CentOS Stream 8: Issue with hang of non-X11 command via SSH X11 Forwarding

This article will describe how to avoid issue that running non-X11 command with ssh -X/-Y is hanged.

1 Issue

  • When openssh-server, xorg-x11-xauth and x11-dbus are installed in server machine, running non-X11 command with ssh -X/-Y on client machine will be hanged because SSH connection will be not closed.
$ ssh -Y lxd-centos-8-ssh-x11.hiroom2.com -- uname -a
Warning: No xauth data; using fake authentication data for X11 forwarding.
Linux lxd-centos-8-ssh-x11 5.10.52-1-lts #1 SMP Tue, 20 Jul 2021 16:46:09
+0000 x86_64 x86_64 x86_64 GNU/Linux

2 Reason

  • CentOS Stream 8's dbus-x11 provides /etc/profile.d/ssh-x-forwarding.sh. This script will be done after SSH connection is established.
$ rpm -ql dbus-x11
  • When specifying -X/-Y option of ssh command, /etc/profile.d/ssh-x-forwarding.sh will run dbus-launch –exit-with-x11.
  • dbus-launch –exit-with-x11 will be done after x11 command is done. But dbus-launch –exit-with-x11 will be NOT done after non-x11 command is done. This is the reason why ssh command is hanged.
$ cat /etc/profile.d/ssh-x-forwarding.sh
# DBus session bus over SSH with X11 forwarding
[ -z "$SSH_CONNECTION" ] && return
[ -z "$DISPLAY" ] && return
[ "$SHLVL" -gt 1 ] && return

eval $(dbus-launch --sh-syntax --exit-with-x11)

3 Avoid this issue

  • Disable /etc/profile.d/ssh-x-forwarding.sh.

sudo dnf install -y openssh-server xorg-x11-xauth dbus-x11

sudo systemctl enable sshd
sudo systemctl start sshd
firewall-cmd --add-service=ssh --permanent
firewall-cmd --reload

sudo mv /etc/profile.d/ssh-x-forwarding.sh \
  • If you need D-Bus, running dbus-launch in ssh command like the following.
$ ssh -X server '. /etc/profile.d/ssh-x-forwardning.sh.disabled; command'