The problem is how to have X11 forwarding, that is allow a server to use the client X11 interface to display graphical applications. For example using Firefox from the server itself when you want to test some server service and the test web site is only graphical (that is do not like w3m).

On this page... (hide)

  1.   1.  Getting infos
  2.   2.  Getting X11 forwarding
    1.   2.1  Server side
    2.   2.2  What not to do
    3.   2.3  Other setup
  3.   3.  Client side

1.  Getting infos

Adding -v ssh command, that is for example using "ssh -v -X login@domain", gives lot of information and specially if the X11 forwarding (the -X) is accepted. If it fails you should have:

(...)
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env LANG = fr_FR.UTF-8
X11 forwarding request failed on channel 0
(...)

after login:

2.  Getting X11 forwarding

You have to setup both the server and the client to allow this.

2.1  Server side

notice the config file is for sshd, the ssh daemon, the receiving part. It is probably necessary to restart the daemon after changing the config file, with "systemctl restart sshd.service".

grep X11 /etc/ssh/sshd_config X11Forwarding yes

  1. X11DisplayOffset 10
  2. X11UseLocalhost yes
  3. X11Forwarding no

(notice the # in front of the 3 last line) - you have to set X11Forwarding yes

2.2  What not to do

adding

X11UseLocalhost no

then

systemctl restart sshd.service

solve the problem, but open a serious breach in the server, so it shouldn't be used.

2.3  Other setup

It may happen than you disabled IPV6 on this server (and may be forgot it). In this case you have also to change "AddressFamily" from "any" to "inet".

This may be seen as a bug, never fixed: https://bugzilla.novell.com/show_bug.cgi?id=686477

3.  Client side

You can change the /etc/ssh/ssh_config file (notice it's ssh, not sshd) to ForwardX11 yes. It's probably commented out and the default is no.

But you can as well, when connecting to the server, use ssh -X login@domain (Once debugged, no more reason to use -v). For example for me

ssh -X jdd@test.tld.