X11 forwarding--with a wrinkle

Hi all,
I have a slightly odd situation in using X11 forwarding, possibly unsolvable, but I
want to hear that from the experts. Starting from my home machine, I need to multi-hop
to reach my workstations in my office. First I ssh to the accessible "gateway" machine
inside the firewall, then must connect to a "portal" machine that provides an inner
gateway to the networks in my building, from which I can then connect to my office
workstations. Problem is with the inner "portal" machine, which in principle allows X
forwarding, and server is configured to do the right thing, but this machine has been
set up in a minimalist fashion, so that anybody connecting to it is expected to be doing
so purely to connect to a machine in the building network. For this reason, all logins go
to the same home directory, to which the user has no write permissions on files or directories.
This trashes "xauth", because it can't modify the locks files in any way, so X11
authorizations fail. As a result, further ssh from this machine inward to my office is stripped of
the X11 connection, and I can't access X apps on the innermost machines. Is there any type of
tunnelling trick that might allow me to "sneak" the X11 access through this machine without
having to deal with xauth? From my readings, I suspect not, because I don't see any way to
pass the X11 channels cleanly (or "collapse" them on entry and "re-channelize" them at the
next connection) under these conditions. I'm told these portal machine constraints will be
addressed "eventually", but do the experts see any way to make this possible before that?
Many thanks in advance.

Eric Henry
eric@xxxxxxxxxxxxx

--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
.

Relevant Pages

  • Re: X11 forwarding over SSH
    ... I was able to see that the problem was definitely with my server, as the log stated that the X11 tunnelling was refused by the server. ... Subject: X11 forwarding over SSH ...
    (Debian-User)
  • Re: Suns mess up with ssh - any solution for me?
    ... If you're forwarding X11 through ssh, you don't want to do this. ... connection is going to sparrow's X11 server is going to originate from ... the ssh process running on sparrow. ...
    (comp.unix.solaris)
  • Re: Suns mess up with ssh - any solution for me?
    ... If you're forwarding X11 through ssh, you don't want to do this. ... connection is going to sparrow's X11 server is going to originate from ... the ssh process running on sparrow. ...
    (comp.sys.sun.admin)
  • Re: Are X-terminals sold anymore?
    ... > The log into xfree is a bit of a hassle. ... > captive account to automate establishing the connection. ... goes to the PC's X11 server. ...
    (comp.os.vms)
  • Re: Tunneling X without X available
    ... completely devoid of xauth, but this is worth a try. ... Then, also from my workstation, I logged into the protected-server via ... the forwarded local port with '-X' option to enable x11 forwarding: ...
    (alt.os.linux.suse)