X client forwarded over SSH "cannot open display: localhost:11.0"

Question

I have enabled X forwarding on remote machine where SSH server is running:

# grep -i forward /etc/ssh/sshd_config 
X11Forwarding yes
#

On local machine, I have started SSH client with -X flag which instructs the SSH server, running on remote machine, to set up a X-server proxy. In addition, it creates the $DISPLAY variable which points to this proxy and calls the xauth to install a proxy key which authenticates to this X-server proxy on remote machine:

# echo "$DISPLAY"
localhost:11.0
# xauth list | grep 11
A58/unix:11  MIT-MAGIC-COOKIE-1  39324086672d1ae35e373476c3891a77
#

However, X clients on remote machine do not start properly:

# wireshark 

(wireshark:10083): Gtk-WARNING **: cannot open display: localhost:11.0
# xterm
Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
xterm: Xt error: Can't open display: %s
#

X forwarding doesn't use xhost so at least this can be excluded. I tried to find some useful log entries both on machine where SSH server is running and machine where SSH client is running with find /var/log/ -mmin -5 -type f command, but this did not give any hints. SSH server version is OpenSSH_5.9p1 and SSH client version is OpenSSH_5.2p1. Output of /tmp/.X11-unix/ directory on remote machine can be seen below:

# ls -la /tmp/.X11-unix/
total 0
drwxrwxrwt 2 root root 40 Dec  9 15:44 .
drwxrwxrwt 4 root root 80 Jan 13 09:17 ..
#

As seen above, there are no Unix domain sockets there. Output of strace xterm is following:

