On Friday, June 27, 2003 12:46 am, Vladimir wrote: > this is what i'm trying to do
I'll clean up the ASCII art since it appears to have been damaged. > A --ssh--> B --ssh--> C --ssh--> D > > a and D are both on private networks and can't talk to each other, Are these private networks "secure"? By that I mean is there any danger in sending unencrypted data over the wire? I consider my home network to be secure since I more or less trust all hosts on it and the rest of the Internet cannot directly monitor my Ethernet. > but b and c can talk to each other and b can talk to a and c can talk to d, Can A connect to C? Can D connect to B? > I > am trying to get an X application on D to show up on A. A, B, and D have > X installed but C does NOT have X installed. When i try to do an ssh -X > from A to B it works fine, but when i do that from B to C it does not > set the diplay to anything. and when i do ssh -X from C to D again the > display is not set and i dont get any forwarding I also cannot set up a > vpn because i almost no controll over c and d, but i do have root on a > and b if that helps. Here's the simplest way. It does not require root anywhere. Make port 6789 on host B connect to port 22 on host D via host C. Add -f to automatically fork ssh into the background (I prefer using shell job control to do this, since autobackgrounding is evil). Remove -N to also start a shell on host C. Change 6789 to whatever port you want. Add -C to compress the tunneled data. B$ ssh C -L 6789:D:22 -N -g Log into host D via the forwarded port on host B; also enable X forwarding. Add -C to compress the shell connection and X protocol. Note that double compression probably won't buy you anything. A$ ssh B -p 6789 -X If A can directly connect to C, change the above to: A$ ssh C -L 6789:D:22 -N A$ ssh localhost -p 6789 -X This way you can do it all without running anything on B. Instead you rely on B automatically routing packets from A destined for C. I'm using the second method right now as a test, and it worked without any problems (except I replaced "C" with "null.sevatech.com" and "D" with "localhost", which is still a valid test because localhost only maps to null from null's point of view). Plus, -g never worked properly for me, so maybe it's broken. My only complaint with this is that it tunnels ssh over ssh, which is redundant and wasteful of CPU time. But the only real reason I care is because toaster, my network's equivalent of your host B, is a 50MHz 486 on which ssh encryption is noticeably slow. If you really care, you can write your own port forwarder without encryption, but it probably won't be worth it. You won't lose any security, though, since you'll be forwarding ssh-encrypted data. -- Andy Goth | [EMAIL PROTECTED] | http://ioioio.net/ End communication. _______________________________________________ XFree86 mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xfree86
