CentOS Stream 8: Issue with hang of non-X11 command via SSH X11 Forwarding

29日 7月 2021

This article will describe how to avoid issue that running non-X11 command with ssh -X/-Y is hanged.

• 1. Issue
• 2. Reason
• 3. Avoid this issue
• 4. References

1 Issue

• When openssh-server, xorg-x11-xauth and x11-dbus are installed in server machine, running non-X11 command with ssh -X/-Y on client machine will be hanged because SSH connection will be not closed.

$ ssh -Y lxd-centos-8-ssh-x11.hiroom2.com — uname -aWarning: No xauth data; using fake authentication data for X11 forwarding.Linux lxd-centos-8-ssh-x11 5.10.52-1-lts #1 SMP Tue, 20 Jul 2021 16:46:09+0000 x86_64 x86_64 x86_64 GNU/Linux(hang)

2 Reason

• CentOS Stream 8’s dbus-x11 provides /etc/profile.d/ssh-x-forwarding.sh. This script will be done after SSH connection is established.

$ rpm -ql dbus-x11/etc/X11/xinit/xinitrc.d/00-start-message-bus.sh/etc/profile.d/ssh-x-forwarding.csh/etc/profile.d/ssh-x-forwarding.sh/usr/bin/dbus-launch/usr/lib/.build-id/usr/lib/.build-id/4b/usr/lib/.build-id/4b/439e4019de8f19a66c1b6676d47dd121f684f3/usr/share/man/man1/dbus-launch.1.gz

• When specifying -X/-Y option of ssh command, /etc/profile.d/ssh-x-forwarding.sh will run dbus-launch –exit-with-x11.
• dbus-launch –exit-with-x11 will be done after x11 command is done. But dbus-launch –exit-with-x11 will be NOT done after non-x11 command is done. This is the reason why ssh command is hanged.

$ cat /etc/profile.d/ssh-x-forwarding.sh# DBus session bus over SSH with X11 forwarding[ -z “$SSH_CONNECTION” ] && return[ -z “$DISPLAY” ] && return[ “$SHLVL” -gt 1 ] && returnGDK_BACKEND=x11; export GDK_BACKENDeval $(dbus-launch –sh-syntax –exit-with-x11)

3 Avoid this issue

• Disable /etc/profile.d/ssh-x-forwarding.sh.

#!/bin/shsudo dnf install -y openssh-server xorg-x11-xauth dbus-x11sudo systemctl enable sshdsudo systemctl start sshdfirewall-cmd –add-service=ssh –permanentfirewall-cmd –reloadsudo mv /etc/profile.d/ssh-x-forwarding.sh /etc/profile.d/ssh-x-forwarding.sh.disabled

• If you need D-Bus, running dbus-launch in ssh command like the following.

$ ssh -X server ‘. /etc/profile.d/ssh-x-forwardning.sh.disabled; command’

4 References

• With dbus 1.12.8-12.el8_3 ssh session executing single command hang
• dbus-x11 could start per-connect session bus when user does ssh X11 DISPLAY forwarding

]]> tagPlaceholderカテゴリ： ssh, en, centos-8, d-bus