# strace xterm 
execve("/usr/bin/xterm", ["xterm"], [/* 16 vars */]) = 0
brk(0)                                  = 0x9e50000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bd000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=42995, ...}) = 0
mmap2(NULL, 42995, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77b2000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXft.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\3604\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=82952, ...}) = 0
mmap2(NULL, 85732, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb779d000
mmap2(0xb77b1000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13) = 0xb77b1000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXaw.so.7", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\327\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=428900, ...}) = 0
mmap2(NULL, 432592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7733000
mmap2(0xb7796000, 28672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x62) = 0xb7796000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/libutempter.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\6\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=4572, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7732000
mmap2(NULL, 7432, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7730000
mmap2(0xb7731000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xb7731000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libtinfo.so.5", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0Pd\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=125416, ...}) = 0
mmap2(NULL, 129100, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7710000
mmap2(0xb772d000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c) = 0xb772d000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/i686/cmov/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240o\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1413288, ...}) = 0
mmap2(NULL, 1427832, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb75b3000
mprotect(0xb7709000, 4096, PROT_NONE)   = 0
mmap2(0xb770a000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x156) = 0xb770a000
mmap2(0xb770d000, 10616, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb770d000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libfontconfig.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300J\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=215828, ...}) = 0
mmap2(NULL, 219492, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb757d000
mmap2(0xb75b1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x33) = 0xb75b1000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libX11.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240g\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=1273544, ...}) = 0
mmap2(NULL, 1277496, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7445000
mmap2(0xb7579000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x133) = 0xb7579000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXmu.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200N\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=102028, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7444000
mmap2(NULL, 101644, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb742b000
mmap2(0xb7443000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0xb7443000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXt.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\315\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=380284, ...}) = 0
mmap2(NULL, 380628, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb73ce000
mmap2(0xb7427000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x59) = 0xb7427000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libICE.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300:\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=92148, ...}) = 0
mmap2(NULL, 102224, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb73b5000
mmap2(0xb73cb000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xb73cb000
mmap2(0xb73cd000, 3920, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb73cd000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libfreetype.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\202\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=632928, ...}) = 0
mmap2(NULL, 635732, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7319000
mmap2(0xb73b0000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x96) = 0xb73b0000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXrender.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\25\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=35744, ...}) = 0
mmap2(NULL, 38540, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb730f000
mmap2(0xb7318000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0xb7318000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXext.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`,\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=70320, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb730e000
mmap2(NULL, 73416, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72fc000
mmap2(0xb730d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10) = 0xb730d000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXpm.so.4", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P%\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=67776, ...}) = 0
mmap2(NULL, 66460, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72eb000
mmap2(0xb72fb000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10) = 0xb72fb000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libz.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\32\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=90192, ...}) = 0
mmap2(NULL, 92868, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72d4000
mmap2(0xb72ea000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xb72ea000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libexpat.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@#\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=165192, ...}) = 0
mmap2(NULL, 167996, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb72aa000
mprotect(0xb72d0000, 4096, PROT_NONE)   = 0
mmap2(0xb72d1000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26) = 0xb72d1000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libxcb.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\221\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=136968, ...}) = 0
mmap2(NULL, 139728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7287000
mmap2(0xb72a8000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x20) = 0xb72a8000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/i686/cmov/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\n\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=9844, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7286000
mmap2(NULL, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7282000
mmap2(0xb7284000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7284000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libSM.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \26\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=28320, ...}) = 0
mmap2(NULL, 31120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb727a000
mmap2(0xb7281000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0xb7281000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXau.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\n\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=8592, ...}) = 0
mmap2(NULL, 11384, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7277000
mmap2(0xb7279000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7279000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/i386-linux-gnu/libXdmcp.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\17\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=19364, ...}) = 0
mmap2(NULL, 22144, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7271000
mmap2(0xb7276000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4) = 0xb7276000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/libuuid.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\22\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=17992, ...}) = 0
mmap2(NULL, 20716, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb726b000
mmap2(0xb726f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0xb726f000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb726a000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7269000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7269700, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb726f000, 4096, PROT_READ)   = 0
mprotect(0xb7284000, 4096, PROT_READ)   = 0
mprotect(0xb72a8000, 4096, PROT_READ)   = 0
mprotect(0xb72d1000, 8192, PROT_READ)   = 0
mprotect(0xb73b0000, 16384, PROT_READ)  = 0
mprotect(0xb7427000, 4096, PROT_READ)   = 0
mprotect(0xb75b1000, 4096, PROT_READ)   = 0
mprotect(0xb770a000, 8192, PROT_READ)   = 0
mprotect(0xb772d000, 8192, PROT_READ)   = 0
mprotect(0x80a9000, 4096, PROT_READ)    = 0
mprotect(0xb77db000, 4096, PROT_READ)   = 0
munmap(0xb77b2000, 42995)               = 0
geteuid32()                             = 0
getegid32()                             = 0
getuid32()                              = 0
getgid32()                              = 0
setuid32(0)                             = 0
brk(0)                                  = 0x9e50000
brk(0x9e71000)                          = 0x9e71000
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
open("/proc/meminfo", O_RDONLY)         = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "MemTotal:        2039468 kB\nMemF"..., 1024) = 1024
close(3)                                = 0
munmap(0xb77bc000, 4096)                = 0
socket(PF_NETLINK, SOCK_RAW, 0)         = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=16008, groups=00000000}, [12]) = 0
time(NULL)                              = 1389599545
sendto(3, "\24\0\0\0\26\0\1\0039\233\323R\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0009\233\323R\210>\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 164
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0009\233\323R\210>\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 320
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0009\233\323R\210>\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(3)                                = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3)                                = 0
open("/etc/nsswitch.conf", O_RDONLY)    = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=475, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 475
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0xb77bc000, 4096)                = 0
open("/etc/host.conf", O_RDONLY)        = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=9, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "multi on\n", 4096)             = 9
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0xb77bc000, 4096)                = 0
getpid()                                = 16008
open("/etc/resolv.conf", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=108, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "domain data.ee\nsearch data.ee li"..., 4096) = 108
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0xb77bc000, 4096)                = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=42995, ...}) = 0
mmap2(NULL, 42995, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77b2000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/i386-linux-gnu/i686/cmov/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\32\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=42628, ...}) = 0
mmap2(NULL, 45768, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb725d000
mmap2(0xb7267000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9) = 0xb7267000
close(3)                                = 0
mprotect(0xb7267000, 4096, PROT_READ)   = 0
munmap(0xb77b2000, 42995)               = 0
open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=256, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bc000
read(3, "127.0.0.1\tlocalhost\n127.0.1.1\tTh"..., 4096) = 256
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0xb77bc000, 4096)                = 0
socket(PF_INET, SOCK_STREAM|SOCK_CLOEXEC, IPPROTO_TCP) = 3
setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0
setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(6011), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ETIMEDOUT (Connection timed out)
close(3)                                = 0
open("/usr/lib/i386-linux-gnu/X11/XtErrorDB", O_RDONLY) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
getuid32()                              = 0
write(2, "Warning: This program is an suid"..., 302Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
) = 302
write(2, "xterm: ", 7xterm: )                  = 7
write(2, "Xt error: Can't open display: %s"..., 33Xt error: Can't open display: %s
) = 33
exit_group(1)                           = ?
#

strace xterm hangs for 60 seconds after printing the line below:

connect(3, {sa_family=AF_INET, sin_port=htons(6011), sin_addr=inet_addr("127.0.0.1")}, 16

