Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-0366: How to configure Centrify OpenSSH for X11 forwarding

Authentication Service ,  

12 April,16 at 11:06 AM

Question:

How to configure Centrify OpenSSH for X11 forwarding?


Answer:

Server Side:
In order to configure ssh to do X11 forwarding, the following settings need to be applied in the sshd config files:
  • In /etc/centrifydc/ssh/sshd_config
  • Search for the following line:
    • #X11Forwarding no
  • Change this to:
    • X11Forwarding yes
Client Side:
Linux:
Add the following lines into be added in the ssh_config file on the client side:
  • ForwardX11 yes
  • ForwardX11Trusted yes
Save the configurations, then restart sshd.

After a restart, the $DISPLAY environment variable will be set and the needed .XAuthority files will be created.


Additional steps for Fedora Core / RHEL  / CentOS:

Either create a link to /usr/bin/xauth by running:
  • cd /usr/X11R6/bin
  • ls
  • ln -s /usr/bin/xauth xauth

Or add the following configuration:
  • XAuthLocation /usr/bin/xauth

Additional steps for Solaris:
  1. Edit /etc/centrifydc/ssh/sshd_config and configure the line to listen on:
    • 0.0.0.0
  2. In the startup script, change the startup line for 'ssh' to start with 'sshd -4'
  3. Stop and restart the Centrify sshd service.
  4. ssh -X should now work.
Windows:
Download and install Xming X server for Windows: PuTTY Client:
  • Check the following box on Putty client: Connection -> SSH -> X11 -> "Enable X11 forwarding"


Additional Notes:
Workaround for stock SSH (not Centrify)
  • Add the lo0 interface for IPv6, for example:
    • ifconfig lo0 inet6 plumb up
  • To make this change permanent, run:
    • touch /etc/hostname6.lo0
  • Disable IPv6 ssh support and change ListenAddress to 0.0.0.0 in /etc/ssh/sshd_config, then restart sshd with the "-4" option. For example:
    • svcadm -v disable ssh
    • /usr/lib/ssh/sshd -4
Centrify Corporation does not take any responsibility for the content or availability of the links in this article and it was provided as a courtesy.  Customers should contact the vendor if there are any further questions.
 

Related Articles

 articleKB-6694: Does CVE-2016-3115 affect Centrify-Enabled OpenSSH? articleKB-1179: X11 Forwarding fails with Centrify OpenSSH 5.0 & Solaris articleKB-3549: How to enable X11 Forwarding to allow XStart on OpenText Exceed to establish ssh connection article[HOWTO] Configure Squid Proxy for Kerberos Authentication Using Centrify's keytabs articleKB-7691: SSH -X fails, X11Forwarding articleKB-2526: Cannot create consistently forwardable Kerberos tickets using Centrify OpenSSH articleKB-4607: How to configure stock OpenSSH for PAM on AIX articleKB-8073: What configuration is needed to not create unique kerberos cache file from SSH SSO ticket forwarding articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS