Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    X11 forwarding request failed on channel 0 after 2.5.0

    General pfSense Questions
    4
    18
    85
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chudak
      chudak last edited by

      After upgrading to 2.50 I see this:

      X11 forwarding request failed on channel 0
      pfSense - Netgate Device ID: XYZ

      Not that I care much about X11 forwarding, but just sharing here.
      Anybody else has seen this and knows what's up ?

      Never seen on 2.4.x releases.

      Thx

      johnpoz 1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator @chudak last edited by

        Where are you seeing that, and what exactly are you trying to do. I have never had a need/want to forward via ssh.. Since I just vpn in if I want to do anything on my local network while remote..

        chudak 1 Reply Last reply Reply Quote 0
        • chudak
          chudak @johnpoz last edited by

          @johnpoz

          I see it after ssh'inf to the pfsense box

          ssh admin@XYZ
          Password for user@XYZ:
          X11 forwarding request failed on channel 0
          pf - Netgate Device ID: XXX

          *** Welcome to pfSense 2.5.0-RELEASE (amd64) on pfsense ***

          WAN (wan) -> igb0 -> v4/DHCP4: XYZ/20
          LAN (lan) -> igb1 -> v4: 192.168.10.1/24
          WIFI (opt1) -> igb2 -> v4: 192.168.20.1/24

          1. Logout (SSH only) 9) pfTop
          2. Assign Interfaces 10) Filter Logs
          3. Set interface(s) IP address 11) Restart webConfigurator
          4. Reset webConfigurator password 12) PHP shell + pfSense tools
          5. Reset to factory defaults 13) Update from console
          6. Reboot system 14) Disable Secure Shell (sshd)
          7. Halt system 15) Restore recent configuration
          8. Ping host 16) Restart PHP-FPM
          9. Shell
          johnpoz 1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator @chudak last edited by

            What are you using to ssh (what is your client? putty, securecrt, ssh)

            I don't see such an error - I ssh into pfsense pretty much every day..

            ssh.png

            I even enable x11 forwarding - and still don't see such an error

            forward.png

            chudak 1 Reply Last reply Reply Quote 0
            • chudak
              chudak @johnpoz last edited by

              @johnpoz

              I ssh from ubuntu with term or terminator and never saw it before 2.5.0

              I don't use putty but tried it and don't see this error

              1 Reply Last reply Reply Quote 0
              • bingo600
                bingo600 last edited by

                @chudak said in X11 forwarding request failed on channel 0 after 2.5.0:

                X11 forwarding request failed on channel 0

                Have a look here
                https://www.linuxsecrets.com/1204-how-to-fix-x11-forwarding-request-failed-on-channel-0
                https://stackoverflow.com/questions/38961495/x11-forwarding-request-failed-on-channel-0

                According to the above it could be localhost or ipv6 related

                chudak 1 Reply Last reply Reply Quote 0
                • chudak
                  chudak @bingo600 last edited by

                  @bingo600 thx !

                  The question is - why is it popping up after 2.5.0 and never before ?

                  johnpoz 1 Reply Last reply Reply Quote 0
                  • johnpoz
                    johnpoz LAYER 8 Global Moderator @chudak last edited by johnpoz

                    While it might be popping up for you - its not popping up here.. I have been unable to even get it to pop up even using ssh with -X

                    do a ssh -x, do you still get it? What is your client settings specifically?

                    Do a verbose connection -v so you see some details..

                    For example I can see this when do -Xv

                    debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
                    debug1: Remote: /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
                    debug1: X11 forwarding requested but DISPLAY not set
                    
                    chudak 1 Reply Last reply Reply Quote 0
                    • chudak
                      chudak @johnpoz last edited by

                      @johnpoz

                      I don't see the error with ssh -x, nothing special about ssh client settings AFAIK

                      See verbose here https://pastebin.com/hTDiEfJz

                      johnpoz 1 Reply Last reply Reply Quote 0
                      • johnpoz
                        johnpoz LAYER 8 Global Moderator @chudak last edited by

                        Not seeing the rest of this - it stops where your having to auth with password. What is the rest after you auth.

                        chudak 1 Reply Last reply Reply Quote 0
                        • chudak
                          chudak @johnpoz last edited by chudak

                          @johnpoz

                          sorry missed that

                          debug1: Authentication succeeded (keyboard-interactive).
                          Authenticated to pfsense ([192.168.0.1]:22).
                          debug1: channel 0: new [client-session]
                          debug1: Requesting no-more-sessions@openssh.com
                          debug1: Entering interactive session.
                          debug1: pledge: exec
                          debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
                          debug1: Requesting X11 forwarding with authentication spoofing.
                          debug1: Sending environment.
                          debug1: Sending env LANG = en_US.UTF-8
                          X11 forwarding request failed on channel 0
                          pfSense - Netgate Device ID:xyz
                          
                          johnpoz 1 Reply Last reply Reply Quote 0
                          • johnpoz
                            johnpoz LAYER 8 Global Moderator @chudak last edited by

                            What is your local clients that your sshing from config

                            Should be on your client in /etc/ssh/ssh_config

                            chudak 1 Reply Last reply Reply Quote 0
                            • chudak
                              chudak @johnpoz last edited by

                              @johnpoz said in X11 forwarding request failed on channel 0 after 2.5.0:

                              /etc/ssh/ssh_conf

                              cat /etc/ssh/ssh_config
                              
                              # This is the ssh client system-wide configuration file.  See
                              # ssh_config(5) for more information.  This file provides defaults for
                              # users, and the values can be changed in per-user configuration files
                              # or on the command line.
                              
