https://unix.stackexchange.com/questions/552601/no-xauth-program-cannot-forward-x11 I got the following error when tried the command.

$ ssh -v -X name@host
...
debug1: No xauth program.
Warning: No xauth data; using fake authentication data for X11 forwarding.
...

According to the above, I have the following line in /etc/ssh/sshd_config on the host already. Does anybody know how to fix this problem?

$ grep  XAuthLocation /etc/ssh/sshd_config
XAuthLocation /usr/bin/xauth
$ which xauth
/usr/bin/xauth
$ xauth version
1.1

I am trying to run a program after enabling X windows port forwarding. My sshd_config file in /etc/ssh/sshd_config is configured such that: X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes and my ssh_config file in /etc/ssh/ssh_config has: Host * ForwardAgent yes ForwardX11 yes I try to enable X Windows port forwarding with lemon:~ # ssh -X localhost lemon:~ # echo $DISPLAY lemon:~ # /usr/bin/SMclient xdpyinfo: unable to open display "". Unable to launch GUI due to X server display setting problem, Exiting . So $DISPLAY is set to nothing. I have tried everything I've seen online. Originally there was no .Xauthority file so I copied from /var/run/gdm/auth-for--/database and renamed the file .Xauthority I then tried lemon:~ # xauth generate :0 . trusted Invalid MIT-MAGIC-COOKIE-1 keyxauth: (argv):1: unable to open display ":0". When this didn't work, I deleted the old .Xauthority file and then: lemon:~ # touch ~/.Xauthority lemon:~ # xauth generate :0 . trusted No protocol specified xauth: (argv):1: unable to open display ":0". And many others suggested to run host + which just leads to lemon:~ # xhost + xhost: unable to open display ""

I am attempting to run an application (ParaView) in client-server mode with its graphics rendering being done on the remote (server) end. I am using SSH as my means of connecting to the server, but do not wish to use X-forwarding since it slows down the rendering process. However, every time I try to open the application on the server's display, I get an error to this effect: Invalid MIT-MAGIC-COOKIE-1 keyError: cannot open display ':0' I have conducted extensive research into this matter and have already tried the following suggested procedure to no avail: 1. Used "xauth list" to get the MIT-MAGIC-COOKIE-1 value for my local host's display. 2. Logged into the remote host via ssh. 3. Used "export DISPLAY=:0" on the remote host. 4. On the remote host, used "xauth add" to overwrite the cookie value for the remote host's display with that of the local host's. I'm convinced that this is the correct procedure, but that I'm just not transferring the right cookies to the right displays. Again, I would like to be able to use ssh to effect the opening of applications on the remote computer's display. Ideally, I would like the entire process to be done via xauth rather than xhost, and once again, I have no need to use X-forwarding. What might I be missing or doing wrong?

First of all what I want to do: I want to login to a server via ssh. Then change change the user via sudo su user and start some application on my screen. Some collegues do it by

su user
export DISPLAY=:0

an it works. --- I connect to a server via ssh -X user@server. Then I start a X11 application. This works fine (although there are warnings). Warnings: libEGL warning: DRI3: failed to query the version libEGL warning: DRI2: failed to authenticate qt.qpa.xcb: QXcbConnection: XCB error: 1 (BadRequest), sequence: 414, resource id: 1897, major code: 155 (Unknown), minor code: 1 --- If I run sudo su (or sudo su user) and start the program or run it via sudo myprogram there is an error. Error:

X11 connection rejected because of wrong authentication.
qt.qpa.xcb: could not connect to display localhost:11.0
qt.qpa.plugin: Could not load the Qt platform plugin "xcb" in "" even though it was found.
    This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem.

Available platform plugins are: eglfs, linuxfb, minimal, minimalegl, offscreen, vnc, xcb.

Aborted

--- I found some articles about this problem. X11 forwarding fails when switching users ssh connection. X11 connection rejected because of wrong authentication --- So extend the /etc/pam.d/su file and the /etc/pam/sudo file by session optional pam_xauth.so And later I changed /etc/ssh/sshd_config by adding: X11Forwarding yes and restarting the sshd by systemctl restart ssh.service. ssh -T says x11forwarding yes But nothing changed. Does anybody know what to do? Its important to check some changes on the users program configurations after making changes.

