Ubuntu – “can’t open display” weirdness over ssh

displaysshx11-forwardingxorg

Some time back, (maybe a year?), my environment was working correctly. But some time in the last year or so I started getting "can't open display" errors.

It's weird because I can ssh into the ubuntu box, (from a mac, over cisco ipsec), and start several new x11 clients. But at some point, (1 – 20 minutes later), new attempts to start x11 clients result in "can't open display" errors. If there's any other antecedent event that leads to the "can't open display" problem, I havent' figured it out.

My DISPLAY hasn't changed in this time. Preexisting windows continue to exist and function so I believe my local X11 server is good, running, and that the previously existing X11 forwarding tunnels are still functioning. It appears to be a problem with the initial rendezvous to the display.

Does this sound familiar to anyone?

Best Answer

You're seeing the effects of the ForwardX11Trusted option being turned off in ~/.ssh/config. When this option is set to no, remote X clients have fewer permissions on the local X server; this removes some ways in which the administrator of the remote machine can harm yours, but not all of them, so it is not an effective security measure. In addition, this option prevents new X clients from connecting if more than 20 minutes have elapsed since the connection was established.

Ubuntu has this option default to off, but the upstream default has it on. The client machine you're using must have been upgraded or had its configuration changed. Turn on ForwardX11Trusted in your ~/.ssh/config by adding the lines

Host *
ForwardX11Trusted yes

Recent versions of ssh allow the delay to be configured through the ForwardX11Timeout option, so you can leave ForwardX11Trusted off (for whatever benefit it might provide) and set a very high timeout.

Related Question