last edited by

          @johnpoz

          I don't see the error with ssh -x, nothing special about ssh client settings AFAIK

          See verbose here https://pastebin.com/hTDiEfJz

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @chudak
            last edited by

            Not seeing the rest of this - it stops where your having to auth with password. What is the rest after you auth.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            chudakC 1 Reply Last reply Reply Quote 0
            • chudakC
              chudak @johnpoz
              last edited by chudak

              @johnpoz

              sorry missed that

              debug1: Authentication succeeded (keyboard-interactive).
              Authenticated to pfsense ([192.168.0.1]:22).
              debug1: channel 0: new [client-session]
              debug1: Requesting no-more-sessions@openssh.com
              debug1: Entering interactive session.
              debug1: pledge: exec
              debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
              debug1: Requesting X11 forwarding with authentication spoofing.
              debug1: Sending environment.
              debug1: Sending env LANG = en_US.UTF-8
              X11 forwarding request failed on channel 0
              pfSense - Netgate Device ID:xyz
              
              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @chudak
                last edited by

                What is your local clients that your sshing from config

                Should be on your client in /etc/ssh/ssh_config

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                chudakC 1 Reply Last reply Reply Quote 0
                • chudakC
                  chudak @johnpoz
                  last edited by

                  @johnpoz said in X11 forwarding request failed on channel 0 after 2.5.0:

                  /etc/ssh/ssh_conf

                  cat /etc/ssh/ssh_config
                  
                  # This is the ssh client system-wide configuration file.  See
                  # ssh_config(5) for more information.  This file provides defaults for
                  # users, and the values can be changed in per-user configuration files
                  # or on the command line.
                  
                  # Configuration data is parsed as follows:
                  #  1. command line options
                  #  2. user-specific file
                  #  3. system-wide file
                  # Any configuration value is only changed the first time it is set.
                  # Thus, host-specific definitions should be at the beginning of the
                  # configuration file, and defaults at the end.
                  
                  # Site-wide defaults for some commonly used options.  For a comprehensive
                  # list of available options, their meanings and defaults, please see the
                  # ssh_config(5) man page.
                  
                  Include /etc/ssh/ssh_config.d/*.conf
                  
                  Host *
                  #   ForwardAgent no
                     ForwardX11 yes
                     ForwardX11Trusted yes
                  #   PasswordAuthentication yes
                  #   HostbasedAuthentication no
                  #   GSSAPIAuthentication no
                  #   GSSAPIDelegateCredentials no
                  #   GSSAPIKeyExchange no
                  #   GSSAPITrustDNS no
                  #   BatchMode no
                  #   CheckHostIP yes
                  #   AddressFamily any
                  #   ConnectTimeout 0
                  #   StrictHostKeyChecking ask
                  #   IdentityFile ~/.ssh/id_rsa
                  #   IdentityFile ~/.ssh/id_dsa
                  #   IdentityFile ~/.ssh/id_ecdsa
                  #   IdentityFile ~/.ssh/id_ed25519
                  #   Port 22
                  #   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
                  #   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
                  #   EscapeChar ~
                  #   Tunnel no
                  #   TunnelDevice any:any
                  #   PermitLocalCommand no
                  #   VisualHostKey no
                  #   ProxyCommand ssh -q -W %h:%p gateway.example.com
                  #   RekeyLimit 1G 1h
                      SendEnv LANG LC_*
                      HashKnownHosts yes
                      GSSAPIAuthentication yes
                  
                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @chudak
                    last edited by

                    @chudak said in X11 forwarding request failed on channel 0 after 2.5.0:

                    ForwardX11 yes
                    ForwardX11Trusted yes

                    Comment those out, or set to no and your error will go away ;)

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    chudakC 1 Reply Last reply Reply Quote 0
                    • chudakC
                      chudak @johnpoz
                      last edited by

                      @johnpoz said in X11 forwarding request failed on channel 0 after 2.5.0:

                      @chudak said in X11 forwarding request failed on channel 0 after 2.5.0:

                      ForwardX11 yes
                      ForwardX11Trusted yes

                      Comment those out, or set to no and your error will go away ;)

                      My fault after all :( has nothing to do with 2.5.0 !

                      Thx @johnpoz
                      But it's good to be sure :)

                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator @chudak
                        last edited by

                        Did you change something there between going to 2.5? I don't think that is default on ssh install to enable that..

                        But if your using some gui term or package in your OS, maybe it set that?

                        But you mentioned you don't use X11 forwarding, and not sure how you would do X11 to pfsense anyway ;) But yeah can understand why you would want the error not to be there ;)

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        chudakC 1 Reply Last reply Reply Quote 0
                        • chudakC
                          chudak @johnpoz
                          last edited by chudak

                          @johnpoz said in X11 forwarding request failed on channel 0 after 2.5.0:

                          Did you change something there between going to 2.5? I don't think that is default on ssh install to enable that..

                          But if your using some gui term or package in your OS, maybe it set that?

                          But you mentioned you don't use X11 forwarding, and not sure how you would do X11 to pfsense anyway ;) But yeah can understand why you would want the error not to be there ;)

                          Hard to say if I did change anything, but as long as it's not 2.5.0 I am happy :)

                          1 Reply Last reply Reply Quote 0
                          • jimpJ
                            jimp Rebel Alliance Developer Netgate
                            last edited by

                            I don't recall exactly when, I thought it was in 2.4.x, but we disabled X11 forwarding in the SSH daemon on the firewall for security reasons.

                            The error is harmless though, you can ignore it, or like you've done, disable it on the client side.

                            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            1 Reply Last reply Reply Quote 1
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.