Archive for August, 2012

X11 Forwarding problems with Ubuntu 10.04 when IPV6 disabled

Thursday, August 30th, 2012

I had problem hunting down a “Error: Can’t open display:” bug with X11 forwarding today. There were many fixes suggested online but none that solved my problem. Assuming you have setup X11 forwarding on the remote machine end (i.e. /etc/ssh/sshd_config) has entries such as:


X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes

Logging in to this remote machine from a local PC/MAC with ssh -X or ssh -Y should work. Wrong (for me). Here is what I saw happen on Ubuntu 10.04 and Ubuntu 10.10 because I had IPv6 disabled.


$xclock
Error: Can’t open display:

I decided to verify whether the request was being indeed passed on to the Remote_computer by turning on the debug messages with -v.

From Local Machine:

$ssh -v

I saw this among many other debug lines:


debug1: Requesting X11 forwarding with authentication spoofing.

Looks good. So, what’s the problem?

At Remote Machine:


$ vi /var/log/auth.log

I saw this at the bottom of the log pile.


Aug 30 19:03:40 sshd[2306]: error: Failed to allocate internet-domain X11 display socket.

Hmm, it turns out that the daemon was unable to create a display socket. Why? I had disabled IPv6
on the remote machine in some other context. You can verify if this is the case with you by:


cat /proc/sys/net/ipv6/conf/all/disable_ipv6

A return value of 0 means IPv6 is enabled, a value of 1 means disabled.

I had disabled ipv6 earlier by the following changes in /etc/sysctl.conf


#disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Simple solution. On Remote Machine, we have to explicitly say that we want to bind to the IPv4 family.


$sudo vi /etc/ssh/sshd_config

AddressFamily inet
Port 22


That’s what was needed. service sudo ssh restart didn’t do the trick. I simply restarted the machine and tried again.