Re: Ubuntu clients unable to open display after several minutes
Re: Ubuntu clients unable to open display after several minutes
- Subject: Re: Ubuntu clients unable to open display after several minutes
- From: Jeremy Huddleston Sequoia <email@hidden>
- Date: Thu, 06 Sep 2012 16:44:37 -0700
See ForwardX11Timeout in ssh_config(5):
ForwardX11Timeout
Specify a timeout for untrusted X11 forwarding using the format
described in the TIME FORMATS section of sshd_config(5). X11
connections received by ssh(1) after this time will be refused.
The default is to disable untrusted X11 forwarding after twenty
minutes has elapsed.
On Sep 6, 2012, at 16:23, Matt Pietrek <email@hidden> wrote:
> I've run into an (admittedly weird) problem with X-Windows and/or XQuartz
> recently. In a nutshell, after successfully being able to launch X11 client
> apps for about 10 minutes, I suddenly can't launch any more apps from
> within that console until I shut down the console session and restart it.
>
> Prior to to my upgrade to OS 10.8, I was using OSX 10.6 without incident. I
> could launch X11 apps all day within my Ubuntu 10.04 shells.
>
> After upgrading to 10.8 and XQuartz (2.7.2, then 2.7.3), I have no problem
> launching the same apps (Eclipse, gedit, BeyondCompare) for about the first
> 10 minutes after launching a shell. However, inevitably I'll go to launch
> another app and I'll get the dreaded:
>
> Gtk-WARNING **: cannot open display: localhost:10.0
>
> I've tried killing/re-launching XQuartz within OSX without any luck. The
> only way I can make an app start again is to shut down my console window
> (OSX's Terminal) and then start it again.
>
> Interestingly, apps that did successfully launch will remain running
> indefinitely. And I can launch X11 apps over and over again when I first
> start the Terminal app. It's only when I try to launch an app after it's
> been "too long" that I see the error. And once in that state, no X11 client
> apps will launch.
>
> FWIW, my ssh config files look like this:
>
>
> ssh_config
> ---------------
> mpietrek@/etc>cat ssh_config
> # $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $
>
> # This is the ssh client system-wide configuration file. See
> # ssh_config(5) for more information. This file provides defaults for
> # users, and the values can be changed in per-user configuration files
> # or on the command line.
>
> # Configuration data is parsed as follows:
> # 1. command line options
> # 2. user-specific file
> # 3. system-wide file
> # Any configuration value is only changed the first time it is set.
> # Thus, host-specific definitions should be at the beginning of the
> # configuration file, and defaults at the end.
>
> # Site-wide defaults for some commonly used options. For a comprehensive
> # list of available options, their meanings and defaults, please see the
> # ssh_config(5) man page.
>
> Host *
> SendEnv LANG LC_*
> # ForwardAgent no
> # ForwardX11 no
> # RhostsRSAAuthentication no
> # RSAAuthentication yes
> # PasswordAuthentication yes
> # HostbasedAuthentication no
> # GSSAPIAuthentication no
> # GSSAPIDelegateCredentials no
> # GSSAPIKeyExchange no
> # GSSAPITrustDNS no
> # BatchMode no
> # CheckHostIP yes
> # AddressFamily any
> # ConnectTimeout 0
> # StrictHostKeyChecking ask
> # IdentityFile ~/.ssh/identity
> # IdentityFile ~/.ssh/id_rsa
> # IdentityFile ~/.ssh/id_dsa
> # Port 22
> # Protocol 2,1
> # Cipher 3des
> # Ciphers aes128-ctr,aes192-ctr,aes256-
> ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
> # MACs hmac-md5,hmac-sha1,email@hidden,hmac-ripemd160
> # EscapeChar ~
> # Tunnel no
> # TunnelDevice any:any
> # PermitLocalCommand no
> # VisualHostKey no
> # ProxyCommand ssh -q -W %h:%p gateway.example.com
>
> # XAuthLocation added by XQuartz (http://xquartz.macosforge.org)
> Host *
> XAuthLocation /opt/X11/bin/xauth
>
>
>
> sshd_config
> ----------------
> # $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $
>
> # This is the sshd server system-wide configuration file. See
> # sshd_config(5) for more information.
>
> # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
>
> # The strategy used for options in the default sshd_config shipped with
> # OpenSSH is to specify options with their default value where
> # possible, but leave them commented. Uncommented options override the
> # default value.
