| View previous topic :: View next topic |
| Author |
Message |
VanDan
Guru
Joined: 30 Sep 2002
Posts: 586
Location: Australia
|
 Posted: Fri May 29, 2009 1:03 am Post subject: Tunnel X session *without* xauth ( ssh -R ) |
 |
|
Hi people.
I have to set up a tunnel through a BSD box that doesn't have xauth installed. So I can't use 'ssh -X' or 'ssh -Y' because these require xauth on the remote server.
I believe I can just use ssh's port forwarding ( eg 'ssh -R remote_port:local_address:local_port' syntax ) to forward my X session, however X doesn't seem to be listening for TCP connections. I'm using gdm on my desktop, so I run gdmsetup and unchecked the 'Deny TCP connections to Xserver' box, and restarted gdm. This doesn't seem to have worked.
How do I make X listen for TCP connections, and where do I specify the port?
Thanks.
_________________
David Hicks' plea. Was it:
a) I plead guilty, or
b) Please let me out of here and end the torture |
|
| Back to top |
|
 |
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23081
|
| Posted: Fri May 29, 2009 2:59 am Post subject: |
|
|
Are you sure the remote end has no xauth utility? I would be surprised to see a system with X clients, but no ability to provide them with proper authentication cookies.
To make X listen for TCP connections, you need to make the startup procedure not pass -nolisten tcp. The port will be 6000 by default. Unless you have a conflict locally, there is no need to change it. You can forward some other port on the remote end to port 6000 locally. However, even once you get that forwarding working, you need to provide the remote applications with permission to connect. The simplest safe way to do that is via xauth cookies. You could use xhost to reduce security, but then anyone on the remote end who can connect to the forwarded port could connect to your X server. |
|
| Back to top |
|
|
VanDan
Guru
Joined: 30 Sep 2002
Posts: 586
Location: Australia
|
| Posted: Fri May 29, 2009 3:03 am Post subject: |
|
|
| Hu wrote: | | Are you sure the remote end has no xauth utility? I would be surprised to see a system with X clients, but no ability to provide them with proper authentication cookies. |
Yes. It's a gateway, and I'll be tunneling through this box to another box that has my X app.
| Hu wrote: | | To make X listen for TCP connections, you need to make the startup procedure not pass -nolisten tcp. The port will be 6000 by default. |
Cool. Thanks 
_________________
David Hicks' plea. Was it:
a) I plead guilty, or
b) Please let me out of here and end the torture |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23081
|
| Posted: Sat May 30, 2009 2:57 am Post subject: |
|
|
| VanDan wrote: | Yes. It's a gateway, and I'll be tunneling through this box to another box that has my X app.
|
In that case, what about using a local port forwarding such that port N on localhost maps to port 22 on the box with the X app. You would then ssh to localhost:N, and the traffic would be redirected over the first ssh tunnel to the second sshd. The connection arriving at the second sshd would have its client end on your system, so an X forward there would traverse the gateway at the IP layer only, without needing to run xauth on the gateway. This would allow you to use traditional X forwarding between your client and the server with the X application, thereby avoiding games with the X server listening sockets and X authentication. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
