Bug 1027197

Summary: X11 Forwarding does not work with default config - error: Failed to allocate internet-domain X11 display socket
Product: Red Hat Enterprise Linux 6 Reporter: Jiri Belka <jbelka>
Component: opensshAssignee: Petr Lautrbach <plautrba>
Status: CLOSED ERRATA QA Contact: Stanislav Zidek <szidek>
Severity: high Docs Contact:
Priority: medium    
Version: 6.5CC: jbelka, plautrba, pvrabec, szidek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openssh-5.3p1-97.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-14 07:39:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jiri Belka 2013-11-06 11:11:50 UTC 
Description of problem:
X11 Forwarding does not work with default config.

Problem seems to be line in /etc/ssh/sshd_config:

-%-
#AddressFamily any
-%-

-%-
Nov  6 11:50:13 test-rh6-x64 sshd[2509]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov  6 11:50:13 test-rh6-x64 sshd[2509]: error: Failed to allocate internet-domain X11 display socket.
-%-

-%-
debug1: session_input_channel_req: session 0 req x11-req
Failed to allocate internet-domain X11 display socket.
debug1: x11_create_display_inet failed.
-%-

Changing it to AddressFamily inet makes it working again. Descr from man sshd_config.

-%-
     AddressFamily
             Specifies which address family should be used by sshd(8).  Valid arguments are “any”, “inet” (use IPv4 only), or “inet6” (use IPv6
             only).  The default is “any”.
-%-


Version-Release number of selected component (if applicable):
openssh-server-5.3p1-94.el6.x86_64
redhat-release-server-6Server-6.5.0.1.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1. default config, install xauth
2. ssh -X $remote # where remote is 6.5 RHEL
3.

Actual results:
x11 forwarding broken

Expected results:
should work

Additional info:
Comment 2 RHEL Program Management 2013-11-09 11:44:58 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 5 Petr Lautrbach 2014-06-19 10:39:54 UTC 
There's missing one information in the reproducer, the remote RHEL-6 has to have loopback device without ipv6 ::1/128 address assigned (e.g. due to ipv6 disabled via sysctl or so). Otherwise it works as expected. Given that, my previous comment is not valid any more.

Jiri, can you confirm that x11 forwarding works if you enable ipv6 on lo or/and add ::1 address there (ip a a ::1/128 dev lo)?
Comment 8 errata-xmlrpc 2014-10-14 07:39:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2014-1552.html