On Thu, Nov 9, 2023 at 6:16 PM <fxkl4...@protonmail.com> wrote: > > On Thu, 9 Nov 2023, Jeffrey Walton wrote: > > > On Thu, Nov 9, 2023 at 11:43 AM Greg Wooledge <g...@wooledge.org> wrote: > >> > >> On Thu, Nov 09, 2023 at 03:01:29PM +0000, fxkl4...@protonmail.com wrote: > >>> i upgraded from bullseye to bookworm with no problems > >>> when i try ssh with -X/-Y to the bookworm machine x11 forwarding fails > >>> > >>> debug1: Requesting X11 forwarding with authentication spoofing. > >>> debug1: Sending environment. > >>> debug1: Sending env LANG = en_US.UTF-8 > >>> debug1: Sending env LC_ALL = en_US.UTF-8 > >>> X11 forwarding request failed on channel 0 > >>> > >>> the .Xauthority file is not updated > >>> is there new security or configuration > >> > >> On the server, run: > >> > >> grep X11 /etc/ssh/sshd_config > >> > >> That should tell you whether X11Forwarding and its related options have > >> been disabled. > > > > Probably need a 'grep -IR' since overrides can be provided in > > sshd_config.d/ : > > > > $ sudo ls /etc/ssh/sshd_config.d/ > > 10-pubkey_auth.conf 20-no_root_login.conf > > > > And: > > > > $ sudo cat /etc/ssh/sshd_config.d/10-pubkey_auth.conf > > PasswordAuthentication no > > ChallengeResponseAuthentication no > > KerberosAuthentication no > > KerberosOrLocalPasswd no > > GSSAPIAuthentication no > > UsePAM no > > PubkeyAuthentication yes > > my /etc/ssh/sshd_config.d/ is empty
/etc/ssh/sshd_config.d/ is where you are supposed to make changes. Otherwise, new config files get written during upgrades, and overwrite the old settings. Changes in sshd_config.d always survive, and always take precedence over the distro's settings. Jeff