                              # Configuration data is parsed as follows:
                              #  1. command line options
                              #  2. user-specific file
                              #  3. system-wide file
                              # Any configuration value is only changed the first time it is set.
                              # Thus, host-specific definitions should be at the beginning of the
                              # configuration file, and defaults at the end.
                              
                              # Site-wide defaults for some commonly used options.  For a comprehensive
                              # list of available options, their meanings and defaults, please see the
                              # ssh_config(5) man page.
                              
                              Include /etc/ssh/ssh_config.d/*.conf
                              
                              Host *
                              #   ForwardAgent no
                                 ForwardX11 yes
                                 ForwardX11Trusted yes
                              #   PasswordAuthentication yes
                              #   HostbasedAuthentication no
                              #   GSSAPIAuthentication no
                              #   GSSAPIDelegateCredentials no
                              #   GSSAPIKeyExchange no
                              #   GSSAPITrustDNS no
                              #   BatchMode no
                              #   CheckHostIP yes
                              #   AddressFamily any
                              #   ConnectTimeout 0
                              #   StrictHostKeyChecking ask
                              #   IdentityFile ~/.ssh/id_rsa
                              #   IdentityFile ~/.ssh/id_dsa
                              #   IdentityFile ~/.ssh/id_ecdsa
                              #   IdentityFile ~/.ssh/id_ed25519
                              #   Port 22
                              #   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
                              #   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
                              #   EscapeChar ~
                              #   Tunnel no
                              #   TunnelDevice any:any
                              #   PermitLocalCommand no
                              #   VisualHostKey no
                              #   ProxyCommand ssh -q -W %h:%p gateway.example.com
                              #   RekeyLimit 1G 1h
                                  SendEnv LANG LC_*
                                  HashKnownHosts yes
                                  GSSAPIAuthentication yes
                              
                              johnpoz 1 Reply Last reply Reply Quote 0
                              • johnpoz
                                johnpoz LAYER 8 Global Moderator @chudak last edited by

                                @chudak said in X11 forwarding request failed on channel 0 after 2.5.0:

                                ForwardX11 yes
                                ForwardX11Trusted yes

                                Comment those out, or set to no and your error will go away ;)

                                chudak 1 Reply Last reply Reply Quote 0
                                • chudak
                                  chudak @johnpoz last edited by

                                  @johnpoz said in X11 forwarding request failed on channel 0 after 2.5.0:

                                  @chudak said in X11 forwarding request failed on channel 0 after 2.5.0:

                                  ForwardX11 yes
                                  ForwardX11Trusted yes

                                  Comment those out, or set to no and your error will go away ;)

                                  My fault after all :( has nothing to do with 2.5.0 !

                                  Thx @johnpoz
                                  But it's good to be sure :)

                                  johnpoz 1 Reply Last reply Reply Quote 0
                                  • johnpoz
                                    johnpoz LAYER 8 Global Moderator @chudak last edited by

                                    Did you change something there between going to 2.5? I don't think that is default on ssh install to enable that..

                                    But if your using some gui term or package in your OS, maybe it set that?

                                    But you mentioned you don't use X11 forwarding, and not sure how you would do X11 to pfsense anyway ;) But yeah can understand why you would want the error not to be there ;)

                                    chudak 1 Reply Last reply Reply Quote 0
                                    • chudak
                                      chudak @johnpoz last edited by chudak

                                      @johnpoz said in X11 forwarding request failed on channel 0 after 2.5.0:

                                      Did you change something there between going to 2.5? I don't think that is default on ssh install to enable that..

                                      But if your using some gui term or package in your OS, maybe it set that?

                                      But you mentioned you don't use X11 forwarding, and not sure how you would do X11 to pfsense anyway ;) But yeah can understand why you would want the error not to be there ;)

                                      Hard to say if I did change anything, but as long as it's not 2.5.0 I am happy :)

                                      1 Reply Last reply Reply Quote 0
                                      • jimp
                                        jimp Rebel Alliance Developer Netgate last edited by

                                        I don't recall exactly when, I thought it was in 2.4.x, but we disabled X11 forwarding in the SSH daemon on the firewall for security reasons.

                                        The error is harmless though, you can ignore it, or like you've done, disable it on the client side.

                                        1 Reply Last reply Reply Quote 1
                                        • First post
                                          Last post

                                        Products

                                        • Platform Overview
                                        • TNSR
                                        • pfSense Plus
                                        • Appliances

                                        Services

                                        • Training
                                        • Professional Services

                                        Support

                                        • Subscription Plans
                                        • Contact Support
                                        • Product Lifecycle
                                        • Documentation

                                        News

                                        • Media Coverage
                                        • Press
                                        • Events

                                        Resources

                                        • Blog
                                        • FAQ
                                        • Find a Partner
                                        • Resource Library
                                        • Security Information

                                        Company

                                        • About Us
                                        • Careers
                                        • Partners
                                        • Contact Us
                                        • Legal
                                        Our Mission

                                        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                        Subscribe to our Newsletter

                                        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                        © 2021 Rubicon Communications, LLC | Privacy Policy