Why is it that your ssh server open a port starting with 6010? When an ssh connection is stablished it is supposed to be at port 22 as netstat should report:
kranpak root # netstat -tanp | grep ssh
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 26580/sshd
This is a normal behaviour and is related to the X11 forwarding.
When an application wants to write to the screen (really a TCP port), it determines the host:port pair by looking for the value of DISPLAY environment variable (normally 6000 + display_number).
If, for instance, DISPLAY=localhost:0, it really tells the X client that the X server it needs to connect to is running on the local machine at port 6000. When you start an X server, it will usually take the first display 0 (port 6000 + 0) for applications to connect to. When you SSH to a server with X forwarding enabled, OpenSSH needs to open a display on the local machine for the X applications to connect, it will then forward these connections to the connecting client’s display over the secure tunnel.
By default, OpenSSH will normally start at display 10 (6000 + 10, or port 6010), or the next free display after that (11, 6000 + 11). The end result is that SSH will make a tunnel from 6010:localhost:6000 (presuming that ssh takes display 10 on the server and the client is running under display 0). So if then on those ssh sessions you were to run “echo $DISPLAY” you should see that they are “localhost:10″ and “localhost:11″ respectively.
Thanks to Chris Hendrickson.
by the receiving host. If the destination host is unreachable you’ll get back something like this: