bugzilla-daemon at mindrot.org
2020-Jul-27 21:16 UTC
[Bug 3197] New: reset X11 forward timeout
https://bugzilla.mindrot.org/show_bug.cgi?id=3197
Bug ID: 3197
Summary: reset X11 forward timeout
Product: Portable OpenSSH
Version: 8.3p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: roland_wirth at web.de
Use case:
Over the course of a long-running SSH session, a user starts several
X11 programs. When the timeout is enabled, starting any X11 program
after the 20 minute mark fails, and the only option is to disconnect
and reconnect the SSH session. A work-around is to disable the timeout,
but that has security implications.
Enhancement:
Provide some way to reset the X11 forwarding, e.g., by having a new ~x
escape that resets the timeout and generates a new xauth cookie. With
the escape in place, the timeout window itself could be much shorter
than 20 minutes, reducing the window of opportunity for an attack.
--
You are receiving this mail because:
You are watching the assignee of the bug.
Possibly Parallel Threads
- [Bug 803] Security Bug: X11 Forwarding is more powerful than it needs to be.
- [OpenSSH_5.1] Untrusted X11 forwarding (ssh -X) no longer works?
- bug: X11 forwarding silently falls back to ForwardX11Trusted=yes
- 5.1p1 and X11 forwarding failing
- X11 forwarding again
Wisdom of the Ancients
