Edit: Some links no longer work.
Originally posted January 7, 2014 on AIXchange
A customer recently ran across an issue where their X11 forwarding was working fine on an AIX6.1 machine, but not on an AIX 7.1 machine. They were looking for a second set of eyes to make sure their configuration looked OK.
Here’s the question (and ultimately, the answer) that I received:
I’m stumped on a problem and hoping you might be able to shed some light on it. We’ve added several 7.1 systems recently and I’m trying to get X11 forwarding working on one of them. I’ve got the systems configured the same way as our 6.1 systems, and PuTTY is configured the same way as well, but when I login to the 7.1 box, no .Xauthority file is created and my $DISPLAY doesn’t get set.
I found a post on how to manually recreate the .Xauthority file and followed those steps, but the .Xauthority file is not created. If I run an xauth list command it says it’s creating the file, but it doesn’t actually create the file. The sshd_config file has X11Forwarding yes and a line for the Xauthlocation.
I figured this would be something simple in /etc/ssh/sshd_config, but was told this when I asked about it:
Here’s the sshd_config info, and openssh was restarted using stopsrc -s sshd; startsrc -s sshd:
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
XauthLocation /usr/bin/X11/xauth
(I’ve also tried it with the X11DisplayOffset and X11UseLocalhost commented out and restarting after making that change.)
When we looked at the putty event log we saw:
2013-11-05 09:43:56 Requesting X11 forwarding
2013-11-05 09:43:56 X11 forwarding refused
We also saw this article, and verified all of it was set correctly.
I use ssh the X11 forwarding, but the DISPLAY variable isn’t set:
* Check X11Forwarding directive in sshd_config
* Check that ssh client has X11 forwarding option set
* The AIX machine is missing xauth programm. Install X11.apps.config fileset.
* There are some older OpenSSH or OpenSSL versions that are buggy. I have had issues with OpenSSH versions 4.6.X, OpenSSH_4.3p2, OpenSSL 0.9.7l 28
And at this point we set up a webex so we could share the screen and figure out what the problem was. We changed settings in sshd_config. We tried just manually exporting the DISPLAY to the windows workstation running cygwin and that worked fine. We checked /etc/hosts and /etc/netsvc.conf and everything seemed to be in order.
Finally, we found this post. What worked for me was to add ‘AddressFamily inet’ to /etc/ssh/sshd_config.
This article had the same information.
Once we added the AddressFamily inet to the sshd_config, it worked as expected.
If someone else runs into this issue on AIX 7.1, hopefully this information will help. This also shows how important it is to document these finds when we come across them. I bet that a year from now someone will end up reading this post and it will fix that person’s problem, just like reading the articles I found fixed my problem.