Tag forwarded X11 connection as remote
msrb at suse.com
Wed Oct 4 18:45:29 AEDT 2017
On středa 4. října 2017 5:53:15 CEST Damien Miller wrote:
> On Mon, 2 Oct 2017, Michal Srb wrote:
> > SSH only needs to change the first byte sent from X client to server
> > to mark it as remote. SSH already modifies the whole first message
> > (replaces authorization data), so changing the first byte is easy
> > addition.
> > I have attached patch that implements it. Please check it and consider
> > adding it or something similar to openssh.
> Thanks - is this flag fully backwards-compatible? Is there a chance it
> could cause problems on older X11 implementations? IMO most of the people
> using X11 forwarding are likely using it to/from older systems.
It is not fully backward compatible. Older X server that does not understand
the 'R'/'r' flag will reject the client. The commit that added support for the
flag is from 2011. It seems that first time it appeared in release was in
version 1.14.0, which was in March 2013.
In addition, the potential incompatibility is only between the SSH client and
the X server. They are normally both running on the same machine. So in normal
scenario the an issue would only happen if you would install pre-1.14.0 X
server and newest SSH client *on the same machine*. The remote side where SSH
server and X applications run can have any versions, it does not affect them.
I can imagine situation where SSH-ing to an old machine and from there to a
new machine could cause an issue. Not sure how important/supported such
The situation could be possibly improved by:
* Adding a parameter that disables setting the remote flag.
* Automatically reconnecting without the flag if X server rejected connection
More information about the openssh-unix-dev