X11 Forwarding In SecureCRT
SecureCRT supports X11 forwarding, which allows SecureCRT and an SSH2 server to secure X11 traffic so that an X11 client process running on the remote SSH2 server machine can be displayed locally.
SecureCRT does not currently include an X11 server product. In order for X11 traffic to be displayed locally on your SecureCRT machine you must already have an X11 server product installed and running ("xming", for example).
When properly configured, SecureCRT enables X11 forwarding by making a special "X11 forwarding request" to the SSH2 server just after successful authentication has been completed. If allowed by the SSH2 server, the SSH2 server will perform two actions:
When an X client process is executed on the remote side through the shell connection you already have established with SecureCRT, the X11 client automatically connects to the correct DISPLAY, and X11 traffic will be forwarded through the encrypted SSH transport to the X11 server application running on the SecureCRT machine.
To configure SecureCRT to perform X11 forwarding, simply open Session Options, and in the Connection > Port Forwarding > Remote/X11 category, enable the Forward X11 packets option.
The SSH2 server must also be configured to allow X11 forwarding to occur. Otherwise, SecureCRT’s X11 forwarding request will fail (such failures are visible within SecureCRT’s Trace Options output -- select File > Trace Options prior to attempting your connection).
Display NumberX11 server applications typically listen on TCP port 6000 by default, which is equivalent to “display number 0”. Some X11 server applications may be configured with a display number that is higher than zero. If the X11 server is configured as display 40, for example, it means the X11 server application is listening on port 6040; you would need to configure SecureCRT’s Display value to reflect 127.0.0.1:40.0.X11 AuthenticationBy default, SecureCRT enforces X11 authentication to prevent unauthorized users from being able to display X client applications on an X server that does not belong to them. This security feature may impact your ability to display X client applications after switching user contexts within the remote shell to which you are connected with SecureCRT.
YouTube Channel: https://www.youtube.com/vandykesoftware
Last edited by jdev; 04-23-2019 at 12:01 PM.
|kb , port forwarding , tunneling , x11|