x forwarding issue

Question

Level 1

5 points

x forwarding issue

I'm using MacBook Pro with M2 Pro, Ventura 13.4.1.

I'm trying to ssh to linux PC. So from my mac to linux.

I installed XQuartz 2.8.3.

'xclock' works on XQuartz terminal (before ssh). Right click XQuartz -> Applications -> terminal. 'xclock' works. I also tried sshing on this terminal and 'xclock' also works on linux side terminal. Of course it also works after ssh.

However, 'xclock' doesn't work in my mac terminal.

When I type 'xclock' (before ssh), output is: "Error: Can't open display: /private/tmp/com.apple.launchd.Su4Z2M2fv2/org.xquartz:0"

'echo $DISPLAY' gives me "/private/tmp/com.apple.launchd.Su4Z2M2fv2/org.xquartz:0"

In my mac terminal after ssh, when I type 'xclock', it gives me

"connect /private/tmp/com.apple.launchd.Su4Z2M2fv2/org.xquartz:0: Connection refused

Error: Can't open display: localhost:12.0"

I also tried editing 'etc/ssh/ssh_config' file. I made this modification:

ForwardAgent yes

ForwardX11 yes

It was like this before:

# ForwardAgent no

# ForwardX11 no

Any help is appreciated!! Thanks!

MacBook Pro 14″, macOS 13.4

Posted on Jul 20, 2023 7:32 AM

Reply

Answer 1

Jul 20, 2023 10:39 AM in response to komenge

I am afraid this is beyond my expertise.

As far as I can tell, xclock is not present in my mac.

It can be installed via macports, apparently.

You write "mac terminal" several times, and I was assuming, in the absence of other reference, that you meant the Terminal application, built-in to every mac, that lives in /Applications/Utilities.

Were you instead talking about the terminal from XQuartz? My understanding is that xclock should work in the latter, but not the former.

Reply

Answer 2

etresoft

Level 9

50,446 points

Jul 20, 2023 12:16 PM in response to komenge

What changes have you made to your configuration? Please be specific.

Have you installed anything like Homebrew, MacPorts, Fink, etc? If so, you will likely have to erase your hard drive and reinstall the operating system. It is very common for people to install these tools and then be unable to run any basic unix commands afterwards.

Currently, I'm using a relatively new MBA that I recently purchased. I'm in a car on the freeway. (I'm not driving). I just downloaded the XQuartz package and installed it. Then I used the "ssh -Y" command as described by BobHarris above. It works perfectly. I'm able to connect to my Linux server and run Firefox. The only thing that could make such a simple process fail is Homebrew.

Reply

Answer 3

Jul 20, 2023 8:34 AM in response to komenge

I have not use XQuartz in many years, but it seems pretty clear to me what is happening. You are trying to use an X-Windows program; that would work in XQuartz, but not in the built-in Mac's Terminal application.

EDIT: of course, I may have completely misunderstood the issue... in which case, please elaborate.

Reply

Answer 4

komenge Author

Level 1

5 points

Jul 20, 2023 9:21 AM in response to Luis Sequeira1

Hi Luis,

thanks for the reply.

When you say X-Windows, you mean 'xclock'?

I'm using 'xclock' to see if x forwarding is working or not. I thought 'xclock' is widely used as a sort of test case to check x forwarding connections.

The main issue is that x forwarding is not working when I ssh from my mac to a Linux PC.

Sorry for the confusion.

Reply

Answer 5

komenge Author

Level 1

5 points

Jul 20, 2023 10:47 AM in response to Luis Sequeira1

Hi Luis,

Sorry for the confusion.

What I mean by "mac terminal" is, as you said, the one lives in /Applications/Utilities.

I'm testing 'xclock' on both "mac terminal" and Xquartz's terminal.

Yes, I don't think "xclock" is installed on mac by default. But, to my understanding, once we install XQuartz, "xclock" command should work because, I think, it's XQuartz that helps run "xclock"?

Thank you for the help Luis.

Reply

Answer 6

BobHarris

Level 9

54,935 points

Jul 20, 2023 10:51 AM in response to Luis Sequeira1

/opt/X11/bin/xclock

Not sure if it is always there, or if it comes with XQuartz, but you do not need MacPorts to get xclock.

When I want to connect to a Linux system, and send X11 back to my Mac, I do the following:

ssh -Y username@linux.system.address

The -Y establishes a X11 tunnel back to the Mac, and it sets up the DISPLAY environment variable on the Linux system with localhost:10.0 (or it could be localhost:11.0, etc...)

On my Linux system I find xclock at

/bin/xclock

If I invoke xclock on the Linux system, it will appear on my Mac.

Or xterm, or a whole host of other X11 based commands and utilities on my Linux system, and have them appear back on my Mac.

NOTE: I tend to not do any heavy duty X11 work with the display sent back to my Mac, as the Linux systems I use are 2,000 miles away, and the latency with X11 is poor. A local Ethernet accessible Linux system will have good latency, so it may not be an issue for you. I will use a TigerVNC session if I have to do a lot of X11 work on a Linux system. But personally, I do all my Linux work via iTerm2 terminal emulator on the Mac, ssh'ed into the Linux system, using tmux to keep my Linux sessions alive when my ssh disconnects, Vim for editing, and other command line tools and utilities (I help develop a proprietary Linux file system for my employer).

Reply

Answer 7

komenge Author

Level 1

5 points

Jul 20, 2023 11:09 AM in response to BobHarris

Hi Bob,

Thanks for the reply. I think I saw one of your posts about the issue related to this.

