When I ssh into a remote server that's not running any type of X11 desktop environment I get the following message.
$ ssh user@server
X11 forwarding request failed
$ ssh user@server ls
X11 forwarding request failed on channel 1
file1
file2
...
How can I get rid of these messages?
Best Answer
These messages can be eliminated through 1 of 3 methods, using just SSH options. You can always send messages to
/dev/null
too but these methods try to deal with the message through configuration, rather than just trapping and dumping them.Method #1 - install xauth
The server you're remoting into is complaining that it cannot create an entry in the user's
.Xauthority
file, becausexauth
is not installed. So you can install it on each server to get rid of this annoying message.On Fedora 19 you install
xauth
like so:If you then attempt to
ssh
into the server you'll see a message that an entry is being created in the user's.Xauthority
file.Subsequent logins will no longer show this message.
Method #2 - disable it via ForwardX11
You can instruct the
ssh
client to not attempt to enable X11 forwarding by inclusion of the SSH parameter ForwardX11.You can do the same thing with the
-x
switch:This will only temporarily disable this message, but is a good option if you're not able to or unwilling to install
xauth
on the remote server.Method #3 - disable it via sshd_config
This is typically the default but in case it isn't, you can setup your
sshd
server so that X11Forwarding is off, in/etc/ssh/sshd_config
.Of the 3 methods I generally use #2, because I'll often want
X11Forwarding
on for most of my servers, but then don't want to see theX11....
warnings$HOME/.ssh/config
Much of the time these message won't even show up. They're usually only present when you have the following entries in your
$HOME/.ssh/config
file, at the top.So it's this setup, which is ultimately driving the generation of those
X11..
messages, so again, method #2 would seem to be the most appropriate if you want to operate withForwardX11 yes
on by default, but then selectively disable it for certain connections from thessh
client's perspective.Security
It's generally ill-advised to run with
ForwardX11 yes
on at all times. So if you're wanting to operate your SSH connections in the most secure manor possible, it's best to do the following:ForwardX11 yes
in your$HOME/.ssh/config
filessh -X user@server
X11Forwarding
completely on the server so it's disallowedReferences