Bug 141894
Summary: | Remote X programs don't run | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Nigel Horne <njh> |
Component: | openssh | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED DUPLICATE | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | xgl-maint |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-01-31 20:40:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nigel Horne
2004-12-04 20:49:18 UTC
Do the programs work with ssh -Y? If so this could be a dup of bug #141515 (which looks like a dup of bug #134425) The X server TCP transport is disabled by default for many OS releases now for security reasons. It's been like this for a very long time now. The best way to run remote applications is via "ssh -Y". If you require remote TCP such as for XDMCP sessions or other reasons, you must reconfigure the system to permit remote TCP connectivity. The Fedora Core mailing lists may be useful if you require help reconfiguring your system to permit X over remote TCP. Setting status to "NOTABUG" Some additional information, as I may have slightly misread your initial report. You mention you're using ssh for remote X apps, but also using "xhost". "xhost" is very insecure, and is not required at all for running remote X apps over ssh. "xhost" is used for running remote apps over telnet, which is insecure and should be discouraged. The Fedora Core 3 release notes contain additional documentation on changes in the openssh software, which seem to be the problem you are having, rather than my initial assessment. Reassigning to openssh component for consideration of changing the default ssh options to work out of the box, so users don't have to reconfigure their systems to run remote X apps over ssh X11 forwarding. Yes, that seems better, thanks. You say "It's been like this for a very long time now.", I suppose it depends on how you define 'very long', but FC2 was OK and I wouldn't say that was very long ago. Actually, it depends on what you define "it" as. As such, I'll clarify what
I said in order to make it less ambiguous.
"The X server TCP transport is disabled by default for many OS
releases now for security reasons. It's been like this for a very
long time now."
In the above paragraph, the "It's" in the second sentence, is refering to
how long it has been that we have disabled TCP in the X server by default.
It has indeed been a very long time. I do not remember exactly when it was,
but Red Hat Linux 7.1 or possibly even earlier is a rough guess. There was
an OS release or two in which gdm by default invoked the X server without
disabling TCP by default. That bug was fixed in a later gdm update. Bugs
aside however, TCP has been disabled by default for numerous OS releases.
> but FC2 was OK and I wouldn't say that was very long ago.
It depends on which of the two completely different problems I described
above that you're refering to. If you're refering to TCP being disabled
by default, then it was indeed a very long time ago, as mentioned in my
last paragraph, however if you're refering to "ssh -X" working out of the
box as expected, then indeed this is a change in behaviour between FC2
and FC3.
The upstream openssh project has changed what "ssh -X" does, so it no longer
does what people are used to. To get the old behaviour, you must run
"ssh -Y", as our release notes say. This is indeed new behaviour in FC3
caused by an upstream openssh project change.
Again though, my claim above about "a very long time" was not about the
openssh change, but rather the TCP one.
Hope this clarifies any confusion from the above.
Thanks.
Tks. |