Re: Question on tunneling X

From: Richard E. Silverman (slade@shore.net)
Date: 03/05/03 

From: slade@shore.net (Richard E. Silverman)
Date: 05 Mar 2003 02:59:53 -0500

>>>>> "B" == Betelgeux <betelgeuse68@yahoo.com> writes:

    B> You should not explicitly set the display environment
    B> variable. After reaching your SSH gateway, or portal as you call,
    B> simply use ssh with the "-X" parameter and the X packets will be
    B> propagated all the way back to the originating point.

    B> Of course I'm assuming you have your X server running properly
    B> there. At which point things will be displayed as they should.

    B> If you look at your environment variables, DISPLAY will have been
    B> set. There's no need to muck with it yourself when tunneling X
    B> packets with SSH.

No, you're missing the point of his question; he does not want to use SSH
X forwarding between the "portal" and the X client host. Presumably, the
sitauation is that he has an SSH connection to the portal over an
untrusted network, and then a trusted one behind the portal containing the
client host, over which he feels OK using plain X.

O.P. -- you didn't say what versions of SSH you're using. If the server
is OpenSSH, you will need to set sshd to allow non-loopback connections
("X11UseLocalhost no"). Then, simply set the DISPLAY variable to match
and copy over the SSH proxy xauth key:

> How do I tunnel X from a machine on a LAN out through an SSH portal. To
> clarify my question here is what I need to do
> ssh -X portal_machine
> rlogin target
> setenv DISPLAY ????
> xemacs

X-server% ssh -X portal
portal% echo $DISPLAY
portal:10
portal% xauth list $DISPLAY
portal:10 MIT-MAGIC-COOKIE-1 9414b3eebddf99d4852b84e71731c8b9
portal% rlogin target
target% setenv DISPLAY portal:10
target% xauth add portal:10 MIT-MAGIC-COOKIE-1 9414b3eebddf99d4852b84e71731c8b9
target% xlogo 

--
  Richard Silverman
  slade@shore.net

Relevant Pages

  • Re: which port(s) does the X server listen on?
    ... > but remote X clients are unable to display to it. ... things just quietly fail to display. ... Most of the time one would ssh to the box they want to run the ... If everything is setup ...
    (Fedora)
  • Re: Attempting to run remote X app
    ... > I'm attempting to ssh into a central server and run an X app, ... Make sure the ssh server is forwarding X connections: ... DISPLAY environment variable is set), the connection to the X11 display ...
    (comp.os.linux.x)
  • X11 Forwarding with OpenSSH
    ... We are able to do the X11 forwarding and it works as the user ... go into the environment as their ssh IDs. ... functional accounts with no direct access into the account). ... another way to set your Display or gettaround this limitation? ...
    (SunManagers)
  • RE: X11 Forwarding
    ... X and ssh are completely separate items. ... On my HP-UX and RH systems, I always needed to set my $DISPLAY. ... installing XFree86 on Slackware 9.0 after initial OS installation (using ... Server is OpenSSH 3.5p1, OpenSSL 0.9.7a ...
    (SSH)
  • Re: Remote X over rsh
    ... all I'm doing is running X and ssh. ... the weak machine is the one where on he wishes to display, ... Possibly the "my client" confused the issue; ... just use X without ssh forwarding. ...
    (comp.os.linux.x)