Displaying 14 results from an estimated 14 matches for "forwardx11timeout".
2014 Oct 16
0
[Bug 2295] New: clarify the effect of ForwardX11Timeout=0 in ssh config
https://bugzilla.mindrot.org/show_bug.cgi?id=2295
Bug ID: 2295
Summary: clarify the effect of ForwardX11Timeout=0 in ssh
config
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Documentation
Assignee: unassigned-bugs at...
2014 Jan 02
0
ForwardX11Timeout = 0 disables untrusted connections
Hi,
it seems that setting
ForwardX11Trusted = yes
ForwardX11Timeout = 0
causes untrusted connections to be refused immediately. While this
certainly makes sense this way, I believe in this case ForwardX11Timeout
= 0 might be better used for disabling the timeout entirely (the current
behaviour is the same as ForwardX11Trusted = no).
Is there some reason while...
2018 Apr 27
4
[PATCH] allow indefinite ForwardX11Timeout by setting it to 0
This change allows use of untrusted X11 forwarding (which is more
secure) without
requiring users to choose a finite timeout after which to refuse new
connections.
This matches the semantics of the X11 security extension itself, which
also treat a
validity timeout of 0 on an authentication cookie as indefinite.
Signed-off-by: Trixie Able <table at inventati.org>
---
clientloop.c | 12
2010 Feb 26
8
[Bug 1718] New: Spurious messages "X11 connection rejected because of wrong authentication."
https://bugzilla.mindrot.org/show_bug.cgi?id=1718
Summary: Spurious messages "X11 connection rejected because of
wrong authentication."
Product: Portable OpenSSH
Version: 5.3p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ssh
2015 Jun 26
3
ssh -X versus -Y
...ions seem to require -Y
and I have not dug into all of the reasons.
> Maybe it is some other issue that is closing your ssh connection
> (maybe you should use the KeepAlive options on the ssh
> server/client); just guessing.
On Debian and FreeBSD 'man ssh_config' now shows:
ForwardX11Timeout
Specify a timeout for untrusted X11 forwarding using
the format described in the TIME FORMATS section of
sshd_config(5). X11 connections received by ssh(1)
after this time will be refused. The default is to
disable untrusted X11 forwarding after twenty minutes...
2011 Aug 25
1
Add missing -o options in ssh(1) manual
...1 23:20:25 -0000 1.319
+++ ssh.1 25 Aug 2011 19:24:29 -0000
@@ -419,11 +419,13 @@ For full details of the options listed b
.It ConnectTimeout
.It ControlMaster
.It ControlPath
+.It ControlPersist
.It DynamicForward
.It EscapeChar
.It ExitOnForwardFailure
.It ForwardAgent
.It ForwardX11
+.It ForwardX11Timeout
.It ForwardX11Trusted
.It GatewayPorts
.It GlobalKnownHostsFile
@@ -438,6 +440,7 @@ For full details of the options listed b
.It IdentityFile
.It IdentitiesOnly
.It IPQoS
+.It KbdInteractiveAuthentication
.It KbdInteractiveDevices
.It KexAlgorithms
.It LocalCommand
2017 Jun 21
1
encoding/locale problem with ssh -X
...ll
|
| qplot(1:10, 1:10) + xlab("gr??e")
| ## ERROR
`----
My setup:
- locally:
Linux (Debian GNU/Linux 9)
- remotely
Linux (RHEL Server release 7.3 (Maipo)
(Maybe) relevant bits of my .ssh/config:
,----
| Host theserver
| HostName XXX.XXX.XXX.XXX
| ForwardX11 yes
| ForwardX11Timeout 596h
| IdentityFile ~/.ssh/id_rsa
| IdentitiesOnly yes
| ForwardAgent yes
| ServerAliveInterval 300
`----
Thanks in advance for your help!
Best,
Andreas
2018 Oct 19
0
Announce: OpenSSH 7.9 released
...hrase. bz#2901
* sshd(8): when a channel closed message is received from a client,
close the stderr file descriptor at the same time stdout is
closed. This avoids stuck processes if they were waiting for
stderr to close and were insensitive to stdin/out closing. bz#2863
* ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11
forwarding timeout and support X11 forwarding indefinitely.