I ask for your help since I am on linux and when I wanted to log in normally (typing my password) it kept loading indefinitely, and when I open the "console" with the key combination **(ctrl alt fn f3)** and start session From there everything is fine, but when I want to start with **startx** it gives me the following error: Xauth: timeout in lock authority file / home / user /. Xauthority Try to solve it with the first two answers of (https://unix.stackexchange.com/questions/215558/why-am-i-getting-this-message-from-xauth-timeoutin-locking -authority -file-home) but it keeps giving me that error, also check the **/home/user/** folder and seeing the files with the command **ls -l .Xauthority** didn't show me anything, it gave me the error Didn't find the file, and even typing the **rm --rf Xathority** command didn't give me an error, no matter how many times I ran that command, when I rebooted my computer it still didn't work like it hadn't done anything. What I can do? Thanks in advance :) and I hope I have made myself understood. Update ----------------- Try to solve it also based on [this question](https://cyberwarzone.com/how-to-fix-timeout-in-locking-authority-file-home-xauthority-2018/) but it also didn't work giving me the same errors from the beginning. I want to add that I already tried to do this: rm -fr .Xauth- * And also this: rm -fr / home / user / .Xauthority And neither way gives me an error, so I think if they are removed, but if immediately after typing those commands, I type startx, it keeps giving me the error of: Xauth: timeout in lock authority file / home / user /. Xauthority Second update --------------------- When I try to end the ssh session it gives me errors that are the same as some people describe in this question (https://qastack.mx/ubuntu/103889/how-do-i-restart-the-ssh-service) , try to fix it with the same answers from that question but it still doesn't work where there are errors at the end of the session.

I am using FreeBSD 14.1 with CDE (https://sourceforge.net/projects/cdesktopenv/) I would like to disable xauth and use just xhost. I am unsure if this has to be done via Xorg server configuration (FreeBSD) or via CDE config files. This is what I have tried: 1. Modify /etc/dt/config/Xconfig:

Dtlogin*authorize:         False

2. Delete user's .Xauthority file.

I created a **chroot** environment on my computer and enabled a few different programs to run on it. I access this chroot environment through an **ssh connection**. One of the application in this chroot is *cellxgene* that has a graphical display. It launches without any problem but I am not able to forward the graphical display to the client's screen. I have modified the ssh_config (on the client side) and the sshd_config (on the host side) files to enable **X11 forwarding**, port forwarding, etc. sshd_config file:

Match User anonymous
      X11Forwarding yes
      AllowAgentForwarding yes
      AllowTcpForwarding yes
      GatewayPorts yes      
      XAuthLocation /usr/bin/xauth
      ChrootDirectory /anonymous-root

ssh_config file:

Host *
     ForwardAgent yes
     ForwardX11 yes
     XAuthLocation /usr/bin/xauth

However, I keep having the same error message upon connecting with the command

-vX anonymous@

:

Could not run /usr/bin/xauth -q -

I verified the dependencies for xauth and the permissions on /usr/bin/xauth are:

-rwxr-xr-x 1 anonymous anonymous 56280 Mar 29 13:05 /usr/bin/xauth

I tried a LOT of different things to solve this issue, but so far nothing is doing the trick or even changing the error message to something else. Any advice on how to go about this would be welcome. Thanks in advance!

$ xhost
access control enabled, only authorized clients can connect

xterm works:

$ docker run --rm -it --network host \
  --volume ~/.Xauthority:/root/.Xauthority:ro \
  --env DISPLAY \
  alpine:3.19 sh -euxc 'apk add xterm; exec xterm'

chromium opens a window and seems to receive keystokes, but the window is empty (output ):

$ docker run --rm -it --network host \
  --volume ~/.Xauthority:/root/.Xauthority:ro \
  --env DISPLAY \
  alpine:3.19 sh -euxc 'apk add chromium; exec chromium --no-sandbox'

If I allow local connections with xhost it works:

$ xhost +local:

$ xhost
access control enabled, only authorized clients can connect
LOCAL:

$ docker run --rm -it --network host \
  --volume ~/.Xauthority:/root/.Xauthority:ro \
  --env DISPLAY \
  alpine:3.19 sh -euxc 'apk add chromium; exec chromium --no-sandbox'

$ xhost -local:

One could speculate here that it starts non-root processes which don't have access to /root/.Xauthority, and that's why it fails. Then under which user? So that I could provide .Xauthority to all interested parties. How do I debug this? How do I make it work?

