X11 stops forwarding as root

jarome · December 22, 2013, 4:44pm

Using 64-bit 13.1 remotely, I ssh in and do:
jar@jarfx:~> su -
Password:
jarfx:~ # yast2 &
[1] 2753

This works. Then (the next morning) I made some ssl certificates, and tried to edit the configuration:
jarfx:/etc/apache2 # nedit /etc/sysconfig/apache2 &
[2] 14842
jarfx:/etc/apache2 # NEdit: Can’t open display

This happens all the time after a sufficient delay. Exiting su and redoing su - does not fix it. I have to log out and start a new session.

hcvv · December 23, 2013, 9:42am

I see that you got no answers at all until now.

That is of course a pity because what you describe is technicaly a bit strange. But the lack of answers could be due to the fact that nobody else would leave open an inactive root session for such a long time. And I guess also nobody will try to recreate your problem by leaving an unattended root session open on his/her own systems out of security concerns.

nrickert · December 23, 2013, 1:08pm

I missed this thread yesterday. Thank, for that post to bring it to my attention.

Check “/etc/ssh/ssh_config” and “$HOME/.ssh/config” on the client machine (from where you are using “ssh”).

In my “/etc/ssh/ssh_config”, I see


ForwardX11Trusted yes

That is not the default for “openssh”, though it is the way that opensuse installs it.

Without that, the forwarded authentication for X will time out after a while. It sounds as if that is your problem.

hcvv · December 23, 2013, 2:13pm

It was my main goal to give it a bumb. Thanks for joining.

jarome · December 23, 2013, 4:52pm

nrickert:

I missed this thread yesterday. Thank, for that post to bring it to my attention.

Check “/etc/ssh/ssh_config” and “$HOME/.ssh/config” on the client machine (from where you are using “ssh”).

In my “/etc/ssh/ssh_config”, I see
ForwardX11Trusted yes
That is not the default for “openssh”, though it is the way that opensuse installs it.

Without that, the forwarded authentication for X will time out after a while. It sounds as if that is your problem.

Well, I am not worried about root access because my Mac is right next to my Linux server in my house. But it is not a root issue. If I exit root, I still cannot forward X11. Something changed, either in Mavericks or in 13.1 because now there is a default 20-minute X11 forwarding timeout. You need to add


ForwardX11Timeout 596h

to override this. A really long timeout crashes the Apple XQuartz server by the way.

nrickert · December 23, 2013, 6:09pm

I am testing that right now, in 13.1. I guess I have to wait 20 minutes to see.

The “ForwardX11Trusted yes” is all about that timeout, and has nothing to do with use by root. This change to “openssh” defaults happened several years ago. As far as I know, opensuse has always overridden this by putting “ForwardX11Trusted yes” in “ssh_config”. But, just in case something else has changed, I’m doing a 20 minute test.

Note that “ssh -Y” (instead of “ssh -X”) is also supposed to override this on a per-connection basis.

nrickert · December 23, 2013, 6:43pm

It is now 42 minutes since I logged in with X-forwarding between two systems running 13.1.

The X-forwarding is still working.