Tag forwarded X11 connection as remote

Damien Miller djm at mindrot.org
Fri Oct 6 04:47:06 AEDT 2017

On Wed, 4 Oct 2017, Michal Srb wrote:

> On středa 4. října 2017 5:53:15 CEST Damien Miller wrote:
> > On Mon, 2 Oct 2017, Michal Srb wrote:
> > > SSH only needs to change the first byte sent from X client to server
> > > to mark it as remote. SSH already modifies the whole first message
> > > (replaces authorization data), so changing the first byte is easy
> > > addition.
> > > 
> > > I have attached patch that implements it. Please check it and consider
> > > adding it or something similar to openssh.
> > 
> > Thanks - is this flag fully backwards-compatible? Is there a chance it
> > could cause problems on older X11 implementations? IMO most of the people
> > using X11 forwarding are likely using it to/from older systems.
> It is not fully backward compatible. Older X server that does not understand 
> the 'R'/'r' flag will reject the client. The commit that added support for the 
> flag is from 2011. It seems that first time it appeared in release was in 
> version 1.14.0, which was in March 2013.
> In addition, the potential incompatibility is only between the SSH client and 
> the X server. They are normally both running on the same machine. So in normal 
> scenario the an issue would only happen if you would install pre-1.14.0 X 
> server and newest SSH client *on the same machine*. The remote side where SSH 
> server and X applications run can have any versions, it does not affect them.

Well that's a bit reassuring, since if it was the converse (new SSH, old X11
clients) then that would be more problematic.

Is it too late to make the DRI3 developers adjust their protocol to degrade

Is there any lightweight way (i.e. not requiring any X11 libraries) that
the client could determine whether or not the server supports this flag?


More information about the openssh-unix-dev mailing list