Re: Questions on X11 forwarding

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: Questions on X11 forwarding
From: der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>
Date: Thu, 22 May 2008 16:41:01 -0400 (EDT)

> I'm now reimplementing X11 forwarding, and I have some questions.
> There are two other known problems which have been discussed earlier:

> 1. It would make more sense to *not* have any authentication info in
>    this message, and instead put the responsibility of setting up
>    proper authentication on the server.

True.  But then, please...

> 2. The channel open message,
> [...]
>    should really include a channel id of the session for whch the
>    forwarding was set up (or some other id that lets the client
>    distinguish between several active x11 forwardings).

...er, you beat me to it. :-)  I'd prefer to have an opaque cookie in
the request which ise sent back in the channel-open (that way multiple
forwarding requests per channel could be useful) but something of the
sort is essential enough to me that I implemented a private request for
X forwarding to get it.

> I haven't been active on this list for a while.  I remember somebody
> proposing some solution for the second problem.  Has there been any
> progress made?

Well, there's my implementation of X forwarding. :)  Here's how it
works, largely copied straight out of the private-algs.txt file from
moussh.

	byte	SSH_MSG_CHANNEL_REQUEST
	uint32	recipient channel
	string	"fixed-x11-req-2%rodents.montreal.qc.ca@localhost"
	boolean	want reply
	boolean	just-once
	uint32	cookie
	uint32	X screen number

("cookie" has nothing to do with MIT-MAGIC-COOKIE-1; it's just 32 bits
of opaque data which gets reflected back in the CHANNEL_OPEN.)

	byte	SSH_MSG_CHANNEL_OPEN
	string	"fixed-x11%rodents.montreal.qc.ca@localhost"
	uint32	sender channel
	uint32	initial window size
	uint32	maximum packet size
	uint32	cookie
	string	connection family
	...connection-family-specific data...

where, for TCP connections, the connection family is "tcp" and the
family-specific data is

	string	remote host
	uint32	remote port

I envision "local" as a family, too, which would typically correspond
to /tmp/.X11-unix/X(num), but haven't yet implemented that.  I'm not
sure what its additional data would be - nothing, probably.  Possibly
others, if I ever use an X setup that supports anything other than TCP
or local (maybe "decnet" on Ultrix?).

There's also fixed-x11-req%rodents-montreal.qc.ca@localhost, which is just like
the -2 version described above except that it has no just-once flag,
semantically equivalent to the -2 version with just-once set false.

This form of X forwarding works just fine in my experience, including
working through connection sharing.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse%rodents.montreal.qc.ca@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

References:
- Questions on X11 forwarding
  - From: Niels Möller

Prev by Date: Re: Questions on X11 forwarding
Next by Date: Openssh in debug mode
Previous by Thread: Re: Questions on X11 forwarding
Next by Thread: Openssh in debug mode
Indexes:

Home | Main Index | Thread Index | Old Index