Bug 2068109

Summary: git does not disable X11 forwarding when executes ssh, so it may hang when cloning remote repositories
Product: Red Hat Enterprise Linux 8 Reporter: Carlos Santos <casantos>
Component: gitAssignee: Ondřej Pohořelský <opohorel>
Status: CLOSED MIGRATED QA Contact: RHEL CS Apps Subsystem QE <rhel-cs-apps-subsystem-qe>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.5CC: hhorak, jwright, ralacroix
Target Milestone: rcKeywords: MigratedToJIRA
Target Release: ---Flags: pm-rhel: mirror+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-09-20 12:41:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Carlos Santos 2022-03-24 13:41:42 UTC 
Description of problem:

- User has "ForwardX11 yes" in ~/.ssh/config or in /etc/ssh/ssh_config
- Git server runs on RHEL 8.5
- User attempts to clone a repository over ssh
- Git hangs

Version-Release number of selected component (if applicable):

- RHEL 8.5
- dbus-1.12.8-14.el8.x86_64
- git-2.27.0-1.el8.x86_64
- openssh-clients-8.0p1-10.el8.x86_64
- openssh-server-8.0p1-10.el8.x86_64

How reproducible:

  Always

Steps to Reproduce:

  Using same machine and user for server and client, for simplicity:

1. Enable X11 forwarding for SSH server and client

   # echo ForwardX11 yes >> /etc/ssh/ssh_config
   # echo ForwardX11 yes >> /etc/ssh/sshd_config
   # systemctl restart sshd.service
  
2. Create git repository

   # mkdir /opt/test-repo
   # chown test-user:test-user /opt/test-repo

   Run below commands as "test-user" on a gnome-terminal

   $ cd /opt/test-repo
   $ git init
   $ git commit -m test

3. Try to clone the repository over ssh

   Rum below commands on a gnome-terminal (must have a DISPLAY)

   $ git clone localhost:/opt/test-repo

Actual results:

   Cloning into 'test-repo'...
   test-user@localhost's password: 
   remote: Enumerating objects: 3, done.
   remote: Counting objects: 100% (3/3), done.
   remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
   Receiving objects: 100% (3/3), done.
   [hang, must be interrupted with Ctrl-C]
   
Expected results:

   No hang

Additional info:

   It' caused by bug 1940067: With dbus 1.12.8-12.el8_3 ssh session executing
   single command hang (which in its turn is a regression of bug 1874282).

   So ssh hangs after running git-upload-pack at the server side.

   It is possible to circumvent the bug with a system-wide configuration to
   make git run ssh with the "-x" argument, which disables X11 forwarding:

   # git config --system core.sshCommand 'ssh -x'

   git should always run ssh with the "-x" argument to prevent errors related
   to X11 forwarding, which has been a problematic feature.
Comment 1 Carlos Santos 2022-03-24 14:39:37 UTC 
Update: it must be

   # echo X11Forwarding yes >> /etc/ssh/sshd_config

instead of

   # echo ForwardX11 yes >> /etc/ssh/sshd_config
Comment 9 RHEL Program Management 2023-09-20 12:40:04 UTC 
Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.
Comment 10 RHEL Program Management 2023-09-20 12:41:30 UTC 
This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.

Due to differences in account names between systems, some fields were not replicated.  Be sure to add yourself to Jira issue's "Watchers" field to continue receiving updates and add others to the "Need Info From" field to continue requesting information.

To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "RHEL-" followed by an integer.  You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:

"Bugzilla Bug" = 1234567

In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues. You can also visit https://access.redhat.com/articles/7032570 for general account information.
Comment 11 Red Hat Bugzilla 2024-01-19 04:25:08 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days