I connect from host into the guest VM with X-forwarding (ssh -X), so that programs launched in the VM will run on the host display. X-forwarding works first, but after a while it stops working. Connection (from inside of the VM) on the corresponding port (6010 or similar) is immediately closed by the foreign host. Ssh connection itself is okay though. Reconnecting ssh helps, but later the same thing repeats. Why would this be happening? FreeBSD-10.2, both host and guest VM. Yuri
On Fri, Jan 1, 2016 at 10:16 PM, Yuri <yuri at rawbw.com> wrote:> I connect from host into the guest VM with X-forwarding (ssh -X), so that > programs launched in the VM will run on the host display. > > X-forwarding works first, but after a while it stops working. Connection > (from inside of the VM) on the corresponding port (6010 or similar) is > immediately closed by the foreign host. Ssh connection itself is okay > though. Reconnecting ssh helps, but later the same thing repeats.By default ssh will request an untrusted xauth cookie that expires after 20 minutes. You can change that with ForwardX11Timeout in ssh_config(5) or request a trusted cookie that doesn't expire (ForwardX11Trusted=yes or ssh -Y). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Fri, 1 Jan 2016, Yuri wrote:> I connect from host into the guest VM with X-forwarding (ssh -X), so that > programs launched in the VM will run on the host display. > > X-forwarding works first, but after a while it stops working. Connection (from > inside of the VM) on the corresponding port (6010 or similar) is immediately > closed by the foreign host. Ssh connection itself is okay though. Reconnecting > ssh helps, but later the same thing repeats. > > Why would this be happening?It's probably this: (ssh_config(5))> ForwardX11Trusted > If this option is set to ?yes?, remote X11 clients will have full > access to the original X11 display. > > If this option is set to ?no?, remote X11 clients will be consid? > ered untrusted and prevented from stealing or tampering with data > belonging to trusted X11 clients. Furthermore, the xauth(1) > token used for the session will be set to expire after 20 min? > utes. Remote clients will be refused access after this time. > > The default is ?no?. > > See the X11 SECURITY extension specification for full details on > the restrictions imposed on untrusted clients.You can use "ssh -Y" as a shortcut for ForwardX11Trusted=yes