# X11 Forwarding



## Ophiuchus (Jun 14, 2012)

Hi,

I want to use *ssh -X* over two hosts and unable to do so. So here is the problem:


```
[user@HostA]ssh -X root@HostB
[root@HostB]ssh -X root@HostC
[root@HostC]xclock &
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
X11 connection rejected because of wrong authentication.
Error: Can't open display: localhost:10.0
```

Running,

```
[user@HostA]ssh -X root@HostB
[root@HostB]xclock &
```

or,

```
[user@HostA]ssh -X root@HostC
[root@HostC]xclock &
```

results no problems at all.

Regards.


----------



## SirDice (Jun 15, 2012)

Do NOT use root to login with SSH directly!

Try the same with a normal user account.


----------



## Ophiuchus (Jun 15, 2012)

I got the same error after I tried with a normal user account. By the way I used public key authentication in all situations. Will that be a problem?


----------



## SirDice (Jun 15, 2012)

Ophiuchus said:
			
		

> I got the same error after I tried with a normal user account.


You can't forward X that way. It only works on one hop. This might be a solution:
http://serverfault.com/questions/53080/how-to-enable-ssh-x11-forwarding-through-additional-server



> By the way I used public key authentication in all situations. Will that be a problem?


You shouldn't allow root logins at all. There's almost never a need for it.


----------



## Ophiuchus (Jun 15, 2012)

Using *ssh -Y* instead of *ssh -X* did the trick. It worked even after two hops. 

By the way I didn't mean to ask if public key authentication is OK for root logins. I just wanted to ask if the error could be related with that (and as far as I see, it was not). Of course, root logins will be disabled right after I achieve my goal.

Let me do some more experiments with X11 forwarding and see if I can add some more info on the thread.

By the way, thanks for the link. I was searching a solution for this issue for a long time.


----------



## SirDice (Jun 15, 2012)

Ophiuchus said:
			
		

> By the way I didn't mean to ask if public key authentication is OK for root logins. I just wanted to ask if the error could be related with that (and as far as I see, it was not).


Ah, no, that should not be an issue. It doesn't matter what type of authetication you use.


----------

