[wplug] Tunneling X across multiple SSH hops?

Poyner, Brandon bpoyner at ccac.edu
Thu Apr 21 13:34:27 EDT 2005 

The first hop machine does not need to have X installed but it must at
least have xauth installed.  If you run 'xauth list' after connecting
through ssh does it report magic cookie information?  Does the $DISPLAY
environment variable get set?

Brandon Poyner
Network Engineer III
CCAC - College Office
412-237-3086
 

-----Original Message-----
From: wplug-bounces+bpoyner=ccac.edu at wplug.org
[mailto:wplug-bounces+bpoyner=ccac.edu at wplug.org] On Behalf Of Vanco,
Don
Sent: Thursday, April 21, 2005 1:14 PM
To: General user list
Subject: RE: [wplug] Tunneling X across multiple SSH hops?

>-----Original Message-----
>From: wplug-bounces+don.vanco=agilysys.com at wplug.org 
>[mailto:wplug-bounces+don.vanco=agilysys.com at wplug.org] On 
>Behalf Of Eric Cooper
>Sent: Friday, April 15, 2005 3:29 PM
>To: wplug at wplug.org
>Subject: Re: [wplug] Tunneling X across multiple SSH hops?
>
>
>On Fri, Apr 15, 2005 at 02:06:08PM -0400, Vanco, Don wrote:
>> Anyone have a quick-n-dirty set of instructions for getting 
>X to "play
>> nice" across multiple SSH hops?
>
>Just use "-X" (forward X connection) along each hop:
>    A$ ssh -X B
>    B$ ssh -X C
>    C$ xclock
>displays the clock on A.
>
>You might have to make sure that X forwarding is enabled in your
>configuration (ForwardX11 in ssh_config, X11Forwarding in sshd_config)

	This is what I expected to work - but it does not:
first hop (via SSH):
login as: vancod
Sent username "vancod"
vancod at 206.132.103.194's password:
Last login: Tue Apr 22 13:17:02 2003 from psefw-web.agilysys.com

Second hop:
[vancod at claw vancod]$ ssh root at 10.10.10.113
root at 10.10.10.113's password:
Last login: Thu Apr 21 12:54:38 2005 from 10.10.10.200
[root at titan root]# xclock
Error: Can't open display:

	All of the SSH config files are set to forward X.

	One key thing I forgot to mention - the firewall...
	I am guessing that because I access server one _through_ a
Microsoft ISA <ahem> firewall that the relevant port data is not passing
through.  As these are not Internet routable I have to go via gateway
devices...


Don

_______________________________________________
wplug mailing list
wplug at wplug.org
http://www.wplug.org/mailman/listinfo/wplug

More information about the wplug mailing list