The SSH client is actually an X client also. It uses the local $DISPLAY and
xlib to connect to the X server (via TCP Socket, Unix Domain Socket or
shared memory.) It can use the MIT-Magic-Cookie from the local .Xauthority file
to authenticate to the X server.
If the SSH client can successfully connect to the X server, it will
request a data
channel within the SSH connection for the X forwarding.
The SSH server, upon receiving the X forwarding request from the SSH client
(part of the sequence of requesting the data channel), emulates an X server
listening on the local loopback interface for a TCP connection. Once the
SSH server is able to bind to a TCP port, it creates an MIT-Magic-Cookie of
it's own and calls xauth to write it to the .Xauthority file.
Once all this is setup, it sets the $DISPLAY and forks the shell.
On 9/21/05, Andre Charbonneau <andre.charbonneau@nrc-cnrc.gc.ca> wrote:
Hi,
I'm currently trying to debug a SSH client implementation library which
tries to do x11 forwarding. In the code it tries to open a socket to
localhost:6000 when a x11 channel request arrives (on the ssh client
side). But I get a 'connection refused'. I checked my system
configurations and indeed my xserver is started with "-nolisten tcp", so
this explains why I can't connect to port 6000.
But I've read somewhere that someone should only open port 6000 only if
they really really need it, and that they should use ssh x11 forwarding
instead.
But my question is: How does the SSH client (openSSH for example)
forwards x11 when port 6000 is not open??? Does it use another, special
port that it can connect to?
Is there a document online that I can read that explains in details how
ssh does the x11 forwarding?
Thanks!
Andre
--
Andre Charbonneau
100 Sussex Drive, Rm 2025
Research Computing Support, IMSB
National Research Council Canada
Ottawa, ON, Canada K1A 0R6
