Bug 2068109

Summary: git does not disable X11 forwarding when executes ssh, so it may hang when cloning remote repositories
Product: Red Hat Enterprise Linux 8 Reporter: Carlos Santos <casantos>
Component: gitAssignee: Ondřej Pohořelský <opohorel>
Status: ASSIGNED --- QA Contact: RHEL CS Apps Subsystem QE <rhel-cs-apps-subsystem-qe>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.5CC: hhorak, jwright, ralacroix
Target Milestone: rcFlags: hhorak: needinfo? (jwright)
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Carlos Santos 2022-03-24 13:41:42 UTC 
Description of problem:

- User has "ForwardX11 yes" in ~/.ssh/config or in /etc/ssh/ssh_config
- Git server runs on RHEL 8.5
- User attempts to clone a repository over ssh
- Git hangs

Version-Release number of selected component (if applicable):

- RHEL 8.5
- dbus-1.12.8-14.el8.x86_64
- git-2.27.0-1.el8.x86_64
- openssh-clients-8.0p1-10.el8.x86_64
- openssh-server-8.0p1-10.el8.x86_64

How reproducible:

  Always

Steps to Reproduce:

  Using same machine and user for server and client, for simplicity:

1. Enable X11 forwarding for SSH server and client

   # echo ForwardX11 yes >> /etc/ssh/ssh_config
   # echo ForwardX11 yes >> /etc/ssh/sshd_config
   # systemctl restart sshd.service
  
2. Create git repository

   # mkdir /opt/test-repo
   # chown test-user:test-user /opt/test-repo

   Run below commands as "test-user" on a gnome-terminal

   $ cd /opt/test-repo
   $ git init
   $ git commit -m test

3. Try to clone the repository over ssh

   Rum below commands on a gnome-terminal (must have a DISPLAY)

   $ git clone localhost:/opt/test-repo

Actual results:

   Cloning into 'test-repo'...
   test-user@localhost's password: 
   remote: Enumerating objects: 3, done.
   remote: Counting objects: 100% (3/3), done.
   remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
   Receiving objects: 100% (3/3), done.
   [hang, must be interrupted with Ctrl-C]
   
Expected results:

   No hang

Additional info:

   It' caused by bug 1940067: With dbus 1.12.8-12.el8_3 ssh session executing
   single command hang (which in its turn is a regression of bug 1874282).

   So ssh hangs after running git-upload-pack at the server side.

   It is possible to circumvent the bug with a system-wide configuration to
   make git run ssh with the "-x" argument, which disables X11 forwarding:

   # git config --system core.sshCommand 'ssh -x'

   git should always run ssh with the "-x" argument to prevent errors related
   to X11 forwarding, which has been a problematic feature.
Comment 1 Carlos Santos 2022-03-24 14:39:37 UTC 
Update: it must be

   # echo X11Forwarding yes >> /etc/ssh/sshd_config

instead of

   # echo ForwardX11 yes >> /etc/ssh/sshd_config