After I ssh to a Linux PC from my mac (following your command) and type "xclock" on the mac terminal, I get this:

connect /private/tmp/com.apple.launchd.DThrXUoAdi/org.xquartz:0: Connection refused
Error: Can't open display: localhost:12.0

Note that X forwarding works fine on XQuartz's terminal.

Do you mind sharing the configuration of your

/etc/ssh/ssh_config , /etc/ssh/sshd_config, /.ssh/config

files?

I'm not sure if this is expected but, at first, all the lines were commented out except one or two in all the files (except /.ssh/config. This file's configuration was set up when I sshed on vscode I think) in my case.

These are mine.

sshd_config

#   $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $


# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.


# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin


# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.


# This Include directive is not part of the default sshd_config shipped with
# OpenSSH. Options set in the included configuration files generally override
# those that follow.  The defaults only apply to options that have not been
# explicitly set.  Options that appear multiple times keep the first value set,
# unless they are a multivalue option such as HostKey.
Include /etc/ssh/sshd_config.d/*


#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::


#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key


# Ciphers and keying
#RekeyLimit default none


# Logging
#SyslogFacility AUTH
#LogLevel INFO


# Authentication:


#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10


#PubkeyAuthentication yes


# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile  .ssh/authorized_keys


#AuthorizedPrincipalsFile none


#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody


# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes


# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no


# Change to no to disable s/key passwords
#KbdInteractiveAuthentication yes


# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no


# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes


# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
#UsePAM no


#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none


# no default banner path
#Banner none


# override default of no subsystems
#Subsystem  sftp    /usr/libexec/sftp-server


# Example of overriding settings on a per-user basis
#Match User anoncvs
#   X11Forwarding no
#   AllowTcpForwarding no
#   PermitTTY no
#   ForceCommand cvs server


# XAuthLocation added by XQuartz (https://www.xquartz.org)
XAuthLocation /opt/X11/bin/xauth

Reply

Answer 8

komenge Author

Level 1

5 points

Jul 20, 2023 11:09 AM in response to komenge

ssh_config

#   $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $


# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.


# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.


# This Include directive is not part of the default ssh_config shipped with
# OpenSSH. Options set in the included configuration files generally override
# those that follow.  The defaults only apply to options that have not been
# explicitly set.  Options that appear multiple times keep the first value set,
# unless they are a multivalue option such as IdentityFile.
Include /etc/ssh/ssh_config.d/*


# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.


Host *
    ForwardAgent yes
    ForwardX11 yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
    AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k
Host *
    SendEnv LANG LC_*


# XAuthLocation added by XQuartz (https://www.xquartz.org)
Host *
    XAuthLocation /opt/X11/bin/xauth
    ForwardX11 yes

Reply

Answer 9

komenge Author

Level 1

5 points

Jul 20, 2023 12:25 PM in response to etresoft

Hi etresoft,

thanks for the reply.

It's x forwarding that's not working in my case. ssh works.

when you run "xclock" or "xeyes", do they work? do they pop up linux windows on your MBA?

Thanks for the help

EDIT: oh you said you can run Firefox. Ok. That means you can see Linux Firefox window on your MBA. Thanks.

Reply

Answer 10

BobHarris

Level 9

54,935 points

Jul 20, 2023 1:19 PM in response to komenge

I DO NOT touch my ssh_config on my Mac, and I DO NOT touch my sshd_config file on my Linux system.

In my Mac $HOME/.ssh/config file I DO NOT say anything about ForwardX11 or anything related to X11.

The ssh -Y command handles all the setup X11 setup between myMac and my Linux system.

Do you use tmux or GNU screen on your Linux system? If you do, then the DISPLAY environment variable may be stale and not represent the value established by the current ssh connection.

After ssh -Y to my Linux system, xclock on my Linux system displays on my Mac.

xeyes from Linux to Mac works.

xterm from Linux to Mac works.

gvim from Linux to Mac works.

And local to the Mac, xclock, xeyes, xterm, etc... work as well. These are located in the /opt/X11/bin/ directory.

I do not use many X11 apps on Windows. I mostly use it because my company has a X11 based source code merge conflict resolution X11 GUI that I need to display when merging code on the Linux system. Otherwise, I prefer not using X11 based apps.

Reply

Answer 11

komenge Author

Level 1

5 points

Jul 20, 2023 1:14 PM in response to BobHarris

Hi Bob,

Appreciate your reply.

Just a quick check.

Do you use xterm (XQuartz terminal) for x forwarding? or mac built-in terminal? So, for example, when you tested "xclock", did you test it on xterm or mac's built-in terminal?

Reply

Answer 12

BobHarris

Level 9

54,935 points

Jul 20, 2023 1:26 PM in response to komenge

I do not use xterm in general.

From macOS Terminal (or in my case iTerm2), I issue the

ssh -Y user@remote.linux.system.address

Then I can invoke any of the X11 based programs on Linux, with the display returning to my Mac.

As an experiment, I did start a local macOS xterm, and then invoked xclock, xeyes and xterm locally, and they all started local to the Mac.

Next stage of the experiment, from the local xterm, I issued

ssh -Y user@remote.linux.system.address

And from my Linux system I started xclock, xeyes, and xterm, all of which appeared on my Mac with the programs running on Linux.

However, I do not really use xterm, as I much prefer iTerm2 running on my Mac, and using ssh to my Linux system and doing all my work without any X11 involved. As I said, I only fire up X11 when I have to do a source code merge, and the company conflict resolution tool uses X11.

Reply