Today, the ssh X11 forwarding stoped working. When I login via ssh (with -Y or -X), I get the message:
X11 forwarding request failed on channel 0
I did the configuration as explained here:
and my /etc/ssh/sshd_config file looks like:
subsystem sftp /usr/libexec/sftp-server
Was there any change on how to configure it now? Is there anybody else with the same issue?
add the line
to your sshd_config.
Thank you for the help, but unfortunately it didn’t work.
tallow service consumed a CPU core recently. I was curious and looked up the manual. Perhaps the service detected failed logins and inserted an ipset entry. Edit: This is not likely the case as you’re able to ssh in.
Extract from running:
tallow is a daemon that watches the systemd journal for messages from
the sshd service. It parses the messages and looks for attempted random
logins such as failed logins to the root account and failed logins to
invalid user accounts, and various other obviously malicious login at‐
tempts that try things as forcing old protocols, or weak key systems.
If such logins were detected, the offending IP address is stored in a
list. Items from this list are regularly purged, but if the amount of
times that a specific IP address is seen exceeds a threshold, an
ipset(1) entry is inserted in the tallow or tallow6 ipset, and further
packets from that ip address will be blocked by an iptables(1) or
ip6tables(1) rule that tallow creates at startup. Additionally, certain
types of login failure will trigger a short term ban of further packets
from the offending IP address immediately.
The system administrator needs to assure that the tallow and tallow6
ipsets are left alone and that the inserted iptables rules are properly
matching on packets.
Care should be taken to assure that legitimate users are not blocked
inadvertently. You may wish to list any valid IP address with the
whitelist option in tallow.conf(5). Multiple addresses can be
OpenSSH was updated recently in CL-37130 from 8.9p1-87 to 9.0p1-89.
More OpenSSH updates in CL-37150, CL-37160, and CL-37170.
Maybe all is well with CL-37170.
Hi thank you,
I have CL 37160 and OpenSSH_9.0p1 right now.
I will wait for the next update.
It seems that the update to CL 37170 solved the problem.
Thank you very much.