Some time back, (maybe a year?), my environment was working correctly. But some time in the last year or so I started getting "can't open display" errors.
It's weird because I can ssh into the ubuntu box, (from a mac, over cisco ipsec), and start several new x11 clients. But at some point, (1 – 20 minutes later), new attempts to start x11 clients result in "can't open display" errors. If there's any other antecedent event that leads to the "can't open display" problem, I havent' figured it out.
My DISPLAY hasn't changed in this time. Preexisting windows continue to exist and function so I believe my local X11 server is good, running, and that the previously existing X11 forwarding tunnels are still functioning. It appears to be a problem with the initial rendezvous to the display.
Does this sound familiar to anyone?
Best Answer
You're seeing the effects of the
ForwardX11Trusted
option being turned off in~/.ssh/config
. When this option is set tono
, remote X clients have fewer permissions on the local X server; this removes some ways in which the administrator of the remote machine can harm yours, but not all of them, so it is not an effective security measure. In addition, this option prevents new X clients from connecting if more than 20 minutes have elapsed since the connection was established.Ubuntu has this option default to off, but the upstream default has it on. The client machine you're using must have been upgraded or had its configuration changed. Turn on
ForwardX11Trusted
in your~/.ssh/config
by adding the linesRecent versions of ssh allow the delay to be configured through the
ForwardX11Timeout
option, so you can leaveForwardX11Trusted
off (for whatever benefit it might provide) and set a very high timeout.