Bug#236936: addendum

To: 236936@bugs.debian.org
Subject: Bug#236936: addendum
From: Jonathan H N Chin <jhnc%stone@newton.cam.ac.uk>
Date: Tue, 9 Mar 2004 16:11:54 GMT
Message-id: <[🔎] 200403091611.i29GBsHL006421@stone.newton.cam.ac.uk>
Reply-to: Jonathan H N Chin <jhnc%stone@newton.cam.ac.uk>, 236936@bugs.debian.org

[ Forwarded to the bug at Colin's behest ]

> > > Starting with 3.8, you need to set ForwardX11Trusted if you want to
> > > affect other X clients. From ssh_config(5):

> > Since it may adversely affect behaviour of clients, would it be
> > out of place to give a warning about this new option and its
> > default setting when upgrading from a version/configuration that
> > doesn't have it?
> 
> I think it should be in the upgrading notes in README.Debian, and
> perhaps in NEWS.Debian. I'll take a look.


Another thing that I suspect is going to bite people with this new
setting is that the xauth credentials time out after 120 seconds with
no X clients active.

I just found the place in ssh.c where the "untrusted timeout 120" is
hardwired, and which explains the second part of my earlier bug report.

Perhaps this could be noted in the upgrading notes too.

Finally, the ForwardX11Trusted option could usefully be documented
in "Site-wide defaults" list of the new ssh_config that is installed
so that people diff'ing the new and old versions find something.


thanks,

-jonathan

-- 
Jonathan H N Chin, 1 dan | deputy computer | Newton Institute, Cambridge, UK
<jc254@newton.cam.ac.uk> | systems mangler | tel/fax: +44 1223 767091/330508

                "respondeo etsi mutabor" --Rosenstock-Huessy

Reply to:

Follow-Ups:
- Bug#236936: addendum
  - From: Matthew Vernon <matthew@sel.cam.ac.uk>
- Bug#236936: addendum
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Bug#237021: ssh: I have similar problems
Next by Date: Bug#237021: X11-forwarding not working
Previous by thread: Bug#237021: ssh: I have similar problems
Next by thread: Bug#236936: addendum
Index(es):
- Date
- Thread