Applies to: Centrify OpenSSH
How to configure Centrify OpenSSH for X11 forwarding?
In order to configure ssh
to do X11 forwarding, the following settings need to be applied in the ssh config files:
- In /etc/centrifydc/ssh/sshd_config
- Search for the following line:
- Change this to:
Add the following lines into be added in the ssh_config
file on the client side:
- ForwardX11 yes
- ForwardX11Trusted yes
Save the configurations, then reload ssh
and restart sshd
After a restart, the $DISPLAY
environment variable will be set and the needed .XAuthority
files will be created.Additional steps for Fedora Core 5 & higher / RHEL 5 & higher / CentOS 5 or higher
Either create a link to /usr/bin/xauth
- cd /usr/X11R6/bin
- ln -s /usr/bin/xauth xauth
Or add the following configuration:
Additional steps for Solaris 9, 10:
- XAuthLocation /usr/bin/xauth
- Edit /etc/centrifydc/ssh/sshd_config and configure the line to listen on:
- In the startup script, change the startup line for 'ssh' to start with 'sshd -4'
- Stop and restart the Centrify sshd service.
- ssh -X should now work.
- This is a known issue with stock Solaris SSH as well.
- There is no official fix available at this time.
- Bug 6704823 Fix for 6684003 prevents ssh from X forwarding on IPv4-only system, was filed with Solaris/ssh:
Workaround for stock SSH (not Centrify)
- Add the lo0 interface for IPv6, for example:
- ifconfig lo0 inet6 plumb up
- To make this change permanent, run:
- Disable IPv6 ssh support and change ListenAddress to 0.0.0.0 in /etc/ssh/sshd_config, then restart sshd with the "-4" option. For example:
- svcadm -v disable ssh
- /usr/lib/ssh/sshd -4