Just a quick tip.
If you’ve ever tried to run sshd with the option
X11UseLocalhost set to
no (e.g. in a cluster environment where interactive jobs running not on the login node should be able to display something), you might have observed that X11 forwarding suddenly stops working.
And although the
DISPLAY variable is set accordingly and
xauth list shows that authentication tokens are present, X clients still can’t connect:
hristo@cn001:~$ echo $DISPLAY cn001:10.0 hristo@cn001:~$ xauth list cn001.local:10 MIT-MAGIC-COOKIE-1 0123... hristo@cn001:~$ xterm xterm Xt error: Can't open display: cn001:10.0
And it’s even worse:
hristo@cn001:~$ telnet cn001 6010 Trying 10.1.1.1... telnet: Unable to connect to remote host: Connection refused
The root of the problem stems from the fact that sshd usually binds only to the first address family it finds in the system and if your system has IPv6 enabled (e.g. the default on Ubuntu Server 7.10) it ends up binding only a tcp6 socket (and the X11 client library tries to establish a regular TCP connection):
hristo@cn001:~$ netstat -an | grep 6010 tcp6 0 0 :::6010 :::* LISTEN
In order to fix this you can either disable IPv6 in the kernel or simply add the following option to /etc/ssh/sshd_config:
After you restart the SSH server it will no longer use IPv6 and will start binding its X11 proxy listeners to the usual IPv4 INADDR_ANY of 0.0.0.0.