Tunneling X without X available - Suse

This is a discussion on Tunneling X without X available - Suse ; I've set up a virtual machine with minimum installation of openSuSE 10.3 supposed to offer ssh access to a small network. Users are supposed to log in to this ssh server and then to other, more interesting machines on the ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Tunneling X without X available

  1. Tunneling X without X available

    I've set up a virtual machine with minimum installation of openSuSE 10.3
    supposed to offer ssh access to a small network. Users are supposed to
    log in to this ssh server and then to other, more interesting machines
    on the network. The advantage over offering direct access will be that
    I will have to monitor closely only one machine and also that a virtual
    machine can be shut down and replaced by a backup copy in almost no
    time in case of security issues.
    The problem I'm trying to solve is this: Tunneling X connections from
    the network to a remote machine should be possible, ssh -X. But I do
    not intend to install an X server on this machine exposing port 22 to
    the outside world. Authentication and access to users home directories
    is granted by ldap-pam and autofs, respectively.
    Now as far as I understand I will have to make xauth available on this
    server. But then this executable is part of a big fat X11 rpm package
    on openSuSE. Any ideas on how to tunnel X11 in this setup without
    installing all this crap?

    GŁnther

  2. Re: Tunneling X without X available

    On Apr 15, 6:33 pm, GŁnther Schwarz wrote:
    > on openSuSE. Any ideas on how to tunnel X11 in this setup without
    > installing all this crap?
    >



    I didn't take the time to give it a proper test, i.e. on a box
    completely devoid of xauth, but this is worth a try.

    From my workstation, I created a tunnel and included the '-x' option
    to disable x11 forwarding:

    ssh -x -P -N -f -L40022rotected-server:22
    username@ssh.shell.server

    Then, also from my workstation, I logged into the protected-server via
    the forwarded local port with '-X' option to enable x11 forwarding:

    ssh -X -p 40022 username@localhost

    I was then able to run x11 apps from protected-server without a
    problem.

    --
    Andy

  3. Re: Tunneling X without X available

    AHinMaine wrote:

    > On Apr 15, 6:33 pm, GŁnther Schwarz wrote:
    >> on openSuSE. Any ideas on how to tunnel X11 in this setup without
    >> installing all this crap?


    > I didn't take the time to give it a proper test, i.e. on a box
    > completely devoid of xauth, but this is worth a try.
    >
    > From my workstation, I created a tunnel and included the '-x' option
    > to disable x11 forwarding:
    >
    > ssh -x -P -N -f -L40022rotected-server:22
    > username@ssh.shell.server
    >
    > Then, also from my workstation, I logged into the protected-server via
    > the forwarded local port with '-X' option to enable x11 forwarding:
    >
    > ssh -X -p 40022 username@localhost
    >
    > I was then able to run x11 apps from protected-server without a
    > problem.


    Thanks for doing and posting this test. Since my initial posting I
    decided to go the easy route installing xauth (package xorg-x11 on
    openSuSE10.3). Though it contains a lot of stuff I do not need it is
    less than 20MB including all dependencies.
    With this package I can forward X11 just fine. However, when removing it
    again for testing the above example looks like this (note that -X is
    default in this network):

    me@local:> ssh -P -N -f -L40022:ssh-server:22 ssh-server
    me@local:> ssh -X -p 40022 localhost
    Password:
    Last login: Fri Apr 18 16:40:28 2008 from local
    Have a lot of fun...
    me@ssh-server:> ssh remote
    Warning: No xauth data; using fake authentication data for X11
    forwarding.
    Last login: Fri Apr 18 16:36:58 2008 from ssh-server
    Have a lot of fun...
    me@remote> xclock
    connect ssh-server port 6000: Connection refused
    Error: Can't open display: localhost:12.0

    GŁnther

+ Reply to Thread