EDIT: after allowing connections from 127.0.0.0/8 to 127.0.0.0/8, I was able to pass the connect system call and now the issue seems to be an invalid MIT-MAGIC-COOKIE-1 key:

connect(3, {sa_family=AF_INET, sin_port=htons(6010), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
getpeername(3, {sa_family=AF_INET, sin_port=htons(6010), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
uname({sys="Linux", node="ThinkCentreA58", ...}) = 0
access("/root/.Xauthority", R_OK)       = 0
open("/root/.Xauthority", O_RDONLY)     = 4
fstat64(4, {st_mode=S_IFREG|0600, st_size=522, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7726000
read(4, "\0\0\0\4\177\0\0\1\0\0041000\0\22MIT-MAGIC-COOKIE"..., 4096) = 522
read(4, "", 4096)                       = 0
close(4)                                = 0
munmap(0xb7726000, 4096)                = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(37220), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
poll([{fd=3, events=POLLIN|POLLOUT}], 1, -1) = 1 ([{fd=3, revents=POLLOUT}])
writev(3, [{"l\0\v\0\0\0\22\0\20\0\0\0", 12}, {"", 0}, {"MIT-MAGIC-COOKIE-1", 18}, {"\0\0", 2}, {"I%f9\331-f\f\235i\321\354:a~\341", 16}, {"", 0}], 6) = 48
recv(3, 0x94b0ec8, 8, 0)                = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=3, events=POLLIN}], 1, -1)    = 1 ([{fd=3, revents=POLLIN}])
recv(3, "\0\36\v\0\0\0\10\0", 8, 0)     = 8
recv(3, "Invalid MIT-MAGIC-COOKIE-1 key\0\0", 32, 0) = 32
write(2, "Invalid MIT-MAGIC-COOKIE-1 key", 30Invalid MIT-MAGIC-COOKIE-1 key) = 30
shutdown(3, 2 /* send and receive */)   = 0
close(3)                                = 0
open("/usr/lib/i386-linux-gnu/X11/XtErrorDB", O_RDONLY) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
geteuid32()                             = 0
getuid32()                              = 0
write(2, "Warning: This program is an suid"..., 302Warning: This program is an suid-root program or is being run by the root user.
The full text of the error or warning message cannot be safely formatted
in this environment. You may get a more descriptive message by running the
program as a non-root user or by removing the suid bit on the executable.
) = 302
write(2, "xterm: ", 7xterm: )                  = 7
write(2, "Xt error: Can't open display: %s"..., 33Xt error: Can't open display: %s
) = 33
exit_group(1)                           = ?
#

Any ideas how to proceed with troubleshooting?