I am working on a systemd/udev setting that I would like to share upstream, however I can't get it to work in a non-hacky way. Essentially, I have this script as the exec of a systemd service:

ICON="somepath/dslr-camera-white.png"

      function on-display() {
          local sdisplay=$(echo $XDG_SESSION_TYPE)
          if [ "$sdisplay" == "wayland" ]; then
          local display=":$(echo $WAYLAND_DISPLAY)"
          else
          local display=":$(ls /tmp/.X11-unix/* | sed 's#/tmp/.X11-unix/X##' | head -n 1)"
          fi
          
          local user=$(who | grep '('$display')' | awk '{print $1}' | head -n 1)

          local uid=$(id -u $user)

          sudo -u $user DISPLAY=$display DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$uid/bus "$@"
      }

      cleanup() {
          on-display notify-send -i $ICON "Disconnected" "The DSLR Camera has been turned off." --app-name="DSLR Webcam"
          trap - SIGTERM && kill -- -$$
      }

      trap cleanup SIGINT SIGTERM EXIT

      on-display notify-send -i $ICON "Connected" "The DSLR Camera has been turned on and it is ready to use." --app-name="DSLR Webcam"
      on-display yad --window-icon=$ICON --image=$ICON --no-buttons --title="DSLR Webcam" --notification --listen &

      output=$(v4l2-ctl --list-devices)
      line=$(echo "$output" | grep "Virtual Camera")
      vdevice=$(echo "$output" | sed -n "/$line/{n;s/^\t\+//p;}")
      gphoto2 --stdout --capture-movie | ffmpeg -i - -vcodec rawvideo -pix_fmt yuv420p -threads 0 -f v4l2 $vdevice

The point of the service is to be started by an udev rule when an specific gphoto2 supported camera is plugged in, therefor I have these udev rules:

ACTION=="add", ATTR{idVendor}=="04a9", ATTR{idProduct}=="3218", RUN+="systemctl start dslr-webcam.service"
ACTION=="remove", ATTR{idVendor}=="04a9", ATTR{idProduct}=="3218", RUN+="systemctl stop dslr-webcam.service"

So far so "ok", because I have read on alternatives to using RUN for a systemd service, but regardless... The issue here is specifically the call to yad. yad is a program that allows you to display dialogue boxes from the CLI, I am leveraging it for its ability to make a systrey icon, as I would like for one to show up when the camera is active. ## The problem Unlike notify-send, which probably works off some common socket, yad requires the appropriate XAUTHORITY set in order for it to work, otherwise you will get cannot open display: :0. The hacky solution in my case is to simply set it the right Xauthority, since I am using SDDM (display manager), it resides in the /tmp directory, so I can add this to the script:

XAUTHORITY=$(ls /tmp/xauth*)

And then it works... But this is terrible, it makes a lot of assumptions, in fact the whole on-display function also seems like a bad idea. If I took this to a different system, it probably wouldn't work, because the proper Xauthority could be in a myriad of places, and I haven't even tried Wayland yet (I will leave that for later). ## What about xauth I thought I could somehow use xauth to retrieve the right Xauthority, but that doesn't seem to be the case... This script is a system service, so my xauth info returns Authority file: /root/.xauthWV7OfU, and running it as the right user sudo -u $user xauth info gives me Authority file: /home/myuser/.Xauthority, none of which work when given to yad. The correct XAUTHORITY is set by the display manager, so I think I could only get it from child processes of it. I have also tried all the approaches give by this [answer](https://unix.stackexchange.com/a/429106/528934) , but the first one would not work, as XAUTHORITY isn't actually in the system env, and the second one (aside from the mentioned pitfalls), doesn't work, it says the xauth file is at /run/sddm/xauth_KvyuHd, but trying to use it doesn't work, so it is not the same xauth file as /tmp/xauth_FzoQqz From the same question as the previous one, [this](https://unix.stackexchange.com/a/429162/528934) approach seems to work, but I don't know how portable it is. And still seems hacky. ---------- ## Run as user service Perhaps this is the most promising one, as nothing in that script prevents it from being run as a user (it also gets rid of on-display), I did try this approach, and while if the camera was plugged-in and I ran systemctl --user start dslr-webcam.service it would work as expected (including yad), now I have a problem with the udev rule. I searched many places, including [here](https://unix.stackexchange.com/questions/550279/udev-rule-to-trigger-systemd-service) , but I cannot find how to run a systemd user service from an udev rule, and to me that doesn't really make any sense either, how would udev know what user to use?

