Mailing List Archive

[Bug 1016] ssh caching doesn't forward X11 connections
http://bugzilla.mindrot.org/show_bug.cgi?id=1016


frederik@ofb.net changed:

What |Removed |Added
----------------------------------------------------------------------------
Summary|ssh caching sometimes hangs |ssh caching doesn't forward
|on logout or login |X11 connections




------- Additional Comments From frederik@ofb.net 2005-04-17 09:40 -------
see mailing list message id 4246B5F4.3060504@mindrot.org



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 1016] ssh caching doesn't forward X11 connections [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=1016


dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
OS/Version|Linux |All
Version|3.9p1 |-current




------- Additional Comments From dtucker@zip.com.au 2005-04-17 10:40 -------
This is not currently implemented. According to djm, this is "something of a
protocol limitation"
(http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=111193626113938&w=2).

I had a brief read of section 6.3 of draft-ietf-secsh-connect-25 and I can't see
what the gotchas are (although I don't doubt there are some).



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 1016] ssh caching doesn't forward X11 connections [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=1016





------- Additional Comments From djm@mindrot.org 2005-04-17 14:01 -------
Actually, I was confused: the protocol doesn't provide an impediment to
implementing this, but we need to figure out whether multiple connections share
the same X11 and agent forwardings and, if so, how.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 1016] ssh caching doesn't forward X11 connections [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=1016





------- Additional Comments From djm@mindrot.org 2005-04-17 14:03 -------
Please retest with >=4.0. A lot of multiplexing bugs were fixed between 3.9 and 4.0.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 1016] ssh caching doesn't forward X11 connections [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=1016





------- Additional Comments From djm@mindrot.org 2005-04-17 14:12 -------
oops, that last comment was directed to the wrong bug.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 1016] ssh caching doesn't forward X11 connections [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=1016





------- Additional Comments From frederik@ofb.net 2005-04-17 17:49 -------
Personally, I think X11 and agent forwardings should be separate for separate
connections. Caching should be as transparent as possible. In particular,
ssh-agent forwarding should be separate because one might start different agents
with different permissions depending on level of trust in the remote host one is
logging in to. But this remote host might be a hop away from the server side of
the cached connection, e.g. I might log into a firewall machine and then
multiple internal machines from there, where some internal machines are not
trusted and some are. So I would need separate agents for cached connections to
the firewall. Similarly, the host on which I run X is often not the same as the
host on which I run my window manager and start all of my xterms, in fact, it is
almost never the same since I like to use dumb terminals. If ssh were to try to
force me to use the same X display for all of the cached outgoing connections
from this host, it would be annoying indeed. Every time I restart the dumb
terminal I'd have to go in and terminate the master ssh processes on the
window-manager host. It would also be annoying in a situation where I logged in
at different times from multiple display hosts to the same server.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.