Tunneling X without X available

I've set up a virtual machine with minimum installation of openSuSE 10.3
supposed to offer ssh access to a small network. Users are supposed to
log in to this ssh server and then to other, more interesting machines
on the network. The advantage over offering direct access will be that
I will have to monitor closely only one machine and also that a virtual
machine can be shut down and replaced by a backup copy in almost no
time in case of security issues.
The problem I'm trying to solve is this: Tunneling X connections from
the network to a remote machine should be possible, ssh -X. But I do
not intend to install an X server on this machine exposing port 22 to
the outside world. Authentication and access to users home directories
is granted by ldap-pam and autofs, respectively.
Now as far as I understand I will have to make xauth available on this
server. But then this executable is part of a big fat X11 rpm package
on openSuSE. Any ideas on how to tunnel X11 in this setup without
installing all this crap?

Günther

On Apr 15, 6:33 pm, Günther Schwarz wrote:
> on openSuSE. Any ideas on how to tunnel X11 in this setup without
> installing all this crap?
>

I didn't take the time to give it a proper test, i.e. on a box
completely devoid of xauth, but this is worth a try.

From my workstation, I created a tunnel and included the '-x' option
to disable x11 forwarding:

ssh -x -P -N -f -L40022

rotected-server:22
username@ssh.shell.server

Then, also from my workstation, I logged into the protected-server via
the forwarded local port with '-X' option to enable x11 forwarding:

ssh -X -p 40022 username@localhost

I was then able to run x11 apps from protected-server without a
problem.

--
Andy

AHinMaine wrote:

> On Apr 15, 6:33 pm, Günther Schwarz wrote:
>> on openSuSE. Any ideas on how to tunnel X11 in this setup without
>> installing all this crap?

> I didn't take the time to give it a proper test, i.e. on a box
> completely devoid of xauth, but this is worth a try.
>
> From my workstation, I created a tunnel and included the '-x' option
> to disable x11 forwarding:
>
> ssh -x -P -N -f -L40022

rotected-server:22
> username@ssh.shell.server
>
> Then, also from my workstation, I logged into the protected-server via
> the forwarded local port with '-X' option to enable x11 forwarding:
>
> ssh -X -p 40022 username@localhost
>
> I was then able to run x11 apps from protected-server without a
> problem.

Thanks for doing and posting this test. Since my initial posting I
decided to go the easy route installing xauth (package xorg-x11 on
openSuSE10.3). Though it contains a lot of stuff I do not need it is
less than 20MB including all dependencies.
With this package I can forward X11 just fine. However, when removing it
again for testing the above example looks like this (note that -X is
default in this network):

me@local:> ssh -P -N -f -L40022:ssh-server:22 ssh-server
me@local:> ssh -X -p 40022 localhost
Password:
Last login: Fri Apr 18 16:40:28 2008 from local
Have a lot of fun...
me@ssh-server:> ssh remote
Warning: No xauth data; using fake authentication data for X11
forwarding.
Last login: Fri Apr 18 16:36:58 2008 from ssh-server
Have a lot of fun...
me@remote> xclock
connect ssh-server port 6000: Connection refused
Error: Can't open display: localhost:12.0

Günther

Tunneling X without X available - Suse

Thread: Tunneling X without X available

LinkBack

Tools

Tunneling X without X available

Re: Tunneling X without X available

Re: Tunneling X without X available