(Migrated from ServerFault.SE) I'm working on a Silverblue system, in part via SSH with X11 forwarding. When I use the graphical console and say xauth list I get this: silverblue/unix:0 MIT-MAGIC-COOKIE-1 #ffff##:0 MIT-MAGIC-COOKIE-1 $XAUTHORITY = /run/user/1000/xauth_dkafiw so this is obviously something set up by Silverblue specially. But when I log in via ssh -X I get xauth list of silverblue/unix:11 MIT-MAGIC-COOKIE-1 silverblue/unix:10 MIT-MAGIC-COOKIE-1 I think the mysterious line in the console xauth is to make toolbox work with X. I can say toolbox enter and start an X11 program from the command line, and it works. But if I try that in ssh it doesn't. This seems to be because toolbox sets the hostname to "toolbox", so if I say xauth add toolbox/unix:10 MIT-MAGIC-COOKIE-1 it starts working again (or sudo hostname silverblue inside the toolbox also works). So my questions: * What does #ffff##:0 mean in xauth list? Am I right about it solving the toolbox issue? * How do I get it in there? Using xauth add tells me it's an invalid address.

Suddenly whenever I run mpirun I get the error Invalid MIT-MAGIC-COOKIE-1 key. I think this might have started after I killed a command using mpirun that had been launched from a python console. I looked at $XAUTHORITY and found no .Xauthority file. I also tried xhost +local: in the terminal but the problem remains. I have only used mpirun to run things locally on my pc. (For the most part mpirun does seem to do what it is supposed to, but I believe it also now creates errors in things that were working perfectly before.) Simply running the below shows the warning for example (nonsense minimal example): /usr/bin/mpirun -n 1 echo "bla" ----- I ran export XAUTHORITY="$XDG_RUNTIME_DIR"/Xauthority because it solved the issue for someone else but it seemed to have made things worse (?). Now it says No protocol specified whenever I run mpirun. By going through the steps in https://superuser.com/a/941244/728074 it goes back to saying Invalid MIT-MAGIC-COOKIE-1 key. Also my $DISPLAY was set to nothing it seems. I tried setting it to ":1" or ":0" but that does not resolve the issue. I also do not know whether it had a value before but some posts suggest its value is relevant for this error. ---- System: Ubuntu 20.04 LTS

As root, I'm connecting to a remote host to execute a command. Only "standarduser" has the appropriate id-file and correct .ssh/config, so I'm switching the user first: su standarduser -c 'ssh -x remotehost ./remotecommand' The command works fine, but despite the fact that I used "-x" (disable X11-Forwarding) and having X11Forwards disabled in /etc/ssh/ssh_config, I still get the error message: X11 connection rejected because of wrong authentication. I'm not getting the error message when I'm logged in as "standarduser". This is quite annoying as I would like to integrate the command in a cron job file. I understand that the error message refers to the wrong authentication of root's .XAuth file, but I'm not even trying to connect via X11. Why is "ssh -x" not disabling the X11 connection and throwing the error message? _UPDATE_: The message only shows when I'm logged in within a screen, when using the command stated above on the local machine itself (without screen), I don't get an error message, so this should be fine with cron, too. I also started the same command with -v and surprisingly got the error message FIRST, even before the status information from SSH: root@localhost:~# su standarduser -c 'ssh -x remotehost ./remotecommand' X11 connection rejected because of wrong authentication. OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013 This led me to the problem itself, it is NOT the ssh which is throwing the error message, it's su: root@localhost:~# su standarduser -c 'echo Hi' X11 connection rejected because of wrong authentication. Hi Why do I only get this error within screen? How can I disable this error message?

