Is SSH X forwarding an example of remote port forwarding?
Clash Royale CLAN TAG#URR8PPP
Is SSH X forwarding an example of remote port forwarding?
I feel like so.
How can SSH X forwarding be done in terms of SSH remote port forwarding command?
Thanks.
ssh port-forwarding xforwarding
asked Feb 6 at 21:37
TimTim
27.4k78264474
add a comment |
Is SSH X forwarding an example of remote port forwarding?
I feel like so.
How can SSH X forwarding be done in terms of SSH remote port forwarding command?
Thanks.
ssh port-forwarding xforwarding
asked Feb 6 at 21:37
TimTim
27.4k78264474
I need to double check, but I think it forwards a unix domain socket. It's remote... but not a port.
– Philip Couling
Feb 6 at 22:01
You are confusing. Isn't a port part of a socket ? Or only internet socket has port?
– Tim
Feb 6 at 22:02
No. Look up "Unix domain sockets". Instead of a port number and IP you open a file. They are only for connections on the same box. Allowing one app to talk to another on the same machine.
– Philip Couling
Feb 6 at 22:39
add a comment |
Is SSH X forwarding an example of remote port forwarding?
I feel like so.
How can SSH X forwarding be done in terms of SSH remote port forwarding command?
Thanks.
ssh port-forwarding xforwarding
asked Feb 6 at 21:37
TimTim
27.4k78264474
Is SSH X forwarding an example of remote port forwarding?
I feel like so.
How can SSH X forwarding be done in terms of SSH remote port forwarding command?
Thanks.
ssh port-forwarding xforwarding
ssh port-forwarding xforwarding
asked Feb 6 at 21:37
TimTim
27.4k78264474
asked Feb 6 at 21:37
TimTim
27.4k78264474
edited Feb 6 at 21:57
Tim
asked Feb 6 at 21:37
TimTim
27.4k78264474
asked Feb 6 at 21:37
TimTim
27.4k78264474
asked Feb 6 at 21:37
TimTim
27.4k78264474
27.4k78264474
I need to double check, but I think it forwards a unix domain socket. It's remote... but not a port.
– Philip Couling
Feb 6 at 22:01
You are confusing. Isn't a port part of a socket ? Or only internet socket has port?
– Tim
Feb 6 at 22:02
No. Look up "Unix domain sockets". Instead of a port number and IP you open a file. They are only for connections on the same box. Allowing one app to talk to another on the same machine.
– Philip Couling
Feb 6 at 22:39
add a comment |
I need to double check, but I think it forwards a unix domain socket. It's remote... but not a port.
– Philip Couling
Feb 6 at 22:01
You are confusing. Isn't a port part of a socket ? Or only internet socket has port?
– Tim
Feb 6 at 22:02
No. Look up "Unix domain sockets". Instead of a port number and IP you open a file. They are only for connections on the same box. Allowing one app to talk to another on the same machine.
– Philip Couling
Feb 6 at 22:39
I need to double check, but I think it forwards a unix domain socket. It's remote... but not a port.
– Philip Couling
Feb 6 at 22:01
I need to double check, but I think it forwards a unix domain socket. It's remote... but not a port.
– Philip Couling
Feb 6 at 22:01
You are confusing. Isn't a port part of a socket ? Or only internet socket has port?
– Tim
Feb 6 at 22:02
You are confusing. Isn't a port part of a socket ? Or only internet socket has port?
– Tim
Feb 6 at 22:02
No. Look up "Unix domain sockets". Instead of a port number and IP you open a file. They are only for connections on the same box. Allowing one app to talk to another on the same machine.
– Philip Couling
Feb 6 at 22:39
No. Look up "Unix domain sockets". Instead of a port number and IP you open a file. They are only for connections on the same box. Allowing one app to talk to another on the same machine.
– Philip Couling
Feb 6 at 22:39
add a comment |
1 Answer
1
active
oldest
votes
The underlying communication is very similar to ssh -R6010:localhost:6000... but the X forwarding in SSH does a lot more magic in the background.
For example, what if there was already a service listening on port 6010? SSH will try 6011, 6012.. until it finds a free port.
Then you need to set the DISPLAY variable on the remote end. Which may be localhost:10.0 or localhost:11.0 or... depending on the remote port picked up.
Then you need to handle X authentication (xauth) to ensure the client sends the right magic cookie expected by the local X server...
With more modern ssh servers and clients the connection may be to/from unix domain sockets instead of TCP sockets, but the concept is still the same.
Basically, the X options of ssh handle a number of the "house keeping" requirements for an X session... as well forwarding traffic.
answered Feb 7 at 0:24
Stephen HarrisStephen Harris
26.4k24779
Tim, see also this question regarding the relationship between port numbers and display numbers.
– Stephen Kitt
Feb 7 at 6:27
"With more modern ssh servers and clients the connection may be to/from unix domain sockets instead of TCP sockets" No, it isn't. Do you have an example?