>
> #Port 22
> #AddressFamily any
> #ListenAddress 0.0.0.0
> #ListenAddress ::
>
> # The default requires explicit activation of protocol 1
> #Protocol 2
>
> # HostKey for protocol version 1
> #HostKey /etc/ssh/ssh_host_key
> # HostKeys for protocol version 2
> #HostKey /etc/ssh/ssh_host_rsa_key
> #HostKey /etc/ssh/ssh_host_dsa_key
> #HostKey /etc/ssh/ssh_host_ecdsa_key
>
> # Lifetime and size of ephemeral version 1 server key
> #KeyRegenerationInterval 1h
> #ServerKeyBits 1024
>
> # Logging
> # obsoletes QuietMode and FascistLogging
> SyslogFacility AUTHPRIV
> #LogLevel INFO
>
> # Authentication:
>
> #LoginGraceTime 2m
> #PermitRootLogin yes
> #StrictModes yes
> #MaxAuthTries 6
> #MaxSessions 10
>
> #RSAAuthentication yes
> #PubkeyAuthentication yes
>
> # The default is to check both .ssh/authorized_keys and
> .ssh/authorized_keys2
> # but this is overridden so installations will only check
> .ssh/authorized_keys
> AuthorizedKeysFile .ssh/authorized_keys
>
> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
> #RhostsRSAAuthentication no
> # similar for protocol version 2
> #HostbasedAuthentication no
> # Change to yes if you don't trust ~/.ssh/known_hosts for
> # RhostsRSAAuthentication and HostbasedAuthentication
> #IgnoreUserKnownHosts no
> # Don't read the user's ~/.rhosts and ~/.shosts files
> #IgnoreRhosts yes
>
> # To disable tunneled clear text passwords both PasswordAuthentication and
> # ChallengeResponseAuthentication must be set to "no".
> #PasswordAuthentication no
> #PermitEmptyPasswords no
>
> # Change to no to disable s/key passwords
> #ChallengeResponseAuthentication yes
>
> # Kerberos options
> #KerberosAuthentication no
> #KerberosOrLocalPasswd yes
> #KerberosTicketCleanup yes
>
> # GSSAPI options
> #GSSAPIAuthentication no
> #GSSAPICleanupCredentials yes
> #GSSAPIStrictAcceptorCheck yes
> #GSSAPIKeyExchange no
>
> # Set this to 'yes' to enable PAM authentication, account processing,
> # and session processing. If this is enabled, PAM authentication will
> # be allowed through the ChallengeResponseAuthentication and
> # PasswordAuthentication. Depending on your PAM configuration,
> # PAM authentication via ChallengeResponseAuthentication may bypass
> # the setting of "PermitRootLogin without-password".
> # If you just want the PAM account and session checks to run without
> # PAM authentication, then enable this but set PasswordAuthentication
> # and ChallengeResponseAuthentication to 'no'.
> # Also, PAM will deny null passwords by default. If you need to allow
> # null passwords, add the " nullok" option to the end of the
> # securityserver.so line in /etc/pam.d/sshd.
> #UsePAM yes
>
> #AllowAgentForwarding yes
> #AllowTcpForwarding yes
> #GatewayPorts no
> #X11Forwarding no
> #X11DisplayOffset 10
> #X11UseLocalhost yes
> #PrintMotd yes
> #PrintLastLog yes
> #TCPKeepAlive yes
> #UseLogin no
> #UsePrivilegeSeparation sandbox
> #PermitUserEnvironment no
> #Compression delayed
> #ClientAliveInterval 0
> #ClientAliveCountMax 3
> #UseDNS yes
> #PidFile /var/run/sshd.pid
> #MaxStartups 10
> #PermitTunnel no
> #ChrootDirectory none
>
> # pass locale information
> AcceptEnv LANG LC_*
>
> # no default banner path
> #Banner none
>
> # override default of no subsystems
> Subsystem sftp /usr/libexec/sftp-server
>
> # Example of overriding settings on a per-user basis
> #Match User anoncvs
> # X11Forwarding no
> # AllowTcpForwarding no
> # ForceCommand cvs server
>
> # XAuthLocation added by XQuartz (http://xquartz.macosforge.org)
> XAuthLocation /opt/X11/bin/xauth
>
> Thanks much for any assistance,
>
> Matt
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> X11-users mailing list (email@hidden)
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
This email sent to email@hidden