tunnel thru a gateway host to forward x11 - SSH

This is a discussion on tunnel thru a gateway host to forward x11 - SSH ; I've got a setup like this: my desktop ---> jumphost --> backup server I'd like to forward X11 from the backup server to my desktop and the only way to access it is via this jumphost. My Desktop has cygwin ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: tunnel thru a gateway host to forward x11

  1. tunnel thru a gateway host to forward x11

    I've got a setup like this:

    my desktop ---> jumphost --> backup server

    I'd like to forward X11 from the backup server to my desktop and the only way to access it is
    via this jumphost.

    My Desktop has cygwin running and I can easily forward X11 from the jumphost to my desktop.

    How can I forward X11 from 'backup server' directly to my desktop?

    -Mike

  2. Re: tunnel thru a gateway host to forward x11

    >>>>> "MS" == Mike Stone writes:

    MS> I've got a setup like this: my desktop ---> jumphost --> backup
    MS> server

    MS> I'd like to forward X11 from the backup server to my desktop and
    MS> the only way to access it is via this jumphost.

    MS> My Desktop has cygwin running and I can easily forward X11 from
    MS> the jumphost to my desktop.

    MS> How can I forward X11 from 'backup server' directly to my desktop?

    desktop> ssh -oProxyCommand="ssh -qax jumphost nc %h %p" -X backup-server

    With this idiom, being able to forward X to the intermediate host is
    irrelevant. This assumes you have netcat ("nc") or something equivalent
    on jumphost.

    --
    Richard Silverman
    res@qoxp.net


  3. Re: tunnel thru a gateway host to forward x11

    Richard E. Silverman wrote:
    > MS> the jumphost to my desktop.
    > MS> How can I forward X11 from 'backup server' directly to my desktop?
    > desktop> ssh -oProxyCommand="ssh -qax jumphost nc %h %p" -X backup-server
    > With this idiom, being able to forward X to the intermediate host is
    > irrelevant. This assumes you have netcat ("nc") or something equivalent
    > on jumphost.


    Jumphost is managed by another department. No way I can get Netcat or anything
    like that installed.

    Is there another way of doing this?

  4. Re: tunnel thru a gateway host to forward x11

    >>>>> "MS" == Mike Stone writes:

    MS> Richard E. Silverman wrote: the jumphost to my
    MS> desktop. How can I forward X11 from 'backup server' directly to
    MS> my desktop?
    desktop> ssh -oProxyCommand="ssh -qax jumphost nc %h %p" -X
    desktop> backup-server
    >> With this idiom, being able to forward X to the intermediate host
    >> is irrelevant. This assumes you have netcat ("nc") or something
    >> equivalent on jumphost.


    MS> Jumphost is managed by another department. No way I can get
    MS> Netcat or anything like that installed.

    Life would so much easier if this feature would get added to OpenSSH.
    Anyway, there may already be a tool that does what you need; look around.

    MS> Is there another way of doing this?

    You can always do the connections in series:

    desktop> ssh -tX jumphost ssh -X backup-server

    .... but this is messier, less secure, and more prone to problems.

    --
    Richard Silverman
    res@qoxp.net


  5. Re: tunnel thru a gateway host to forward x11

    On 2005-11-20, Mike Stone wrote:
    > Jumphost is managed by another department. No way I can get Netcat or
    > anything like that installed.


    It need not be installed in the system path and does not require any
    special privs, so if you can compile stuff or copy compiled binaries
    onto the jumphost you can put it in, eg, $HOME/bin/ .

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  6. Re: tunnel thru a gateway host to forward x11

    On 2005-11-20, Richard E. Silverman wrote:
    > Life would so much easier if this feature would get added to OpenSSH.
    > Anyway, there may already be a tool that does what you need; look around.


    Agreed :-)

    I have looked but it's not obvious to me how to implement it, so it will
    require some time to sit down and figure it out...

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  7. Re: tunnel thru a gateway host to forward x11

    Darren Tucker wrote:
    > On 2005-11-20, Mike Stone wrote:
    >> Jumphost is managed by another department. No way I can get Netcat or
    >> anything like that installed.

    >
    > It need not be installed in the system path and does not require any
    > special privs, so if you can compile stuff or copy compiled binaries
    > onto the jumphost you can put it in, eg, $HOME/bin/ .


    Also, it is a little-known fact that bash has some special handling for
    the not-quite-a-device-where-I-live file /dev/tcp. It cannot listen,
    AFAIK, but can forward stdin to some port just fine.

    (Yay for feature bloat!)

    Joachim

+ Reply to Thread