I got the following error message when I use ssh -v -Y. The server OS is mojave. Does anybody know what is wrong?

debug1: No xauth program.
Warning: No xauth data; using fake authentication data for X11 forwarding.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Remote: No xauth program; cannot forward X11.
X11 forwarding request failed on channel 0

From my local machine I ssh to a remote server along with authentication regarding X display. I know that in this process, MIT-MAGIC-COOKIES are used and the value in both server and client needs to be identical in order for the authentication process to be valid. However, when I login to a remote server and have confirmed that X display stuff are working well (e.g. executing xclock to see if the xclock application is popped up in my local machine), when I check the value of the cookies, the value in local machine and that in the remote server seems to be different. Here's the command lines: ### cookie value in remote server chulhyun@chulhyun-Inspiron-3420:~$ ssh -X Black@$labcom Last login: Wed Jun 25 10:02:25 2014 from Black@Black-PC ~ $ xclock ### xclock appears in local machine. Black@Black-PC ~ $ xauth list Black-PC/unix:10 MIT-MAGIC-COOKIE-1 708f623489b1ea129a77e98287d130ca ### cookie value in local machine chulhyun@chulhyun-Inspiron-3420:~$ xauth list chulhyun-Inspiron-3420/unix:0 MIT-MAGIC-COOKIE-1 5ddd2ce92004eab53ceee8a64b7b88c0 As you can see the cookie value in two machines are different. Then shouldn't the X display not work? What am I missing here? P.S. I heard that $XAUTHORITY contains the path to the xauthority file and I've checked that path in local machine: chulhyun@chulhyun-Inspiron-3420:~$ echo $XAUTHORITY /var/run/gdm/auth-for-chulhyun-iZfH2u/database When I take a look into the "database" file, the contents are unreadable because the contents are composed of weird characters. ^A^@^@^Vchulhyun-Inspiron-3420^@^A0^@^RMIT-MAGIC-COOKIE-1^@^P]?,? ^D??xhost and $XAUTHORITY in remote server** Black@Black-PC ~ $ xhost access control enabled, only authorized clients can connect SI:localuser:chulhyun Black@Black-PC ~ $ echo $XAUTHORITY *as it turns out $XAUTHORITY is not defined... is this normal? **result of xhost in local machine** chulhyun@chulhyun-Inspiron-3420:~$ xhost access control enabled, only authorized clients can connect SI:localuser:chulhyun

I have a very little experience in linux, but these days, I was trying to understand a bit more about ssh and X forwarding. I use an SBC (orange pi zero 2) as a home server under debian. I usually ssh -X to my server from mobaXterm on a windows 11 PC. Everything runs smoothly and I have no problem opening a window on my local machine (gvim for instance). However I was just curious about one thing: my DISPLAY variable is set to localhost:10 (which I expected), but xauth list only show an entry for myserver/unix:10, which is a unix socket, as far as I understand. So I was wondering why (and, above all, if) X authentication is actually working... Most of my knowledge on these things com from this very interesting page and I assumed xauth list would have shown an entry for my DISPLAY variable (a TCP socket). Thanks!!

I want to get a GUI to an ubuntu server. Locally, I installed XMING & PUTTY and enabled the X11 forwarding. I also tried to specifically set the display location to localhost:0, because I read that it could be helpful. Unfortunately, after watching multiple youtube tutorials and reading through dozens of guides, I simply cannot get it to work. Whenever I connect to the server, the DISPLAY variable is not initialized. I did the following: - enable X11Forwarding in /etc/ssh/ssh_config and /etc/ssh/sshd_config - install xauth on the server - try manually setting the DISPLAY variable to :0.0, =:0, =:1 etc. Does anyone know how to fix or debug this properly? EDIT: I **might** know the issue: I can only login to the server as root account! Could that maybe cause the problem? ----------

I run X11 programs on a Linux host, displaying remotely on a Mac running the XQuartz X11 server. First of all, this is all on my private LAN so I don't need to tunnel the X connection through SSH, and I don't want to for reasons of performance. To transfer access rights to the display I use a command (on the Mac) akin to

xauth nlist machost:0 | ssh linuxhost xauth nmerge -

This works almost perfectly - _except_ that the useless message in the title gets printed if the authority file doesn't exist already. Here, then, is my question: how can I suppress this useless message, while still getting alerted about real errors? The -q flag to xauth doesn't help, I tried that already.

