Re: Question on tunneling X

From: Richard E. Silverman (
Date: 03/05/03

From: (Richard E. Silverman)
Date: 05 Mar 2003 02:59:53 -0500

>>>>> "B" == Betelgeux <> writes:

    B> You should not explicitly set the display environment
    B> variable. After reaching your SSH gateway, or portal as you call,
    B> simply use ssh with the "-X" parameter and the X packets will be
    B> propagated all the way back to the originating point.

    B> Of course I'm assuming you have your X server running properly
    B> there. At which point things will be displayed as they should.

    B> If you look at your environment variables, DISPLAY will have been
    B> set. There's no need to muck with it yourself when tunneling X
    B> packets with SSH.

No, you're missing the point of his question; he does not want to use SSH
X forwarding between the "portal" and the X client host. Presumably, the
sitauation is that he has an SSH connection to the portal over an
untrusted network, and then a trusted one behind the portal containing the
client host, over which he feels OK using plain X.

O.P. -- you didn't say what versions of SSH you're using. If the server
is OpenSSH, you will need to set sshd to allow non-loopback connections
("X11UseLocalhost no"). Then, simply set the DISPLAY variable to match
and copy over the SSH proxy xauth key:

> How do I tunnel X from a machine on a LAN out through an SSH portal. To
> clarify my question here is what I need to do
> ssh -X portal_machine
> rlogin target
> setenv DISPLAY ????
> xemacs

X-server% ssh -X portal
portal% echo $DISPLAY
portal% xauth list $DISPLAY
portal:10 MIT-MAGIC-COOKIE-1 9414b3eebddf99d4852b84e71731c8b9
portal% rlogin target
target% setenv DISPLAY portal:10
target% xauth add portal:10 MIT-MAGIC-COOKIE-1 9414b3eebddf99d4852b84e71731c8b9
target% xlogo

  Richard Silverman