Re: question about x11 forwarding in ssh

From: Robert Hajime Lanning (robert.lanning_at_gmail.com)
Date: 09/23/05

Next message: Nosorozec: "Re: SSH Tunnel - How does it works?"

Previous message: Bryan McAninch: "RE: question about x11 forwarding in ssh"
In reply to: Andre Charbonneau: "question about x11 forwarding in ssh"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 23 Sep 2005 02:18:47 -0700
To: secureshell@securityfocus.com

The SSH client is actually an X client also. It uses the local $DISPLAY and
xlib to connect to the X server (via TCP Socket, Unix Domain Socket or
shared memory.) It can use the MIT-Magic-Cookie from the local .Xauthority file
to authenticate to the X server.

If the SSH client can successfully connect to the X server, it will
request a data
channel within the SSH connection for the X forwarding.

The SSH server, upon receiving the X forwarding request from the SSH client
(part of the sequence of requesting the data channel), emulates an X server
listening on the local loopback interface for a TCP connection. Once the
SSH server is able to bind to a TCP port, it creates an MIT-Magic-Cookie of
it's own and calls xauth to write it to the .Xauthority file.

Once all this is setup, it sets the $DISPLAY and forks the shell.

On 9/21/05, Andre Charbonneau <andre.charbonneau@nrc-cnrc.gc.ca> wrote:
> Hi,
> I'm currently trying to debug a SSH client implementation library which
> tries to do x11 forwarding. In the code it tries to open a socket to
> localhost:6000 when a x11 channel request arrives (on the ssh client
> side). But I get a 'connection refused'. I checked my system
> configurations and indeed my xserver is started with "-nolisten tcp", so
> this explains why I can't connect to port 6000.
>
> But I've read somewhere that someone should only open port 6000 only if
> they really really need it, and that they should use ssh x11 forwarding
> instead.
>
> But my question is: How does the SSH client (openSSH for example)
> forwards x11 when port 6000 is not open??? Does it use another, special
> port that it can connect to?
> Is there a document online that I can read that explains in details how
> ssh does the x11 forwarding?
>
>
> Thanks!
> Andre
>
> --
> Andre Charbonneau
>
> 100 Sussex Drive, Rm 2025
> Research Computing Support, IMSB
> National Research Council Canada
> Ottawa, ON, Canada K1A 0R6
>
>
>

Next message: Nosorozec: "Re: SSH Tunnel - How does it works?"

Previous message: Bryan McAninch: "RE: question about x11 forwarding in ssh"
In reply to: Andre Charbonneau: "question about x11 forwarding in ssh"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: SSH vs encrypted passwords
... This means that the SSH client and server ... The shared secret is the unhashed password. ... encryption ...
(comp.os.linux.security)
FW: SSH/SFTP rc problem in Solaris.
... I use SSH client and server on a Solaris 9 server, ... PKGINST: SUNWsshu ... bash-2.05$ sftp -b a.sftp scnsys11 ...
(SSH)
Re: Inquiry:Debian server Remote Desktop Connection
... I am making use of the PuTTY Release 0.51. ... is that "Enabling X11 forwarding"? ... Install the openssh-server package on the Debian server machine. ... Install an ssh client on MS windows. ...
(Debian-User)
Re: question about x11 forwarding in ssh
... But my question was geared toward what is happening on the ssh client ... open a socket connection to the local X server? ... socket to localhost, port 6000 (on the ssh client side, not on the sshd ...
(SSH)
Re: Conectivity problems affecting openssh ssh clients but not other ssh clients
... Debian unstable 4.6p1 OpenSSL 0.9.8e ... The problem exists on two accounts on the server. ... on my home network I installed sshd on the Debian machine. ... the java ssh client, I shell in to the Red Hat remote machine. ...
(SSH)