I'm trying to forward my X windows, but seems to be limited to just on session? What I'm trying to do is invoke x-applications as another user, through a sudo su -. If I know the other user's password, than this is easily resolve with: ssh -Y user@host password: ******** gedit & However, if running a user which I do not have a password (weblogic, for example): ssh –Y me@host xauth list sudo csh (now root) xauth add (last line of the xauth list above) gedit & HOWEVER, I'm having trouble allowing another user to access the x display: xauth list su – weblogic xauth add (last line of the xauth list above) gedit (see if gedit launches). This fails. I've also attempted to go direct to the to the other user via sudo: ssh –Y me@host xauth list sudo su – weblogic xauth add (last line of the xauth list above) gedit (see if gedit launches). This too fails.

So I am using Strongswan to connect to remote Fortigate since native Fortinet VPN client does not support IPsec. I also have hardware FortiToken 200 that provides a OTP. My current config is the following: **/etc/ipsec.conf** conn my-config keyexchange=ikev1 aggressive=yes ike = aes256-sha256-modp1536 esp = aes256-sha1-modp1536 right=remote_ip rightid=%any rightsubnet=0.0.0.0/0 rightauth=psk leftsourceip=%config leftauth=psk leftauth2=xauth xauth_identity="username" auto=add **/etc/ipsec.secrets** remote_ip : PSK "passphrase_here" username : XAUTH "password_here" When I run: > ipsec up my-config initiating Aggressive Mode IKE_SA german to remote_ip generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ] sending packet: from 10.0.2.15 to remote_ip (460 bytes) received packet: from remote_ip to 10.0.2.15 (536 bytes) parsed AGGRESSIVE response 0 [ SA KE No ID HASH V NAT-D NAT-D V V V V V ] received NAT-T (RFC 3947) vendor ID received DPD vendor ID received XAuth vendor ID received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:00:00:00 received FRAGMENTATION vendor ID received FRAGMENTATION vendor ID selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536 local host is behind NAT, sending keep alives generating AGGRESSIVE request 0 [ HASH NAT-D NAT-D ] sending packet: from 10.0.2.15 to remote_ip (140 bytes) received packet: from remote_ip to 10.0.2.15 (92 bytes) parsed TRANSACTION request 1581697690 [ HASH CPRQ(X_TYPE X_USER X_PWD) ] no XAuth method found generating TRANSACTION response 1581697690 [ HASH CP ] sending packet: from 10.0.2.15 to remote_ip (76 bytes) Obviously, it is necessary to edit the config somehow so it would prompt for OTP at some point. ***The question is: how do I it?***

I setup xauth in part enough to get an xterm, xclock, etc. But any other program like gnome-terminal, a browser, still fails to authenticate. The two computers have the same user name and default ID 1000 and Group 1000. Although I believe the xauth is working partially, I did a quick test with xhost + on the client, same results as below. This is the error that needs to be fixed:

client$ ssh -X server
...
server$ gnome-terminal
X11 connection rejected because of wrong authentication.
Error creating terminal: No screen 0 on display "localhost:10.0"

# But this works and shows the xterm window on the client.
$ xterm

# Pop!_OS ubuntu 21.10

client$ egrep X11 /etc/ssh/ssh_config
/etc/ssh/ssh_config:   ForwardX11 yes
/etc/ssh/ssh_config:#   ForwardX11Trusted yes

client$ xauth list
client/unix:  MIT-MAGIC-COOKIE-1  >
#ffff#abcdef012345#:  MIT-MAGIC-COOKIE-1  >

client$ echo $XAUTHORITY 
/run/user/1000/gdm/Xauthority

# There is no ~/.Xauthority

# Debian GNU/Linux 9 (stretch)

server$ egrep X11 /etc/ssh/sshd_config
/etc/ssh/sshd_config:X11Forwarding yes
/etc/ssh/sshd_config:#X11DisplayOffset 10
/etc/ssh/sshd_config:#X11UseLocalhost yes
/etc/ssh/sshd_config:#	X11Forwarding no

server$ echo $DISPLAY 
localhost:10.0

server$ xauth list
server/unix:10  MIT-MAGIC-COOKIE-1  >

# ~/.Xauthority is 52 bytes and owned by 1000:1000

# On the server XAUTHORITY is not setup automatically. It does not
# matter if I export XAUTHORITY=$HOME/.Xauthority in the ssh session.

HEX SECRET A and B do not match (not sure if they need too)..