In a SSH session with X11 forwarding, I got 12 messages X11 connection rejected because of wrong authentication. while I wasn't using the machine (and no other messages). The admin of the machine told me that NFS (where the .Xauthority file is stored) could have temporarily been blocked due to maintenance at the same time. Hence the error message. However, because no X applications were running in the background (and I don't think the shell did X accesses), this is just an unhelpful spurious error message (such a message would have been useful only if I started an X application). Either the error message should be removed in these conditions or it should be improved to tell the user what doesn't work. It could possibly be a bug in ssh that caused it to access the .Xauthority file while this wasn't really needed.
Have you tried disabling X11 forwarding when connecting to this host? sshd must run xauth(1) when establishing X11 forwarding and this is likely to touch .Xauthority.
It seems that the .Xauthority has nothing to do with this message: in a test I did a few months ago, I had "inotifywatch .Xauthority" running on the remote machine, then a message "X11 connection rejected because of wrong authentication" was displayed in the terminal, but no accesses to the Xauthority have been signaled ("No events occurred."). As the message typically occurs several hours after the SSH connection, I doubt that what happens when sshd establishes X11 forwarding is significant. Note: the remote machine is a server shared by several users. Could the message be due to some action of another user?
The problem is more important than I was thinking. For instance: $ xpdf 2010.pdf XtUngrabButton(drawArea,3,0) Warning: Attempt to remove nonexistent passive grab $ xpdf 2010.pdf X11 connection rejected because of wrong authentication. Error: Can't open display: localhost:10.0 zsh: exit 1 xpdf 2010.pdf $ xpdf 2010.pdf X11 connection rejected because of wrong authentication. Error: Can't open display: localhost:10.0 zsh: exit 1 xpdf 2010.pdf $ xpdf 2010.pdf XtUngrabButton(drawArea,3,0) Warning: Attempt to remove nonexistent passive grab all in the same session, within 10 minutes, and without modifying files. The question is why do I sometimes get failures for a short period of time, without a more meaningful error message about the cause? Are these failures due to the SSH client or the SSH server? (For me, in order to remember: the local machine is ypig and the remote machine is patate.)
An analysis of log messages on various machines did not show anything useful, possibly except an "authenticated mount request" for my home directory on the NFS server at about the same time of the first failure, because another machine on the network rebooted (and I have processes started by SGE on it). So, this could be completely unrelated. I think that to debug these problems, SSH should give more information in its error messages.
It looks like you are using untrusted X11 forwarding. By default, this will time out and stop accepting connections after 20 minutes but you can change this using ForwardX11Timeout. Otherwise, if you are on a shared machine and others are trying to connect to the X11 socket then you might encounter this error.
(In reply to comment #5) > It looks like you are using untrusted X11 forwarding. I'm currently using untrusted X11 forwarding, but between 2006-04-25 and 2010-07-30, I had "ForwardX11Trusted yes" in my .ssh/config file (then I removed this line due to potential security problems, according to http://dailypackage.fedorabook.com/index.php?/archives/48-Wednesday-Why-Trusted-and-Untrusted-X11-Forwarding-with-SSH.html -- so that I now use trusted X11 forwarding only when necessary, i.e. under Mac OS X, but this is out of the scope of this bug report). > By default, this will time out and stop accepting connections after > 20 minutes but you can change this using ForwardX11Timeout. Note that the X11 connection came back automatically. Is this normal? And why isn't ForwardX11Timeout documented in the ssh_config man page? Otherwise I'm thinking of a possible network failure. In any case, the error message is not helpful. > Otherwise, if you are on a shared machine Yes, this is a computation server of the lab. > and others are trying to connect to the X11 socket then you might > encounter this error. OK, I was wondering something about this (e.g. due to someone that had localhost:10.0 hardcoded or outdated, which is possible when using the screen utility). I hadn't managed to trigger the message, but probably because I did it wrong. Not I've tried telnet localhost 6010 on the remote machine and typed random characters, then got X11 connection rejected because of wrong authentication. in the other terminal. So, a connection by someone else was probably the cause of this problem. Shouldn't the possible causes of this error message be in the manual or in the FAQ?
It documented, at least in versions that support control over the option: > ForwardX11Timeout > Specify a timeout for untrusted X11 forwarding using the format > described in the TIME FORMATS section of sshd_config(5). X11 > connections received by ssh(1) after this time will be refused. > The default is to disable untrusted X11 forwarding after twenty > minutes has elapsed.
Move resolved bugs to CLOSED after 5.7 release