Tag forwarded X11 connection as remote

Michal Srb msrb at suse.com
Mon Oct 2 19:08:59 AEDT 2017


Cross-posting to openssh-unix-dev and xorg-devel because this concerns both 

When X11 connection is forwarded using ssh, the ssh client typically connects 
to the local X server using unix socket (often it is the only option because X 
servers no longer listens on TCP by default). X clients connected remotely 
over ssh then seem like if they are local to the X server. Because of that it 
will attempt to use extensions that are meant for local clients only (SHM, 
DRI*, etc). In most cases the client or server can detect failure and fallback 
to a method that works remotely, but this does not always work:

(comments 24-26)

In case of DRI3, X server tries to pass file descriptor to the X client. That 
works over the unix socket between X server and SSH client, but of course can 
not be sent further over network. There is no way failure can be detected and 
the communication gets stuck forever.

The ideal solution would be if ssh marked the connection as remote.
X protocol supports that since 2011:

SSH only needs to change the first byte sent from X client to server to mark 
it as remote. SSH already modifies the whole first message (replaces 
authorization data), so changing the first byte is easy addition.

I have attached patch that implements it. Please check it and consider adding 
it or something similar to openssh.

Best regards,
Michal Srb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Mark-x11-connection-as-remote.patch
Type: text/x-patch
Size: 1165 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20171002/719eaed1/attachment.bin>

More information about the openssh-unix-dev mailing list