Previously the behaviour of ForwardX11Timeout=0 was undefined.
* sshd(8): when compiled with GSSAPI support, cache supported method
OIDs regardless of whether GSSAPI authentication is enabled in th...
2013 Jun 18
0
Problems in slogin.1, sshd_config.5, ssh_config.5
...cords indicate that you have accepted this patch, so this is just
a reminder.
Invalid Sx reference - not a section on this page.
--- ssh_config.5-unpatched 2013-05-25 14:56:05.228356137 -0400
+++ ssh_config.5 2013-05-25 14:56:04.832356145 -0400
@@ -490,9 +490,7 @@
option is also enabled.
.It Cm ForwardX11Timeout
Specify a timeout for untrusted X11 forwarding
-using the format described in the
-.Sx TIME FORMATS
-section of
+using the format described in the TIME FORMATS section of
.Xr sshd_config 5 .
X11 connections received by
.Xr ssh 1
@@ -1296,9 +1294,7 @@
.Dq no .
Note that this option applies to...
2010 Jun 20
6
[Bug 1785] New: configurable timeout for x11 cookies
...Status: NEW
Severity: enhancement
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: taviso at cmpxchg8b.com
Created attachment 1877
--> https://bugzilla.mindrot.org/attachment.cgi?id=1877
Possible implementation of ForwardX11Timeout
On several popular Linux distributions (like redhat), x11 access
control is performed using SO_PEERCRED credentials, this breaks ssh -X,
as once the untrusted cookie expires, the untrusted connection becomes
trusted.
I posted about this to the Xorg devel list.
http://lists.x.org/archives/xorg-de...
2020 Oct 06
5
[Bug 3220] New: Possible bug if ControlMaster + ControlPersist and `-t`
...mindrot.org
Reporter: mikko.rantalainen at peda.net
Steps to reproduce:
$ cat ~/.ssh/config
ControlMaster auto
ControlPath ~/.ssh/connections/%r@%h:%p
ControlPersist 1
Host workstation
HostName remote.example.com
HostKeyAlias workstation
ForwardX11 yes
ForwardX11Timeout 10h
AddKeysToAgent yes
ForwardAgent yes
With two local terminal sessions A and B.
A: ssh workstation
B: ssh workstation
A: logout
The ssh connection to workstation is immediately completed but stderr
gets an extra message
Shared connection to remote.example.com closed.
This i...
2015 Jul 01
0
Announce: OpenSSH 6.9 released
...ent intentions, but please check the final
release notes for OpenSSH 7.0 when it is released.
Changes since OpenSSH 6.8
=========================
This is primarily a bugfix release.
Security
--------
* ssh(1): when forwarding X11 connections with ForwardX11Trusted=no,
connections made after ForwardX11Timeout expired could be permitted
and no longer subject to XSECURITY restrictions because of an
ineffective timeout check in ssh(1) coupled with "fail open"
behaviour in the X11 server when clients attempted connections with
expired credentials. This problem was reported by Jann Horn...
2018 Oct 11
13
Call for testing: OpenSSH 7.9
...hrase. bz#2901
* sshd(8): when a channel closed message is received from a client,
close the stderr file descriptor at the same time stdout is
closed. This avoids stuck processes if they were waiting for
stderr to close and were insensitive to stdin/out closing. bz#2863
* ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11
forwarding timeout and support X11 forwarding indefinitely.
Previously the behaviour of ForwardX11Timeout=0 was undefined.
* sshd(8): when compiled with GSSAPI support, cache supported method
OIDs regardless of whether GSSAPI authentication is enabled in th...
2015 Jul 01
5
Announce: OpenSSH 6.9 released
...ent intentions, but please check the final
release notes for OpenSSH 7.0 when it is released.
Changes since OpenSSH 6.8
=========================
This is primarily a bugfix release.
Security
--------
* ssh(1): when forwarding X11 connections with ForwardX11Trusted=no,
connections made after ForwardX11Timeout expired could be permitted
and no longer subject to XSECURITY restrictions because of an
ineffective timeout check in ssh(1) coupled with "fail open"
behaviour in the X11 server when clients attempted connections with
expired credentials. This problem was reported by Jann Horn...