@Faheem Mitha yes. Example with xterm can be seen in my initial post. — Martin, Jan 10 '14 at 09:16
Sorry, Martin. I must be going blind. Note, you can add a per host instruction ForwardX11 yes, in .ssh/config. Did you make sure to restart the remote server after changing the file? ` — Faheem Mitha, Jan 10 '14 at 09:27
I never had to deal with problems like that, but when I ask my machines to xauth list I always get two similar entries of the form <hostname>:<display> and <hostname>/unix:<display> you seem to have only a /unix entry. Maybe your xproxy is not listening on <hostname>:<display>? — Bananguin, Jan 10 '14 at 09:30
The # suggests you are logging in as root. If that is true, why? — Faheem Mitha, Jan 10 '14 at 09:36
@Faheem Mitha Yes, the SSH server was restarted after enabling X11 forwarding. The remote machine has no other users than root. @Bananguin you see only the /unix entry because I pipe the output of xauth list to grep. — Martin, Jan 10 '14 at 10:46
Sometimes root is treated differently than other users. If possible, test with a normal user. In any case, doing things as root if you don't have to is generally a bad idea. — Faheem Mitha, Jan 10 '14 at 11:47
Also try using ssh -Y instead of ssh -X, that might help you get around authentication issues. — terdon, Jan 10 '14 at 12:18
@FaheemMitha I created a non-root user to a machine where SSH server is running and logged in to SSH server with this non-root user, but unfortunately this did not change anything. @terdon I tried with ssh -Y, but this did not help. I still receive the cannot open display error-message. — Martin, Jan 10 '14 at 15:45
Martin, is this machine different from the machine you tried originally? Regardless, can you reproduce this problem on sshing to multiple machines? If so, the problem is likely local (on your machine). — Faheem Mitha, Jan 10 '14 at 15:56
@FaheemMitha Problem is probably on remote machine where SSH server is running as X forwarding over SSH works with other remote machines. This problematic remote machine differs from other remote machines in a way that it does not have X server running. It's a headless server. However, this shouldn't be a problem, should it? — Martin, Jan 10 '14 at 18:30
Post the output of strace xterm and ls -la /tmp/.X11-unix/ — Gilles 'SO- stop being evil', Jan 10 '14 at 22:40
@Gilles I updated my initial post with output of strace xterm and ls -la /tmp/.X11-unix/. @Thorsten looks like the xeyes are not available in newer Debian releases. However, xterm can also be run as a root. — Martin, Jan 13 '14 at 08:36
Hmm, hanging on connect. Does netstat -lnt |grep :60 show anything from inside the SSH connection? Firewall? What does iptables -nvL say (as root)? — Gilles 'SO- stop being evil', Jan 13 '14 at 16:04
Adding the -v flag to ssh is often helpful in troubleshooting as well. — alanc, Jan 13 '14 at 21:27
Run sshd -d on the server side and post the output during ssh -X connect. — Nils, Jan 13 '14 at 22:03
@Gilles @alanc @Nils Once I added iptables -I INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT I was able to pass the connect system call. Thanks! However, X clients are still not able to connect to X server and this time it seems to be because of xauth("Invalid MIT-MAGIC-COOKIE-1 key"). I have updated my initial post with new strace xterm output. I have the MIT-MAGIC-COOKIE-1 corresponding to my $DISPLAY variable in xauth list on a remote machine. Is there a way to see, that this key is not the correct one? — Martin, Jan 15 '14 at 10:44
This normally happens automatically. Does it work if you connect to a non-root account? Is your home directory /home/username or something else (it matters for some security frameworks)? What distribution are you using? Do you have /etc/ssh/rc or ~/.ssh/rc (if you have them, they need to add the cookie manually)? — Gilles 'SO- stop being evil', Jan 15 '14 at 10:56
@Gilles X11 forwarding works if I start the SSH client under root user in local machine. If I start the SSH client under non-root user, I receive this "Invalid MIT-MAGIC-COOKIE-1 key" error. It doesn't matter if I connect to root or non-root account on remote machine. On local machine, my home directory is /home/username. I'm running FreeBSD on local machine and Debian on remote one. I don't have /etc/ssh/rc or ~/.ssh/rc files. I guess it's some sort of permissions issue? — Martin, Jan 15 '14 at 11:17
@Martin I don't see why any permissions would matter. Does it work if you create a fresh account? I presume other X applications work locally? Have you tried with no ~/.ssh/config? Is there any difference between ssh -X and ssh -Y? — Gilles 'SO- stop being evil', Jan 15 '14 at 12:37
@Gilles I tried with a fresh account, but it did not help. Local X clients work well. I don't have ~/.ssh/config file. There is no difference between ssh -X and ssh -Y. The only difference I see between root and non-root account is that right after the SSH connection establishment, there is a debug1: permanently_set_uid: 0/0 line printed if I start the SSH client under non-root user. — Martin, Jan 15 '14 at 16:23
What is DISPLAY locally: myhostname:0 or :0 (in the root case, and in the non-root case)? Does FreeBSD have some kind of security framework similar to SELinux and AppArmor on Linux that might prevent the SSH process from reading the local cookie or a firewall setting that would prevent it from connecting to the X server? Can you ktrace or dtrace the SSH client to see what kind of calls it makes (if any) when a remote application tries to open the display? (Beware if you post the trace: at the beginning, the client will be reading your key or password, be sure not to post that part.) — Gilles 'SO- stop being evil', Jan 15 '14 at 16:57
I remember having X display errors because of inconsistencies on the host name. Is A58 the only name of the remote host? — vinc17, Jul 06 '14 at 16:04
Check if the ssh daemon configuration on your server allows X11 forwarding. Check out how to figure that out and how to enable it: http://xmodulo.com/2012/11/how-to-enable-x11-forwarding-using-ssh.html. note that it also mentions installing xauth on the remote host. BTW can you open a ssh to localhost and forward X11 through it? — Fabio, Sep 10 '14 at 05:09

score 21 · Answer 1 · answered Jan 14 '14 at 17:49

21

This is the very basic way of how it should work:

