“How to Fix ‘Untrusted X11 Forwarding Setup Failed: xauth Key Data Not Generated’ Error in SSH -X Connections”


4 views

When working with remote Linux servers from macOS via SSH with X11 forwarding (ssh -X), you might encounter the warning:

Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Warning: No xauth data; using fake authentication data for X11 forwarding.

This occurs because the xauth utility failed to:

  • Generate the MIT magic cookie (authentication token)
  • Properly set up X11 authentication

First verify your SSH client configuration:

# On your Mac terminal
which xauth
# Should return /opt/X11/bin/xauth or similar XQuartz path

# Check if XQuartz is running
ps aux | grep Xquartz

Here's the full fix procedure:

# 1. Install or update XQuartz
brew install --cask xquartz

# 2. Configure SSH to use the correct xauth path
echo "XAuthLocation /opt/X11/bin/xauth" >> ~/.ssh/config

# 3. Restart XQuartz and terminal

On your Ubuntu server, ensure these settings in /etc/ssh/sshd_config:

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost no

Then restart SSH:

sudo service ssh restart

For more secure connections, try trusted forwarding:

ssh -Y user@hostname

This bypasses some security restrictions but resolves the xauth issue.

The separate "RANDR missing" message indicates:

Xlib: extension "RANDR" missing on display "localhost:10.0"

Fix this by installing additional packages:

sudo apt-get install x11-xserver-utils

When using ssh -X to connect from a Mac (OS X 10.6.7) to an Ubuntu (11.04) machine, you might encounter:

Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Warning: No xauth data; using fake authentication data for X11 forwarding.

The warning occurs when the SSH client fails to generate proper X11 authentication cookies. This typically happens because:

  • The xauth utility is missing or not in PATH
  • Permissions issues with the .Xauthority file
  • Incompatible X11 implementations between systems

First verify if X11 forwarding is working despite the warning:

ssh -X user@remotehost
xclock

If you see the clock window, forwarding works but with reduced security.

To properly fix this, follow these steps on both local and remote machines:

# On your Mac (client):
brew install xquartz
ln -s /opt/X11/bin/xauth /usr/local/bin/xauth

# On Ubuntu (server):
sudo apt-get install xauth
chmod 644 ~/.Xauthority

Add these to your SSH config (~/.ssh/config):

Host *
    ForwardX11 yes
    ForwardX11Trusted yes
    XAuthLocation /opt/X11/bin/xauth

The separate message:

Xlib: extension "RANDR" missing on display "localhost:10.0"

indicates a missing X11 extension, which can be resolved by:

sudo apt-get install x11-xserver-utils

While the fake authentication works, it's less secure than proper X11 forwarding. For sensitive environments, always ensure proper xauth setup.

  • Verify xauth is in PATH: which xauth
  • Check .Xauthority permissions: ls -la ~/.Xauthority
  • Test with verbose SSH: ssh -X -v user@remotehost