Can't run "ssh -X" on MacOS Sierra

Question

I just upgraded to MacOS Sierra, and I realized that I can't seem to run the "ssh -X" command in the Terminal anymore. It used to launch xterm windows, but now it's like I didn't even put the -X option anymore. It was working absolutely fine right before I updated. Other than going from OS X Yosemite to MacOS Sierra, I didn't change anything else in the setup.

EDIT:

As suggested, this is what I found in the debug logs that might be causing this problem.

debug1: No xauth program. Warning: untrusted X11 forwarding setup failed: xauth key data not generated 

Answer 1

I didn't need to reinstall XQuartz, but, based on Matt Widjaja's answer, I came up with a refinement.

• sudo vi /etc/ssh/ssh_config (This is ssh client config, not sshd_config)
  • Under the Host * entry add (or add where appropriate per-host)
    • XAuthLocation /usr/X11/bin/xauth (The location of xauth changed in Sierra)
    • ServerAliveInterval 60 (Pings the server every 60 seconds to keep your ssh connection alive)
    • ForwardX11Timeout 596h (Allows untrusted X11 connections beyond the 20 minute default)

No need to restart ssh, except, of course, existing ssh client connections.

It sounds like -Y (trusted X11) would be preferable to untrusted. If you switch over to trusted, the ForwardX11Timeout line can probably be removed.

The ServerAliveInterval line is also an optional preference.

It may also be possible to make these changes in ~/.ssh/config (the user's config file) but the permissions have to be correct.

EDIT: I removed ForwardX11 and ForwardX11Trusted. They aren't needed and ForwardX11 is less secure and causes problems for git (or other tools using ssh).

Answer 2

I noticed macOS Sierra resetted my X11 settings so that it disabled my xAuth program. To re-enable xAuth on macOS Sierra:

1. Reinstall X11/xQuartz to presumably reset any changes macOS Sierra made. I made the following changes below too although it sounds like this might be enough.
2. Load up a Terminal
3. sudo <text editor of your choice> /etc/ssh/sshd_config
4. In that file, uncomment the following lines, and set it to these values:
   • X11Forwarding yes
   • X11DisplayOffset 10
   • [Update on 10/07/2017] When you reinstall X11/XQuartz, above all else, it should add an: XAuthLocation <path_to_your_xauth> where mine was in /opt/X11/bin/xauth. This was probably the golden step that explained why reinstalling worked.
5. Restart ssh via the terminal. I did this by running:
   • sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist
   • sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist