Disable ForwardX11Timeout without ForwardX11Trusted in OpenSSH Client?

by

By default, recent versions of OpenSSH automatically set ForwardX11Timeout to 20 minutes if you set ForwardX11Trusted to no.

This means that 20 minutes after you start your ssh connection, you can’t open any more X clients, because the authentication token has expired. Especially bad if you try to use this with long-lived connections and ControlMaster.

I’ve tried disabling by setting to 0 (does not work, causes instant expiration) and by setting to a really long value (do not do this, it will crash your X server. Limit is somewhere between 3 and 4 weeks).

How can I completely disable the timeout?

Contents hide
Answers:
Method 1
Method 2

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

At the present time it seems you can’t reliably disable the time out completely. Nevertheless the patch needed shouldn’t be too much intrusive so if you are able to update/recompile your ssh there should be a way out of it. You might want to watch this question on the upstream mailing list for possible replies.

Method 2

There was a patch 2018-04 and discussion 2018-06 but my search of mailing list archive by subject lines alone suggests it was not yet accepted as of 2019-04.

Duplicating some related info I posted at https://superuser.com/a/1429080/1027014 just now –

The maximum timeout is uint_max of milliseconds minus some slack, just over 24 days. OpenSSH_7.4p1 will accept ssh -o ForwardX11Timeout=2147423s -X ... which is the best answer I can make now. ForwardX11Timeout above this may crash the XServer in some version combinations.

On MacOS with XQuartz, I have seen Warning: untrusted X11 forwarding setup failed: xauth key data not generated and upon digging further, /opt/X11/bin/xauth: timeout in locking authority file /var/folders/..../xauthfile .


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x