Il gio, 2003-08-21 alle 19:08, Christopher Huhn ha scritto: > I'd like to setup a login host in our DMZ: users should be able to login > from the outside via ssh and connect to the hosts in the internal > network via ssh also. This should be trivial in the first place, but > > Is there a possibility to get X11 forwarding working - without > installing at least xbase-clients on the DMZ host? X11 forwarding seems > at least to depend on the availibility of xauth. > > Can you get the functionality of scp/sftp without a direct (ssh) > connection of server and client? > Maybe via an ssh tunnel over ssh? But you don't really need double > encryption? What about rsync over ssh?
Let's say: A is the client; B is the dmz login host; C is the target server; p is an unprivileged port not in use on A; X is an alias for localhost on A. [0] Using only ssh (and sftp as an example of generic tcp application) you can: [1] $ ssh -f -N -L $p:$C:22 $B $ sftp -oPort=$p $X With socks4'ed applications you could also use -D option to let $B act as a socks4 proxy. Not tried, however i firmly think that you can use X11forwarding without installing X-related packages on B (otherwise you could consider using vnc and the -via option). Ciao, Gian Piero. Notes: [0] Aliases are used to trick the strict key check. Investigate HostKeyAlias in order to do that cleanly. [1] Other ssh options at your choice.
