Re: [XFree86] dumb proxy
On Friday, June 27, 2003 12:46 am, Vladimir wrote: > this is what i'm trying to do I'll clean up the ASCII art since it appears to have been damaged. > A --ssh--> B --ssh--> C --ssh--> D > > a and D are both on private networks and can't talk to each other, Are these private networks "secure"? By that I mean is there any danger in sending unencrypted data over the wire? I consider my home network to be secure since I more or less trust all hosts on it and the rest of the Internet cannot directly monitor my Ethernet. > but b and c can talk to each other and b can talk to a and c can talk to d, Can A connect to C? Can D connect to B? > I > am trying to get an X application on D to show up on A. A, B, and D have > X installed but C does NOT have X installed. When i try to do an ssh -X > from A to B it works fine, but when i do that from B to C it does not > set the diplay to anything. and when i do ssh -X from C to D again the > display is not set and i dont get any forwarding I also cannot set up a > vpn because i almost no controll over c and d, but i do have root on a > and b if that helps. Here's the simplest way. It does not require root anywhere. Make port 6789 on host B connect to port 22 on host D via host C. Add -f to automatically fork ssh into the background (I prefer using shell job control to do this, since autobackgrounding is evil). Remove -N to also start a shell on host C. Change 6789 to whatever port you want. Add -C to compress the tunneled data. B$ ssh C -L 6789:D:22 -N -g Log into host D via the forwarded port on host B; also enable X forwarding. Add -C to compress the shell connection and X protocol. Note that double compression probably won't buy you anything. A$ ssh B -p 6789 -X If A can directly connect to C, change the above to: A$ ssh C -L 6789:D:22 -N A$ ssh localhost -p 6789 -X This way you can do it all without running anything on B. Instead you rely on B automatically routing packets from A destined for C. I'm using the second method right now as a test, and it worked without any problems (except I replaced "C" with "null.sevatech.com" and "D" with "localhost", which is still a valid test because localhost only maps to null from null's point of view). Plus, -g never worked properly for me, so maybe it's broken. My only complaint with this is that it tunnels ssh over ssh, which is redundant and wasteful of CPU time. But the only real reason I care is because toaster, my network's equivalent of your host B, is a 50MHz 486 on which ssh encryption is noticeably slow. If you really care, you can write your own port forwarder without encryption, but it probably won't be worth it. You won't lose any security, though, since you'll be forwarding ssh-encrypted data. -- Andy Goth | [EMAIL PROTECTED] | http://ioioio.net/ End communication. ___ XFree86 mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xfree86
Re: [XFree86] dumb proxy
this is what i'm trying to do ++ ++++ ++ | A | >>ssh>>| B | >>ssh>>| C | >>ssh>>| D | ++ ++ ++ ++ a and D are both on private networks and can't talk to each other, but b and c can talk to each other and b can talk to a and c can talk to d, I am trying to get an X application on D to show up on A. A, B, and D have X installed but C does NOT have X installed. When i try to do an ssh -X from A to B it works fine, but when i do that from B to C it does not set the diplay to anything. and when i do ssh -X from C to D again the display is not set and i dont get any forwarding I also cannot set up a vpn because i almost no controll over c and d, but i do have root on a and b if that helps. Andy Goth wrote: On Thursday, June 26, 2003 12:58 pm, Peter \ wrote: On Thu, 26 Jun 2003, Vladimir wrote: it seems that ssh will not do X forwards on a machine that does not have X installed any way around that? Use -L and -R. Set the DISPLAY manually. Get the MIT cookie on the already running X server and install it manually into ~/.Xauthority on the machine you want the X clients to run on. Summary: Possible but not pleasant. Why would you want to forward connections to a machine that doesn't have a real X server on it? The way the -X option of ssh works, a proxy X server is opened on the remote host that forwards back to the local host's real X server. The only thing I can imagine is forwarding one proxy to another, but unless you're going through multiple firewalls and NAT networks, I'm not sure what purpose this would serve. If you mean that ssh won't honor -X if you're attempting to open a proxy X server on a computer that doesn't have X installed, well, I'm not sure why you would want that either since that machine probably doesn't have any X clients installed (no libX11). If you want to do this so that many computers in the remote network could use that one computer to tunnel to your real X server, I think you would have to use the -g option, but -g has never worked for me for ordinary port forwarding, so I doubt you would get results with the more-complex X11 forwarding. If you really, really want to do something like this, use VPN by running pppd over ssh or similar and then no X11 proxy will be necessary since the remote computers will be able to access yours as if it were on the same network despite however many layers of firewalls and NAT networks you had to tunnel through. If you gave us a bit more information about what exactly you would like to accomplish, I'm sure we will be able to figure something out. Note that PuTTY for MS-Windows also does X forwarding. I'm not certain whether it just goes from the remote machine back to an X server running in Windows or if it has an option to go the other way. I don't know why the latter would be useful, though. ___ XFree86 mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xfree86
Re: [XFree86] dumb proxy
On Thursday, June 26, 2003 12:58 pm, Peter \ wrote: > On Thu, 26 Jun 2003, Vladimir wrote: > > it seems that ssh will not do X forwards on a machine that does not have > > X installed any way around that? > > Use -L and -R. > > Set the DISPLAY manually. > > Get the MIT cookie on the already running X server and install it manually > into ~/.Xauthority on the machine you want the X clients to run on. > > Summary: Possible but not pleasant. Why would you want to forward connections to a machine that doesn't have a real X server on it? The way the -X option of ssh works, a proxy X server is opened on the remote host that forwards back to the local host's real X server. The only thing I can imagine is forwarding one proxy to another, but unless you're going through multiple firewalls and NAT networks, I'm not sure what purpose this would serve. If you mean that ssh won't honor -X if you're attempting to open a proxy X server on a computer that doesn't have X installed, well, I'm not sure why you would want that either since that machine probably doesn't have any X clients installed (no libX11). If you want to do this so that many computers in the remote network could use that one computer to tunnel to your real X server, I think you would have to use the -g option, but -g has never worked for me for ordinary port forwarding, so I doubt you would get results with the more-complex X11 forwarding. If you really, really want to do something like this, use VPN by running pppd over ssh or similar and then no X11 proxy will be necessary since the remote computers will be able to access yours as if it were on the same network despite however many layers of firewalls and NAT networks you had to tunnel through. If you gave us a bit more information about what exactly you would like to accomplish, I'm sure we will be able to figure something out. Note that PuTTY for MS-Windows also does X forwarding. I'm not certain whether it just goes from the remote machine back to an X server running in Windows or if it has an option to go the other way. I don't know why the latter would be useful, though. -- Andy Goth | [EMAIL PROTECTED] | http://ioioio.net/ End communication. ___ XFree86 mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xfree86
Re: [XFree86] dumb proxy
On Thu, 26 Jun 2003, Vladimir wrote: > it seems that ssh will not do X forwards on a machine that does not have > X installed any way around that? Use -L and -R. Set the DISPLAY manually. Get the MIT cookie on the already running X server and install it manually into ~/.Xauthority on the machine you want the X clients to run on. Summary: Possible but not pleasant. -Peter Being really good at C++ is like being really good at using rocks to sharpen sticks. -- Thant Tessman ___ XFree86 mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xfree86
Re: [XFree86] dumb proxy
it seems that ssh will not do X forwards on a machine that does not have X installed any way around that? Andy Goth wrote: On Tuesday, June 24, 2003 11:26 am, Vladimir wrote: does anyone know of a dumb X proxy that would take incomming X connections and forward them on to a different machine? ssh will do this for you. Plus, it can transparently compress and encrypt the protocol. ___ XFree86 mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xfree86
Re: [XFree86] dumb proxy
On Tuesday, June 24, 2003 11:26 am, Vladimir wrote: > does anyone know of a dumb X proxy that would take incomming X > connections and forward them on to a different machine? ssh will do this for you. Plus, it can transparently compress and encrypt the protocol. -- Andy Goth | [EMAIL PROTECTED] | http://ioioio.net/ End communication. ___ XFree86 mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xfree86
[XFree86] dumb proxy
does anyone know of a dumb X proxy that would take incomming X connections and forward them on to a different machine? ___ XFree86 mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xfree86
