Bug 807600

Summary: Can't forward X11 throught ssh server
Product: Red Hat Enterprise Linux 5 Reporter: Xabier Bayon Garcia <franciscojavier.bayongarcia>
Component: opensshAssignee: Petr Lautrbach <plautrba>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: unspecified    
Version: 5.8   
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-17 15:39:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Xabier Bayon Garcia 2012-03-28 10:13:19 UTC 
Description of problem:

When trying to forward an X app throught ssh I get the error:

Error: Can't open display:
and .Xauthority is not created

I've saw this error in the secure log:

Mar 28 10:14:27 ------ sshd[8216]: error: Failed to allocate internet-domain X11 display socket.

If uncomment this line in sshd_config:
X11UseLocalhost no

then I can forward the X


Version-Release number of selected component (if applicable):

openssh-server-4.3p2-82.el5

How reproducible:

Vanilla RHEL 5.8 install and connect with 'ssh -X user@host'

Steps to Reproduce:
1.ssh -X user@host
2.xeyes
3.
  
Actual results:
Error: Can't open display:


Expected results:
Xeyes

Additional info:
Modifying default sshd_config you can get a workaround.
Comment 1 RHEL Program Management 2012-06-12 01:31:34 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 2 Petr Lautrbach 2013-03-13 17:17:29 UTC 
I'm not able to reproduce this issue. Would you set 'LogLevel DEBUG2' in sshd_config, restart sshd, try it again for both cases and attach relevant logs to this bugzilla. please? You should see lines beginning with '
setsockopt IPV6_V6ONLY: ' or 'bind port ' ...
Comment 3 Petr Lautrbach 2014-01-17 15:39:31 UTC 
This Bugzilla has been reviewed by Red Hat and is not planned on being
addressed in Red Hat Enterprise Linux 5, and therefore will be closed.
If this bug is critical to production systems, please contact your Red
Hat support representative and provide sufficient business
justification.