Re: X11 forwarding help

From: Anthony Kim (Anthony.Kim@VW.COM)
Date: 02/13/03

  • Next message: Wesley Joyce: "Re: AIX 5.2 and SSH3.2.x from ssh.com" 
    Date: Thu, 13 Feb 2003 11:25:31 -0600
From: Anthony Kim <Anthony.Kim@VW.COM>
To: Pham Tuan-TPHAM4 <Tuan.Pham@motorola.com>

    On Thu, Feb 13, 2003, Pham Tuan-TPHAM4 wrote:

    > I tried that before but that didn't seem to help. Our program actually died on us.
    >
    > However, we've got it working without ssh's built-in X11 forwarding / X authorization .
    >
    > Thanks to David Barr...
    >
    > "You could try setting up your own port redirection so that you can forward
    > X connections without going through ssh's X authorization.
    >
    > It sounds like you'll have to do two forwards (one for each hop). Do
    > something like "ssh -x -R6010:foo:6000 host1" where foo is the hostname
    > portion of your DISPLAY variable (maybe localhost). After you get to
    > "host1", type "ssh -x -R6010:localhost:6010 jinx", which will redirect
    > back to the first tunnel that you set up. When you log into jinx,
    > manually set your DISPLAY variable to localhost:10. On the machine where
    > you first issued ssh, type "xhost +host1" (or whatever your intermediate
    > host is), because that is where the X clients will appear to be coming
    > from to your X server. You might have to pick different port numbers that
    > 6010 if they are in use already on intermediate and remote hosts. The
    > DISPLAY variable is converted to a port number by adding 6000 to the
    > screen number (the :0 thing at the end)."
    >

    That's certainly an interesting solution.

    Experiment a little for fun. Maybe you can remove the second
    tunnel by setting in sshd_config:

        GatewayPorts yes

    As a result, the endpoint of the remote port tunnel will be bound
    to the wildcard address (*:6010 in your example above).

    Or maybe it won't work for you. Interesting nonetheless.

    Cheers.

    Relevant Pages

    • RE: Tunneling over ssh with termination by the FW
      ... I would use something like Putty (ssh client software) to open a secure ... tunnel with the firewall. ... If the firewall has the sshd running on port ...
      (SSH)
    • Re: reverse ssh
      ... > logged into either box) can use the tunnel for whatever connects to it. ... > I suggest you connnect back to your home system's 'sshd' port and then you ... > will have to satisfy the home box's login authorization to get access ... > password from your script. ...
      (freebsd-questions)
    • Re: vnc over ssh
      ... > So the following line would set up the tunnel to VNC the remote machine ... am sitting in front of will now forward information from port ... unencrypted and ready for the vncServer to respond. ... Nick Williams:) ...
      (comp.security.ssh)
    • Re: Reverse Shell?
      ... >> behind a firewall so I can't ssh into their computer. ... > follow the tunnel back to their machine and then help them. ... Connections to that port will be forwarded through the ...
      (Debian-User)
    • Re: VNC Through WinSSHD
      ... But you NEED to know the port ... >> number for establishing the tunnel. ... When starting the local vnc viewer, you must enter the "remote" host ... For the remote end of the tunnel you specify either the real name or the ...
      (comp.security.ssh)