This is a debugging question. When you ask for clarification please make sure it is not already covered below.

I have 4 machines: Z, A, N, and M.

To get to A you have to log into Z first.

To get to M you have to log into N first.

The following works:

ssh -X Z xclock
ssh -X Z ssh -X Z xclock
ssh -X Z ssh -X A xclock
ssh -X N xclock
ssh -X N ssh -X N xclock

But this does not:

ssh -X N ssh -X M xclock
Error: Can't open display: 

The $DISPLAY is clearly not set when logging in to M. The question is why?

Z and A share same NFS-homedir. N and M share the same NFS-homedir. N's sshd runs on a non standard port.

$ grep X11 <(ssh Z cat /etc/ssh/ssh_config) 
ForwardX11 yes
# ForwardX11Trusted yes

$ grep X11 <(ssh N cat /etc/ssh/ssh_config) 
ForwardX11 yes
# ForwardX11Trusted yes

N:/etc/ssh/ssh_config == Z:/etc/ssh/ssh_config and M:/etc/ssh/ssh_config == A:/etc/ssh/ssh_config

/etc/ssh/sshd_config is the same for all 4 machines (apart from Port and login permissions for certain groups).

If I forward M's ssh port to my local machine it still does not work:

terminal1$ ssh -L 8888:M:22 N
terminal2$ ssh -X -p 8888 localhost xclock
Error: Can't open display:

A:.Xauthority contains A, but M:.Xauthority does not contain M.

xauth is installed in /usr/bin/xauth on both A and M.

xauth is being run when logging in to A but not when logging in to M.

ssh -vvv does not complain about X11 or xauth when logging in to A and M. Both say:

debug2: x11_get_proto: /usr/bin/xauth  list :0 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 0
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.

I have a feeling the problem may be related to M missing in M:.Xauthority (caused by xauth not being run) or that $DISPLAY is somehow being disabled by a login script, but I cannot figure out what is wrong.