X forwarding: trying to forward to busy local port
Darren Tucker
dtucker at zip.com.au
Tue Feb 13 22:35:32 EST 2007
On Tue, Feb 13, 2007 at 11:49:12AM +0100, Lars Kruse wrote:
> Hi to all of you,
>
> I would like to summarize the current state of the problem as described
> in http://permalink.gmane.org/gmane.network.openssh.devel/13345.
>
> If the openssh server is running in ipv4/ipv6 mode ("AddressFamily
> Any"), then pseudo-random "unable-to-connect-to-display" errors occour
> for clients connecting via ssh for X-forwarded remote sessions.
>
> For now the only workaround would be, to disable ipv6 support for
> openssh daemons used for X-forwarding.
>
> >From my point of view, there are two ways to solve the root of this
> problem:
>
> 1) improved "is this port usable on all interfaces?"-detection
> ipv4/ipv6 mixed openssh daemons should behave like pure ipv4 daemons:
> unusable DISPLAY settings may never be offered to clients
I think it's a Linuxism: IPv6 sockets prevent binding to IPv4 sockets
on the same port but not vice versa.
> 2) avoid to randomly allocate critical ports
> the openssh daemon may never allocate ports for running X-sessions which
> are in the range, that is used for new X-forwarding connections (maybe
> 6000..6100).
"X11DisplayOffset 100" in sshd_config?
> >From my point of view, this issue is a highly irritating one, as it is
> very hard to track down the source of this seemingly random
> "unable-to-connect-to-display" problem. If the previously described
> short-term-workaround would not be available, then our current
> X-session-setup would have to be replaced by a more reliable, but less
> preferable solution.
> So I am very glad, that you helped me to find this workaround ...
>
> But how can this issue be solved without loosing ipv6 compatibility?
The IP6-only (or IP4 only, I forget) sockets, were they sshd or something
else? ie the X forwards in sshd that worked were IPv4 sockets, right?
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list