[Bug 3197] New: reset X11 forward timeout

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Jul 28 07:16:42 AEST 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3197

            Bug ID: 3197
           Summary: reset X11 forward timeout
           Product: Portable OpenSSH
           Version: 8.3p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: roland_wirth at web.de

Use case:
Over the course of a long-running SSH session, a user starts several
X11 programs. When the timeout is enabled, starting any X11 program
after the 20 minute mark fails, and the only option is to disconnect
and reconnect the SSH session. A work-around is to disable the timeout,
but that has security implications.

Enhancement:
Provide some way to reset the X11 forwarding, e.g., by having a new ~x
escape that resets the timeout and generates a new xauth cookie. With
the escape in place, the timeout window itself could be much shorter
than 20 minutes, reducing the window of opportunity for an attack.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list