bugzilla-daemon at mindrot.org
2005-Apr-16 23:40 UTC
[Bug 1016] ssh caching doesn't forward X11 connections
http://bugzilla.mindrot.org/show_bug.cgi?id=1016
frederik at ofb.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|ssh caching sometimes hangs |ssh caching doesn't forward
|on logout or login |X11 connections
------- Additional Comments From frederik at ofb.net 2005-04-17 09:40 -------
see mailing list message id 4246B5F4.3060504 at mindrot.org
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Apr-17 00:40 UTC
[Bug 1016] ssh caching doesn't forward X11 connections
http://bugzilla.mindrot.org/show_bug.cgi?id=1016
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
OS/Version|Linux |All
Version|3.9p1 |-current
------- Additional Comments From dtucker at zip.com.au 2005-04-17 10:40 -------
This is not currently implemented. According to djm, this is "something of
a
protocol limitation"
(http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=111193626113938&w=2).
I had a brief read of section 6.3 of draft-ietf-secsh-connect-25 and I can't
see
what the gotchas are (although I don't doubt there are some).
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Apr-17 04:01 UTC
[Bug 1016] ssh caching doesn't forward X11 connections
http://bugzilla.mindrot.org/show_bug.cgi?id=1016 ------- Additional Comments From djm at mindrot.org 2005-04-17 14:01 ------- Actually, I was confused: the protocol doesn't provide an impediment to implementing this, but we need to figure out whether multiple connections share the same X11 and agent forwardings and, if so, how. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Apr-17 04:03 UTC
[Bug 1016] ssh caching doesn't forward X11 connections
http://bugzilla.mindrot.org/show_bug.cgi?id=1016 ------- Additional Comments From djm at mindrot.org 2005-04-17 14:03 ------- Please retest with >=4.0. A lot of multiplexing bugs were fixed between 3.9 and 4.0. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Apr-17 04:12 UTC
[Bug 1016] ssh caching doesn't forward X11 connections
http://bugzilla.mindrot.org/show_bug.cgi?id=1016 ------- Additional Comments From djm at mindrot.org 2005-04-17 14:12 ------- oops, that last comment was directed to the wrong bug. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Apr-17 07:49 UTC
[Bug 1016] ssh caching doesn't forward X11 connections
http://bugzilla.mindrot.org/show_bug.cgi?id=1016 ------- Additional Comments From frederik at ofb.net 2005-04-17 17:49 ------- Personally, I think X11 and agent forwardings should be separate for separate connections. Caching should be as transparent as possible. In particular, ssh-agent forwarding should be separate because one might start different agents with different permissions depending on level of trust in the remote host one is logging in to. But this remote host might be a hop away from the server side of the cached connection, e.g. I might log into a firewall machine and then multiple internal machines from there, where some internal machines are not trusted and some are. So I would need separate agents for cached connections to the firewall. Similarly, the host on which I run X is often not the same as the host on which I run my window manager and start all of my xterms, in fact, it is almost never the same since I like to use dumb terminals. If ssh were to try to force me to use the same X display for all of the cached outgoing connections from this host, it would be annoying indeed. Every time I restart the dumb terminal I'd have to go in and terminate the master ssh processes on the window-manager host. It would also be annoying in a situation where I logged in at different times from multiple display hosts to the same server. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.