Help with X11 and X11 Forwarding

nvonwolff · March 25, 2025, 3:33pm

Hello,
I’m trying to get x11 forwarding, via SSH, working but it seems that Bluefin is missing packages or essential configuration for this to work.

I regularly use SSH from my Bluefin Linux Laptop to servers, and even dev environments, where x11 forwarding is essential for managing legacy applications/services. Previously using Kinoite (KDE SilverBlue) this was a non-issue and worked out of the box. I just can’t seem to get anything X11 working here.

So when using SSH with X11 forwarding from the native terminal I get output like this without an .Xauthority file and with one.

Warning: No xauth data; using fake authentication data for X11 forwarding.

$ xclock
Invalid MIT-MAGIC-COOKIE-1 keyError: Can't open display: localhost:10.0

So I figured if the host system was missing the required libraries I would just install a distrobox and test running x11 applications there. But from a Fedora 41 distrobox I can’t run any x11 applications at all.

$ xclock
Authorization required, but no authorization protocol specified

Error: Can't open display: :0

So here I figured mabey I needed an actual key in the .Xauthority file. So I generated one, but still failure.

$ xauth add ${HOSTNAME}/unix:0 . $(xxd -l 16 -p /dev/urandom)
$ xclock
Invalid MIT-MAGIC-COOKIE-1 key
Error: Can't open display: :0

I’m not sure where to go from here. Any ideas?

inffy · March 25, 2025, 4:02pm

Can’t be totally sure but I think Fedora dropped the X11 packages in F41.

I think they are still available as packages (not sure if they are even in Fedora repos anymore or if you need a external copr repo for them).

nvonwolff · March 25, 2025, 4:30pm

Not sure about that but F41 in distrobox had all the required X11 packages in it’s default repos. Just a quick DNF install got everything.

dnf install "@base-x" xauth xclock openssh

Here’s the create command I used with distrobox:

distrobox create --name devbox-f41 --image quay.io/fedora/fedora-toolbox:41 --init

nicknamenamenick · March 27, 2025, 5:04pm

Fedora’s KDE and GNOME images dropped support for X11 is what inffy was referring to. Since Bluefin, Aurora, and Bazzite use both of these DEs then there is no more support for Xorg at this point. i have no idea if you can do all of this inside of a container like this and it seems like a lot of trouble… if you really need to do this then i’m not sure how to do this on GNOME. I know KDE requires rpm-ostree install plasma-workspace-x11 but this package is going away in Fedora 42 if I remember correctly anyways. essentially you most likely need the windowing session to be on your host somehow… would look into how to do this for gnome.

m2Giles · March 28, 2025, 11:55am

X11 forwarding should work out of the box. It will run your X app in Xwayland since the X11 session is no longer supported in Fedora.

Your .Xauthority is not in home. It’s /run/user/$ID/.mutter-Xwaylandauth.${RANDOM}

You should be able to get this path by echoing $XAUTHORITY.

This is managed by gnomes startup session. This will be setup even without xauth installed.

nvonwolff · March 29, 2025, 2:36am

Thanks for pointing this out as it helped me make some progress on this!!

So for distrobox it wasn’t setting the $XAUTHORITY environment variable. Setting it by hand allowed X applications to correctly work and SSH to the remote machine with X11 forwarding also worked. Now I just need to automated this in my bashrc dotfiles to auto detect and set that variable for mutter environments.

Now for the native environment I traced things down to this error:

debug1: No xauth program.
Warning: No xauth data; using fake authentication data for X11 forwarding.
debug1: Requesting X11 forwarding with authentication spoofing.

So under the assumption that xauth is a hard requirement for SSH client X11 forwarding I went and installed this with pixi.

pixi global install xorg-xauth

and then updated my ~/.ssh/config with

XAuthLocation /var/home/nicholas/.pixi/bin/xauth

Now X11 forwarding is working without issue. I’m ok with this workaround for my own workflows. I work mostly in the systems admin, and high performance computing, spaces so this may not be common for regular people and/or developers.

m2Giles · March 29, 2025, 3:45am

So, it appears that some images do not have xauth and others do. I’ve created a PR to our base images to ensure that the package gets installed.

I’m actually unsure if this was purposeful on Fedora’s part or not since xauth is still in several of the F42 images.

Hopefully this is merged so you do not need to add these workarounds since I think X forwarding should work out of the box.

nvonwolff · March 29, 2025, 4:23am

Awesome! Thanks for looking at this!!

j0rge · March 29, 2025, 9:34am

This will be in the next set of builds:

github.com/ublue-os/main

fix: ensure xorg-x11-xauth package is installed

main ← m2Giles-patch-2

opened 03:37AM - 29 Mar 25 UTC

m2Giles

+1 -0

Unsure if this was purposeful on Fedora's part. But some F41 and F42 images no l…onger have `/usr/sbin/xauth`. This breaks ssh X forwarding. Despite most of the ecosystem moving towards Wayland. Xwayland is still an integral part of the Linux Desktop. ssh X forwarding works with Xwayland. Adding this to all is to ensure that ssh X forwarding works out of the box. It is a restoration of a partially removed feature.

system · March 30, 2025, 9:35am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Bluefin-dx how to add Xone driver? Bluefin	7	495	June 25, 2024
Unable to login into X11 in Aurora Bluefin	4	142	December 24, 2024
LDAP authentication on Bluefin Bluefin	3	58	December 1, 2024
Bluefin/Aurora is not working out for me. Why? General	4	1224	April 20, 2024
Win11 in Boxes, low resolution? SPICE virt-veiwer not working? Bluefin	2	106	March 27, 2025

Help with X11 and X11 Forwarding

Related topics