– mosvy
Feb 7 at 6:28
@mosvy that was to address the case where the local X server may only have a unix domain socket, and so the solution isn't necessarily the same as forwarding 6010->6000, but may be closer to 6010->/tmp/.X11-unix/X0
– Stephen Harris
Feb 7 at 11:40
since that hasn't changed since quite a while, your statement gives the false hope that ssh is now able to listen on unix sockets for x11 forwarding instead of tcp 60XX, and that it's no longer only relying on the "security" offered by the X11 protocol. That's not the case yet -- unfortunately.
– mosvy
Feb 7 at 12:04
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f499170%2fis-ssh-x-forwarding-an-example-of-remote-port-forwarding%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The underlying communication is very similar to ssh -R6010:localhost:6000... but the X forwarding in SSH does a lot more magic in the background.
For example, what if there was already a service listening on port 6010? SSH will try 6011, 6012.. until it finds a free port.
Then you need to set the DISPLAY variable on the remote end. Which may be localhost:10.0 or localhost:11.0 or... depending on the remote port picked up.
Then you need to handle X authentication (xauth) to ensure the client sends the right magic cookie expected by the local X server...
With more modern ssh servers and clients the connection may be to/from unix domain sockets instead of TCP sockets, but the concept is still the same.
Basically, the X options of ssh handle a number of the "house keeping" requirements for an X session... as well forwarding traffic.
answered Feb 7 at 0:24
Stephen HarrisStephen Harris
26.4k24779
Tim, see also this question regarding the relationship between port numbers and display numbers.
– Stephen Kitt
Feb 7 at 6:27
"With more modern ssh servers and clients the connection may be to/from unix domain sockets instead of TCP sockets" No, it isn't. Do you have an example?
– mosvy
Feb 7 at 6:28
@mosvy that was to address the case where the local X server may only have a unix domain socket, and so the solution isn't necessarily the same as forwarding 6010->6000, but may be closer to 6010->/tmp/.X11-unix/X0
– Stephen Harris
Feb 7 at 11:40
since that hasn't changed since quite a while, your statement gives the false hope that ssh is now able to listen on unix sockets for x11 forwarding instead of tcp 60XX, and that it's no longer only relying on the "security" offered by the X11 protocol. That's not the case yet -- unfortunately.
– mosvy
Feb 7 at 12:04
add a comment |
The underlying communication is very similar to ssh -R6010:localhost:6000... but the X forwarding in SSH does a lot more magic in the background.
For example, what if there was already a service listening on port 6010? SSH will try 6011, 6012.. until it finds a free port.
Then you need to set the DISPLAY variable on the remote end. Which may be localhost:10.0 or localhost:11.0 or... depending on the remote port picked up.
Then you need to handle X authentication (xauth) to ensure the client sends the right magic cookie expected by the local X server...
With more modern ssh servers and clients the connection may be to/from unix domain sockets instead of TCP sockets, but the concept is still the same.
Basically, the X options of ssh handle a number of the "house keeping" requirements for an X session... as well forwarding traffic.
answered Feb 7 at 0:24
Stephen HarrisStephen Harris
26.4k24779
Tim, see also this question regarding the relationship between port numbers and display numbers.
– Stephen Kitt
Feb 7 at 6:27
"With more modern ssh servers and clients the connection may be to/from unix domain sockets instead of TCP sockets" No, it isn't. Do you have an example?
– mosvy
Feb 7 at 6:28
@mosvy that was to address the case where the local X server may only have a unix domain socket, and so the solution isn't necessarily the same as forwarding 6010->6000, but may be closer to 6010->/tmp/.X11-unix/X0
– Stephen Harris
Feb 7 at 11:40
since that hasn't changed since quite a while, your statement gives the false hope that ssh is now able to listen on unix sockets for x11 forwarding instead of tcp 60XX, and that it's no longer only relying on the "security" offered by the X11 protocol. That's not the case yet -- unfortunately.
– mosvy
Feb 7 at 12:04
add a comment |
The underlying communication is very similar to ssh -R6010:localhost:6000... but the X forwarding in SSH does a lot more magic in the background.
For example, what if there was already a service listening on port 6010? SSH will try 6011, 6012.. until it finds a free port.
Then you need to set the DISPLAY variable on the remote end. Which may be localhost:10.0 or localhost:11.0 or... depending on the remote port picked up.
Then you need to handle X authentication (xauth) to ensure the client sends the right magic cookie expected by the local X server...
With more modern ssh servers and clients the connection may be to/from unix domain sockets instead of TCP sockets, but the concept is still the same.
Basically, the X options of ssh handle a number of the "house keeping" requirements for an X session... as well forwarding traffic.
answered Feb 7 at 0:24
Stephen HarrisStephen Harris
26.4k24779
The underlying communication is very similar to ssh -R6010:localhost:6000... but the X forwarding in SSH does a lot more magic in the background.
