Re: X11-Forwarding from third machine
From: Per Hedeland (per@hedeland.org)Date: 11/13/02
- Previous message: Ghaith Nasrawi: "Re: openssh 3.4p1"
- In reply to: Sean Durkin: "X11-Forwarding from third machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: per@hedeland.org (Per Hedeland) Date: Tue, 12 Nov 2002 23:43:37 +0000 (UTC)
In article <3DCEDC2D.8060605@yahoo.de> Sean Durkin <eumelnase@yahoo.de> writes:
>
>First, a little ASCII-art, I'll explain further below:
>
> |
>------------- SSH | ------------- X11 -------------
>| Host A |<=======> | Host B |<=====> | Host C |
>------------- only | ------------- only -------------
> network seperated | running X-
> by firewall | apps
[snip]
>Of course, this does not work, since Host C does not supply the correct
>magic cookie for the X authentification to work (C is allowed to connect
>to B via xhost +, though).
xhost only pertains to what connections the actual X server allows, and
in this case the connection is always coming from the local host (from
the ssh client running there), so you can't allow C anything with it.
And as far as I know there is no way to make sshd (on host B here)
accept non-authenticated connections (it does the cookie authentication
itself, with a cookie it has generated locally - the X server is not
involved).
>How can I get this working? Or does anyone have any other ideas? I do
>not have the neccessary privileges to set up a port-forwarder or
>something like that on Host B, so that is out of the question.
Why would you need privileges for that? Or do you mean non-technical
privileges?:-) Anyway that's the only thing I can think of that would
make it work. Not really a port-forwarder, but an "X-aware tcp-
forwarder" running on host B, a little proggie that would accept a plain
TCP connection on some 6000+ port, and turn around and do a proper X
connection.
If you search the net for 'xconns' - or maybe 'mxconns' (I have used the
former in the distant past, but can only find the latter right now) -
you may find just the thing. In fact it may even add a bit of security
to the above setup, which otherwise forces you to open up your X server
to the world - needless to say, this is a Very Bad Idea.
--Per Hedeland
per@hedeland.org
- Next message: Håkan Stensby: "UseLogin yes causes users to login twice (OS:TrustedIrix)"
- Previous message: Ghaith Nasrawi: "Re: openssh 3.4p1"
- In reply to: Sean Durkin: "X11-Forwarding from third machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
