[Bug 1016] ssh caching doesn't forward X11 connections

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Apr 17 17:49:15 EST 2005


------- Additional Comments From frederik at ofb.net  2005-04-17 17:49 -------
Personally, I think X11 and agent forwardings should be separate for separate
connections. Caching should be as transparent as possible. In particular,
ssh-agent forwarding should be separate because one might start different agents
with different permissions depending on level of trust in the remote host one is
logging in to. But this remote host might be a hop away from the server side of
the cached connection, e.g. I might log into a firewall machine and then
multiple internal machines from there, where some internal machines are not
trusted and some are. So I would need separate agents for cached connections to
the firewall. Similarly, the host on which I run X is often not the same as the
host on which I run my window manager and start all of my xterms, in fact, it is
almost never the same since I like to use dumb terminals. If ssh were to try to
force me to use the same X display for all of the cached outgoing connections
from this host, it would be annoying indeed. Every time I restart the dumb
terminal I'd have to go in and terminate the master ssh processes on the
window-manager host. It would also be annoying in a situation where I logged in
at different times from multiple display hosts to the same server.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-bugs mailing list