Re: yet another question re: X11 tunneling via ssh
Re: yet another question re: X11 tunneling via ssh
- Subject: Re: yet another question re: X11 tunneling via ssh
- From: Itai Seggev <email@hidden>
- Date: Wed, 5 Jul 2006 18:07:00 -0700
On Wed, Jul 05, 2006 at 05:24:47PM -0400, Ambrose Li wrote:
> On 05/07/06, Itai Seggev <email@hidden> wrote:
> >A reply to an old email while cleaning out a mail forder, since it
> >appears nobody replied to these.
> >
> >A tunelled SSH connection uses (by default) remote_machine_ip_addr:22
> >localhost:6010 (on the remote machine), xserver:random_high_number_port.
>
> I stand corrected, but as far as I know, ssh's X11 forwarding *only*
> requires
> port 22 to be open. No other port need to be open on the remote machine,
> including high-numbered ports.
This is exactly what I said. The connection is made to 127.0.0.1:6010
and therefore evades any firewall completely (unless it's a really,
really badly written firewall. But a huge number of things will
break if you cannot even connect to localhost).
> (The local port used on the remote machine, which is not required and should
> not be open to the outside the local machine, also need not be 6010. It
> need to
> be over but close to 6000 so that X can map the port to a display
> number, but it
> can go up (to 6011, 6012, etc.) if port 6010 is in use, and it can
> also be lower if
> a lower "X11DisplayOffset" is specified in the sshd_config file.)
That's why I added the qualification "(by default)".
--
Itai Seggev
Visiting Assistant Professor Office: Lewis 121A
Department of Physics and Astronomy Phone: +1-662-915-3887
University of Mississippi Fax: +1-662-915-5045
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
This email sent to email@hidden