Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-0366: How to configure Centrify OpenSSH for X11 forwarding

Centrify DirectAudit ,   Centrify DirectControl ,  

12 April,16 at 11:06 AM

Applies to: Centrify OpenSSH

Question:

How to configure Centrify OpenSSH for X11 forwarding?


Answer:

In order to configure ssh to do X11 forwarding, the following settings need to be applied in the ssh config files:
  • In /etc/centrifydc/ssh/sshd_config
  • Search for the following line:
    • #X11Forwarding no
  • Change this to:
    • X11Forwarding yes

Add the following lines into be added in the ssh_config file on the client side:
  • ForwardX11 yes
  • ForwardX11Trusted yes

Save the configurations, then reload ssh and restart sshd.

After a restart, the $DISPLAY environment variable will be set and the needed .XAuthority files will be created.



Additional steps for Fedora Core 5 & higher / RHEL 5 & higher / CentOS 5 or higher:

Either create a link to /usr/bin/xauth by running:
  • cd /usr/X11R6/bin
  • ls
  • ln -s /usr/bin/xauth xauth

Or add the following configuration:
  • XAuthLocation /usr/bin/xauth


Additional steps for Solaris 9, 10:
  1. Edit /etc/centrifydc/ssh/sshd_config and configure the line to listen on:
    • 0.0.0.0
  2. In the startup script, change the startup line for 'ssh' to start with 'sshd -4'
  3. Stop and restart the Centrify sshd service.
  4. ssh -X should now work.


Additional Notes:

Workaround for stock SSH (not Centrify)
  • Add the lo0 interface for IPv6, for example:
    • ifconfig lo0 inet6 plumb up
  • To make this change permanent, run:
    • touch /etc/hostname6.lo0
  • Disable IPv6 ssh support and change ListenAddress to 0.0.0.0 in /etc/ssh/sshd_config, then restart sshd with the "-4" option. For example:
    • svcadm -v disable ssh
    • /usr/lib/ssh/sshd -4

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.