For example, what if there was already a service listening on port 6010? SSH will try 6011, 6012.. until it finds a free port.
Then you need to set the DISPLAY variable on the remote end. Which may be localhost:10.0 or localhost:11.0 or... depending on the remote port picked up.
Then you need to handle X authentication (xauth) to ensure the client sends the right magic cookie expected by the local X server...
With more modern ssh servers and clients the connection may be to/from unix domain sockets instead of TCP sockets, but the concept is still the same.
Basically, the X options of ssh handle a number of the "house keeping" requirements for an X session... as well forwarding traffic.
answered Feb 7 at 0:24
Stephen HarrisStephen Harris
26.4k24779
answered Feb 7 at 0:24
Stephen HarrisStephen Harris
26.4k24779
answered Feb 7 at 0:24
Stephen HarrisStephen Harris
26.4k24779
answered Feb 7 at 0:24
Stephen HarrisStephen Harris
26.4k24779
26.4k24779
Tim, see also this question regarding the relationship between port numbers and display numbers.
– Stephen Kitt
Feb 7 at 6:27
"With more modern ssh servers and clients the connection may be to/from unix domain sockets instead of TCP sockets" No, it isn't. Do you have an example?
– mosvy
Feb 7 at 6:28
@mosvy that was to address the case where the local X server may only have a unix domain socket, and so the solution isn't necessarily the same as forwarding 6010->6000, but may be closer to 6010->/tmp/.X11-unix/X0
– Stephen Harris
Feb 7 at 11:40
since that hasn't changed since quite a while, your statement gives the false hope that ssh is now able to listen on unix sockets for x11 forwarding instead of tcp 60XX, and that it's no longer only relying on the "security" offered by the X11 protocol. That's not the case yet -- unfortunately.
– mosvy
Feb 7 at 12:04
add a comment |
Tim, see also this question regarding the relationship between port numbers and display numbers.
– Stephen Kitt
Feb 7 at 6:27
"With more modern ssh servers and clients the connection may be to/from unix domain sockets instead of TCP sockets" No, it isn't. Do you have an example?
– mosvy
Feb 7 at 6:28
@mosvy that was to address the case where the local X server may only have a unix domain socket, and so the solution isn't necessarily the same as forwarding 6010->6000, but may be closer to 6010->/tmp/.X11-unix/X0
– Stephen Harris
Feb 7 at 11:40
since that hasn't changed since quite a while, your statement gives the false hope that ssh is now able to listen on unix sockets for x11 forwarding instead of tcp 60XX, and that it's no longer only relying on the "security" offered by the X11 protocol. That's not the case yet -- unfortunately.
– mosvy
Feb 7 at 12:04
Tim, see also this question regarding the relationship between port numbers and display numbers.
– Stephen Kitt
Feb 7 at 6:27
Tim, see also this question regarding the relationship between port numbers and display numbers.
– Stephen Kitt
Feb 7 at 6:27
"With more modern ssh servers and clients the connection may be to/from unix domain sockets instead of TCP sockets" No, it isn't. Do you have an example?
– mosvy
Feb 7 at 6:28
"With more modern ssh servers and clients the connection may be to/from unix domain sockets instead of TCP sockets" No, it isn't. Do you have an example?
– mosvy
Feb 7 at 6:28
@mosvy that was to address the case where the local X server may only have a unix domain socket, and so the solution isn't necessarily the same as forwarding 6010->6000, but may be closer to 6010->
/tmp/.X11-unix/X0– Stephen Harris
Feb 7 at 11:40
@mosvy that was to address the case where the local X server may only have a unix domain socket, and so the solution isn't necessarily the same as forwarding 6010->6000, but may be closer to 6010->
/tmp/.X11-unix/X0– Stephen Harris
Feb 7 at 11:40
since that hasn't changed since quite a while, your statement gives the false hope that ssh is now able to listen on unix sockets for x11 forwarding instead of tcp 60XX, and that it's no longer only relying on the "security" offered by the X11 protocol. That's not the case yet -- unfortunately.
– mosvy
Feb 7 at 12:04
since that hasn't changed since quite a while, your statement gives the false hope that ssh is now able to listen on unix sockets for x11 forwarding instead of tcp 60XX, and that it's no longer only relying on the "security" offered by the X11 protocol. That's not the case yet -- unfortunately.
– mosvy
Feb 7 at 12:04
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f499170%2fis-ssh-x-forwarding-an-example-of-remote-port-forwarding%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I need to double check, but I think it forwards a unix domain socket. It's remote... but not a port.
– Philip Couling
Feb 6 at 22:01
You are confusing. Isn't a port part of a socket ? Or only internet socket has port?
– Tim
Feb 6 at 22:02
No. Look up "Unix domain sockets". Instead of a port number and IP you open a file. They are only for connections on the same box. Allowing one app to talk to another on the same machine.
– Philip Couling
Feb 6 at 22:39