Re: question about x11 forwarding in ssh
From: Andre Charbonneau (andre.charbonneau_at_nrc-cnrc.gc.ca)
Date: 09/22/05
- Previous message: Darren Tucker: "Re: question about x11 forwarding in ssh"
- In reply to: Darren Tucker: "Re: question about x11 forwarding in ssh"
- Next in thread: Darren Tucker: "Re: question about x11 forwarding in ssh"
- Reply: Darren Tucker: "Re: question about x11 forwarding in ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Sep 2005 10:05:34 -0400 To: Darren Tucker <dtucker@zip.com.au>
Hi,
Thanks for the info...
But my question was geared toward what is happening on the ssh client
side. (sorry if I did not explain myself clearly...)
To rephrase my question: What does a ssh client have to do when it
receives a request to open a x11 channel? Does that SSH client have to
open a socket connection to the local X server?
The library I'm currently trying to debug attempts to open a regular
socket to localhost, port 6000 (on the ssh client side, not on the sshd
side...), which is the usual port on which a X server will listen for
display 0, screen 0. But because my X server is started with "-nolisten
tcp", that port is not open, and the socket connection fails with a
"connection refused" exception, which is ok I guess knowing the fact
that my X server is not listening on this port. But I don't understand
then why the x11 forwarding works when I use the openSSH client at
command line to launch a remote application. Isn't the openSSH client
also attempting to connect to localhost:6000 in order to forward the x11
packets that are coming in through the ssh tunnel to the local X
server? Is it connecting to the X server in a special way? On another
port?
I'm confused... :-|
Regards,
Andre
Darren Tucker wrote:
>Andre Charbonneau wrote:
>
>
>>But my question is: How does the SSH client (openSSH for example)
>>forwards x11 when port 6000 is not open??? Does it use another, special
>>port that it can connect to?
>>
>>
>
>The listening is done on the SSH server, at the request of the client.
>
>In OpenSSH, the server normally starts at a port greater than 6000
>(6010, but it's controlled by the X11DisplayOffset keyword in
>sshd_config(5)) and tries to bind to the port, incrementing the port by
>one until the bind succeeds. Once it knows the port, it sets the
>$DISPLAY variable to the value corresponding to the port it bound to (eg
>for port 6010, $DISPLAY is localhost:10 [1] and so on) and adds the
>xauth "cookie" to the .Xauthority file corresponding to that $DISPLAY.
>
>The X11 client looks up $DISPLAY in its environment and the xauth cookie
>to that $DISPLAY in the .Xauthority file, then connects to localhost
>and, hopefully, the connection is forwarded to your X server.
>
>
>
>>Is there a document online that I can read that explains in details how
>>ssh does the x11 forwarding?
>>
>>
>
>Not that I know of. If it helps, you can think of it as a special case
>of remote TCP port forwarding with the addition of the xauth authentication.
>
>[1] Actually, sometimes it doesn't use localhost but it doesn't matter
>for the purposes of this discussion. See X11UseLocalhost in sshd_config(5).
>
>
>
-- Andre Charbonneau 100 Sussex Drive, Rm 2025 Research Computing Support, IMSB National Research Council Canada Ottawa, ON, Canada K1A 0R6
- Previous message: Darren Tucker: "Re: question about x11 forwarding in ssh"
- In reply to: Darren Tucker: "Re: question about x11 forwarding in ssh"
- Next in thread: Darren Tucker: "Re: question about x11 forwarding in ssh"
- Reply: Darren Tucker: "Re: question about x11 forwarding in ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
