[NBLUG/talk] Tunneling X over ssh
E Frank Ball
frankb at efball.com
Sat Apr 10 18:45:18 PDT 2004
On Sat, Apr 10, 2004 at 06:30:41PM -0700, sms at sonic.net wrote:
}
} > } Do you have "Xhost" & "$DISPLAY" set on the hosts? I've never done
} >
} > with X11 forwarding turned on do NOT set the $DISPLAY variable.
} > xhost doesn't matter.
}
} <blink>
}
} Does ssh put in a layer to intercept X calls?
So it would seem.
} How does X know where to display (i.e. if both boxen are
} running "X," which one displays the invocation of "xeyes"
} (or whatever))? Surely an ssh tunnel doesn't take over
} ALL X & redirect it to the remote server?
>From man ssh:
X11 and TCP forwarding
If the ForwardX11 variable is set to ``yes'' (or, see
the description of the -X and -x options described later)
and the user is using X11 (the DISPLAY environment variable
is set), the connection to the X11 display is automatically
forwarded to the remote side in such a way that any X11
programs started from the shell (or command) will go through
the encrypted channel, and the connection to the real X
server will be made from the local machine. The user should
not manually set DISPLAY. Forwarding of X11 connections can
be configured on the command line or in configuration files.
The DISPLAY value set by ssh will point to the server
machine, but with a display number greater than zero. This
is normal, and happens because ssh creates a ``proxy'' X
server on the server machine for forwarding the connections
over the encrypted channel.
ssh will also automatically set up Xauthority data on
the server machine. For this purpose, it will generate a
random authorization cookie, store it in Xauthority on the
server, and verify that any forwarded connections carry this
cookie and replace it by the real cookie when the connection
is opened. The real authentication cookie is never sent to
the server machine (and no cookies are sent in the plain).
...
E Frank Ball frankb at efball.com
More information about the talk
mailing list