Re: Question on tunneling X
From: Richard E. Silverman (email@example.com)
From: firstname.lastname@example.org (Richard E. Silverman) Date: 05 Mar 2003 02:59:53 -0500
>>>>> "B" == Betelgeux <email@example.com> writes:
B> You should not explicitly set the display environment
B> variable. After reaching your SSH gateway, or portal as you call,
B> simply use ssh with the "-X" parameter and the X packets will be
B> propagated all the way back to the originating point.
B> Of course I'm assuming you have your X server running properly
B> there. At which point things will be displayed as they should.
B> If you look at your environment variables, DISPLAY will have been
B> set. There's no need to muck with it yourself when tunneling X
B> packets with SSH.
No, you're missing the point of his question; he does not want to use SSH
X forwarding between the "portal" and the X client host. Presumably, the
sitauation is that he has an SSH connection to the portal over an
untrusted network, and then a trusted one behind the portal containing the
client host, over which he feels OK using plain X.
O.P. -- you didn't say what versions of SSH you're using. If the server
is OpenSSH, you will need to set sshd to allow non-loopback connections
("X11UseLocalhost no"). Then, simply set the DISPLAY variable to match
and copy over the SSH proxy xauth key:
> How do I tunnel X from a machine on a LAN out through an SSH portal. To
> clarify my question here is what I need to do
> ssh -X portal_machine
> rlogin target
> setenv DISPLAY ????
X-server% ssh -X portal
portal% echo $DISPLAY
portal% xauth list $DISPLAY
portal:10 MIT-MAGIC-COOKIE-1 9414b3eebddf99d4852b84e71731c8b9
portal% rlogin target
target% setenv DISPLAY portal:10
target% xauth add portal:10 MIT-MAGIC-COOKIE-1 9414b3eebddf99d4852b84e71731c8b9
-- Richard Silverman firstname.lastname@example.org