On the client / local machine (Xorg installed on client) try this:

$ xhost +
access control disabled, clients can connect from any host

Later try:

$ ssh -AY user@host xterm

or

$ ssh -AX user@host xterm

With non standard clients xhost may be needed.

check 9.3.5.6. Nonstandard X clients

answered Jan 14 '14 at 17:49

nbari

616

2

As far as I know, xhost ACL is not even checked if X forwarding is done over SSH. – Martin Jan 15 '14 at 10:20
You are right, but for some reasons sometimes doesn't work as expected. you can also try this:
- X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes
more on: X-Forwarding
– nbari Jan 15 '14 at 10:27

score 13 · Answer 2 · answered Dec 22 '15 at 12:46

13

I had the same issue. Xauth was missing on remote.

sudo apt-get install xauth

solved the issue.

answered Dec 22 '15 at 12:46

MaWo

131

Thank you so much, I lost 2 hours of my life to this problem before you came along! – Andrew Brennan Apr 13 '17 at 14:45
The fact I have to manually install this on RHEL 7 seems obnoxious. – windfinder May 11 '17 at 21:19
My remote already has xauth, but I still can't access host's DISPLAY. I also tried setting AddressFamiy inet – Chelmite Aug 10 '22 at 23:55

Johann Klasek · Answer 3 · 2021-11-18T13:42:24.367

4

On my (standard) Ubuntu environment I got the xterm over ssh failure message "... suid-root program..." (see above), even with all the proper forwarding settings. This behavior went away a soon as sshd is configured to use only IPv4, because of an X11 forwarding bug in SSH if IPv6 on the system is disabled.

vi /etc/ssh/sshd_config
AddressFamily inet
service ssh reload

edited Nov 18 '21 at 13:42

answered Aug 26 '15 at 15:21

Johann Klasek

161

I have IPv6 disabled, so this worked like a champ! Thank you! – Terrance Feb 28 '17 at 20:37

score 4 · Answer 4 · answered Nov 11 '15 at 16:07

4

I edited

vim /etc/hosts

added the following lines

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

and my problem is fixed :)

answered Nov 11 '15 at 16:07

ahmet

160

I am using Debian "testing" and due to some updates my "hosts" file was changed. The line with the localhost entry was commented out. So your solution gave me the hint I needed. Thanks a lot. – Winnie Tigger May 18 '18 at 08:57

score 3 · Answer 5 · edited Sep 21 '18 at 17:31

First a point of debugging methodology, when you run xterm as root, it does not print any useful diagnostic messages, so when troubleshooting xterm do it as an ordinary user.

Now as to your problem, There Are two types of X11 forwarding, secure and privileged, and you probably did not enable ForwardX11Trusted yes. You don't need it on Debian and derivatives because they always enable it.

So some background on how we got here. X11 is not the most secure protocol. It was designed in friendlier times, and there have been a number of efforts to make it more secure over the years including running it through a secure shell tunnel. Tunneling X11 reduces almost all of X11's vulnerabilities. One that remains is the risk of displaying windows from untrusted systems. An effort was made to declare a safe subset of the protocol that would impede deployment of key-sniffers and similar. The project, although technically successful, has some real world challenges like the odd fact that finding programs that only use the safe subset is really hard because a lot of the disabled functionality is very handy, and since most people write for the local machine which has permission to use the full protocol there is little drive to create programs that work with the restricted subset.

The other possibility is that the X11 forwarding is only enabled on a specific host. The easiest way to check if this is the problem is to use the -Y flag with ssh to enable trusted X11 forwarding. If that solves it add both forward allow lines to the relevant host sections of your ssh config file.

score 2 · Answer 6 · edited Mar 08 '19 at 23:41

2

i was suffering from the same problem , working just fine after do the following

from the non-working terminal (root in my case) i set the display: export DISPLAY=':0' and you can add it in /etc/environment to make it permanent
from a working terminal (user terminal in my case) run xhost +local:

edited Mar 08 '19 at 23:41

Community

1

answered Jul 19 '17 at 09:56

hussam hassen

21

X client forwarded over SSH "cannot open display: localhost:11.0"

6 Answers6

Linked