Our current X11 forwarding implementation (in agentssh) uses Unix socket forwarding and places the socket file in /tmp/.X11-unix/X0.

New SSH connections overwrite the socket and take over communication. This means that connecting with ssh -X twice, then disconnecting from the newest session will also disconnect the old session.

OpenSSH typically does X11 forwarding over port 6000 and up, and generally starting from an offset of 10 (i.e. 6010). For OpenSSH the DISPLAY env looks commonly like: DISPLAY=localhost:10.0 (referring to port 6010), whereas agentssh always sets this to DISPLAY=:0.0 (referring to /tmp/.X11-unix/X0).

The agentssh behavior is problematic in a few situations:

1. The agent doesn't have permission to write to /tmp/.X11-unix
2. There's an X server running inside the workspace (will have allocated /tmp/.X11-unix/X0 already)
3. The user wants the X11 connection to remain open even if other SSH sessions are closed

I propose we implement the listening port + start offset to avoid the conflict listed in 2.

An alternative method is to try /tmp/.X11-unix/X[0-9]+ until we find the next free slot and set the DISPLAY environment variable accordingly. (And if we use an offset it's unlikely to collide with X running in the workspace.)

Please note that ssh.X11.ScreenNumber in x11Callback should not decide the number we use in the workspace, it should be the next free port or file.