Re: question about x11 forwarding in ssh
From: Darren Tucker (dtucker_at_zip.com.au)
Date: 09/22/05
- Previous message: Andre Charbonneau: "question about x11 forwarding in ssh"
- In reply to: Andre Charbonneau: "question about x11 forwarding in ssh"
- Next in thread: Andre Charbonneau: "Re: question about x11 forwarding in ssh"
- Reply: Andre Charbonneau: "Re: question about x11 forwarding in ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Sep 2005 18:28:41 +1000 To: Andre Charbonneau <andre.charbonneau@nrc-cnrc.gc.ca>
Andre Charbonneau wrote:
> But my question is: How does the SSH client (openSSH for example)
> forwards x11 when port 6000 is not open??? Does it use another, special
> port that it can connect to?
The listening is done on the SSH server, at the request of the client.
In OpenSSH, the server normally starts at a port greater than 6000
(6010, but it's controlled by the X11DisplayOffset keyword in
sshd_config(5)) and tries to bind to the port, incrementing the port by
one until the bind succeeds. Once it knows the port, it sets the
$DISPLAY variable to the value corresponding to the port it bound to (eg
for port 6010, $DISPLAY is localhost:10 [1] and so on) and adds the
xauth "cookie" to the .Xauthority file corresponding to that $DISPLAY.
The X11 client looks up $DISPLAY in its environment and the xauth cookie
to that $DISPLAY in the .Xauthority file, then connects to localhost
and, hopefully, the connection is forwarded to your X server.
> Is there a document online that I can read that explains in details how
> ssh does the x11 forwarding?
Not that I know of. If it helps, you can think of it as a special case
of remote TCP port forwarding with the addition of the xauth authentication.
[1] Actually, sometimes it doesn't use localhost but it doesn't matter
for the purposes of this discussion. See X11UseLocalhost in sshd_config(5).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- Previous message: Andre Charbonneau: "question about x11 forwarding in ssh"
- In reply to: Andre Charbonneau: "question about x11 forwarding in ssh"
- Next in thread: Andre Charbonneau: "Re: question about x11 forwarding in ssh"
- Reply: Andre Charbonneau: "Re: question about x11 forwarding in ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
