help: putty tunneling X11 back through ssh local proxy - SSH

This is a discussion on help: putty tunneling X11 back through ssh local proxy - SSH ; I would appreciate feedback on whether what I am doing is sane and where the operator error might be. I have box A-home (Win), B-office (Linux) and C-workstation(Linux). Both A-home and C-workstation have local, DHCP-ed, NAT'ed addresses. B- office and ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: help: putty tunneling X11 back through ssh local proxy

  1. help: putty tunneling X11 back through ssh local proxy

    I would appreciate feedback on whether what I am doing is sane and
    where the operator error might be.

    I have box A-home (Win), B-office (Linux) and C-workstation(Linux).
    Both A-home and C-workstation have local, DHCP-ed, NAT'ed addresses. B-
    office and C-workstation run ssh daemons. From A-home I want to run
    cygwin-X and be able to run a single command in addition, that will:
    - open a terminal on C-workstation
    - enable me to run X commands on C-workstation with display on A-home
    - enable me to run vncviewer on A-home for the server on C-workstaton

    I set up a straight ssh connection with X11 forwarding to B-office;
    works great both for terminal and X11.
    I set up a new connection as follows:
    - target C-workstation (at default port, i.e. 22)
    - X11 forwarding
    - tunneling L 25900:C-workstation:5900
    - proxied with local command: plink B-office -nc %host:%port

    As I understood the docs, the above should set up a tunnel through B-
    office to C-workstation by running plink per proxy definition, and
    then use it for all other traffic, including login, X11 and VNC.

    Reality:
    - login/terminal and VNC work fine, X11 commands on C-workstation
    output:
    Xlib: unexpected connection setup reply from server, type 108.
    : unable to open display "localhost:10.0".
    - putty log (from the putty term window's system menu) shows:
    2008-10-26 03:45:28 Received X11 connect request from 127.0.0.1:57019
    2008-10-26 03:45:28 Starting local proxy command: C:\Program Files
    \Putty\plink.exe B-office -nc ::1:6000
    2008-10-26 03:45:28 Opening X11 forward connection succeeded
    2008-10-26 03:45:29 Forwarded X11 connection terminated

    Looks to me like after getting the connect request from C-workstation
    back to A-home, putty somehow feels compelled to forward it back
    through the original proxy with a new tunnel, which looks completely
    wrong. Seems like all the traffic should go through the tunnel, that
    was created in the first place with the proxy.

    - what am I missing?
    - how should I be accomplishing my goal?
    - last resort; is this a bug in putty?

    Thanks,

    ---Sergey


  2. Re: help: putty tunneling X11 back through ssh local proxy

    sergleiz@gmail.com writes:
    >I have box A-home (Win), B-office (Linux) and C-workstation(Linux).

    [...]
    >I set up a new connection as follows:
    >- target C-workstation (at default port, i.e. 22)
    >- X11 forwarding
    >- tunneling L 25900:C-workstation:5900
    >- proxied with local command: plink B-office -nc %host:%port

    [...]
    >2008-10-26 03:45:28 Received X11 connect request from 127.0.0.1:57019
    >2008-10-26 03:45:28 Starting local proxy command: C:\Program Files
    >\Putty\plink.exe B-office -nc ::1:6000


    What I think is going wrong is that PuTTY is trying to make a proxy
    connection to get at the local X server, which is of course the wrong
    thing to do.

    Normally, it won't use the proxy for connections to localhost for
    precisely this sort of reason. However, it looks here as though it's
    trying to use the proxy to a localhost address, albeit an unusual one --
    "::1" is _IPv6_ localhost.

    I haven't dug all the way to the bottom of this, but I have some
    suspicions. In particular, I suspect that the efficacy of PuTTY's
    "localhost detection" is greatly reduced if local name lookups are
    disabled, as they will often be when a proxy is in use; in this case I
    suspect PuTTY will in effect simply do a textual comparison against the
    string "localhost", which will fail if the hostname to compare is "::1".

    I'm not quite sure how your X display host has ended up as "::1" in the
    first place, however.

    It would be useful to know the state of the following configuration
    items in your setup:

    - Proxy panel: "Consider proxying local host connections"
    (default is unchecked; if you've changed this, then the behaviour is
    expected)

    - Proxy panel: "Do DNS name lookup at proxy end"
    (default is "Auto", which is effectively "Yes" for a local proxy)

    - X11 panel: "X display location"
    (default is blank, which will either use the DISPLAY variable from
    the environment -- is that set, and if so what to? -- or failing that
    it'll use "localhost:0")

    What version of PuTTY, and what version of Windows on A-home?

    (In any case, I suspect that putting "::1" in "Exclude Hosts/IPs" will
    solve your problem, but it probably shouldn't be necessary, so I'd be
    interested to get to the bottom of this.)

+ Reply to Thread