Re: [TCLUG:8994] X over SSH thru IPMasq

[Bob Tanner <tanner@real-time.com>]

Try this.

On your machine xhost + <remote>

On your machine ssh -R 6020:localhost:6000 <remote>

Log into the remote machine, then do this:

myXapplication -display localhost:21

SSH will tunnel the X application through to you just fine.


Quoting Peter Lukas (peter@math.umn.edu):
> This can be one of many problems.  Most likely, the problem is being
> caused by there either not being an xauth in the expected path, or xauth
> is not installed on the machine.  To SSH, if xauth isn't found, no X11
> forwarding is allowed.  Pass the -v flag the next time you try it to see
> what types of error messages SSH generates when you connect:
> 
> shaft.badmutha.org: Requesting X11 forwarding with authentication 
> spoofing.
> shaft.badmutha.org: Remote: X11 forwarding disabled in server
> configuration file.
> Warning: Remote host denied X11 forwarding, perhaps xauth program could
> not be run on the server side.
> 
> Peter Lukas
> 
> On Wed, 6 Oct 1999, Michael Hicks wrote:
> 
> > > You can connect directly to the X server, but that's not really a
> > > security-conscious move,  Use an SSH client to connect to the X-Windows
> > > machine from the NT machine.  Enable X11 forwarding in the SSH client from
> > > the X Server machine to your NT machine and tell the local X-Server to get
> > > requests from the loopback device.  That way, all X11 traffic travels over
> > > the encrypted connection to your display and cannot be easily sniffed by
> > > outsiders.
> > 
> > Speaking of using SSH for handling X..  I was at home over the weekend, where
> > we have a cable modem.  I was hoping to try remotely displaying an X
> > application, mostly just for testing purposes.  I logged into my box with SSH,
> > and ran the application, but it said it couldn't connect to the X server.  The
> > problem probably relates to the fact that my family has an IP Masq gateway at
> > home.  However, I expected SSH to work fine, since I thought any X
> > communication would just piggyback on an already existing connection, rather
> > than make a new one or anything.
> > 
> > Anyway, I guess I'm wondering if anyone has had luck getting X to run over SSH
> > when they're behind an IP masq gateway..  Maybe I just forgot something.
> > 
> > -- 
> >  _  _  _  _ _  ___    _ _  _  ___ _ _  __   I know everything about 
> > / \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   everything, except that. 
> > \_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)                            
> > [ Mike Hicks | http://umn.edu/~hick0088 | mailto:hick0088@tc.umn.edu ]
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > For additional commands, e-mail: tclug-list-help@mn-linux.org
> > 
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org

-- 
Bob Tanner <tanner@real-time.com>       | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500
Key fingerprint =  6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9