Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-0366: How to configure Centrify OpenSSH for X11 forwarding

Centrify DirectAudit ,   Centrify DirectControl ,  

12 April,16 at 11:06 AM

Applies to: Centrify OpenSSH


How to configure Centrify OpenSSH for X11 forwarding?


In order to configure ssh to do X11 forwarding, the following settings need to be applied in the ssh config files:
  • In /etc/centrifydc/ssh/sshd_config
  • Search for the following line:
    • #X11Forwarding no
  • Change this to:
    • X11Forwarding yes

Add the following lines into be added in the ssh_config file on the client side:
  • ForwardX11 yes
  • ForwardX11Trusted yes

Save the configurations, then reload ssh and restart sshd.

After a restart, the $DISPLAY environment variable will be set and the needed .XAuthority files will be created.

Additional steps for Fedora Core 5 & higher / RHEL 5 & higher / CentOS 5 or higher:

Either create a link to /usr/bin/xauth by running:
  • cd /usr/X11R6/bin
  • ls
  • ln -s /usr/bin/xauth xauth

Or add the following configuration:
  • XAuthLocation /usr/bin/xauth

Additional steps for Solaris 9, 10:
  1. Edit /etc/centrifydc/ssh/sshd_config and configure the line to listen on:
  2. In the startup script, change the startup line for 'ssh' to start with 'sshd -4'
  3. Stop and restart the Centrify sshd service.
  4. ssh -X should now work.

Additional Notes:

Workaround for stock SSH (not Centrify)
  • Add the lo0 interface for IPv6, for example:
    • ifconfig lo0 inet6 plumb up
  • To make this change permanent, run:
    • touch /etc/hostname6.lo0
  • Disable IPv6 ssh support and change ListenAddress to in /etc/ssh/sshd_config, then restart sshd with the "-4" option. For example:
    • svcadm -v disable ssh
    • /usr/lib/ssh/sshd -4

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.