ForwardX11Trusted
Colin Watson
cjwatson at debian.org
Wed Mar 10 02:44:20 EST 2004
Since packaging OpenSSH 3.8p1 for Debian, I've got a flood of bug
reports and confusion about the new untrusted X client configuration.
At least part of this seems to be the short (2 minutes!) timeout on the
cookie, so that if you're impatient like me and open a connection to a
machine that takes a little while to do the key exchange, go off and do
something in another window in the meantime, and then come back when
it's finished, you may well find that the untrusted cookie's expired in
the meantime. This seems a bit excessive.
Would anyone think I was crazy for defaulting to ForwardX11Trusted in
our OpenSSH package for a while until this becomes more mature? At least
then we don't regress.
--
Colin Watson [cjwatson at flatline.org.uk]
More information about the openssh-unix-dev
mailing list