3197 – reset X11 forward timeout

Bug 3197 - reset X11 forward timeout

Summary: reset X11 forward timeout

Status:	NEW

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh (show other bugs)
Version:	8.3p1
Hardware:	All All

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-07-28 07:16 AEST by Roland Wirth
Modified:	2020-07-28 07:16 AEST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Roland Wirth 2020-07-28 07:16:42 AEST

Use case:
Over the course of a long-running SSH session, a user starts several X11 programs. When the timeout is enabled, starting any X11 program after the 20 minute mark fails, and the only option is to disconnect and reconnect the SSH session. A work-around is to disable the timeout, but that has security implications.

Enhancement:
Provide some way to reset the X11 forwarding, e.g., by having a new ~x escape that resets the timeout and generates a new xauth cookie. With the escape in place, the timeout window itself could be much shorter than 20 minutes, reducing the window of opportunity for an attack.