Hi people,
thanks for all of your kind answers.
I learned a lot about ssh and how X forwarding works thanks to your
posts, and also about security guidelines. "Nesting tunnels is safer
than chaining." I'll remember that. And I'll try to avoid -g ;-)
As some of you suggested, in the end the problem was just that ririu was
not configured to allow X11Forwarding. I just had to edit the
sshd_config. Then it worked. However, now I'm also setting up the
tunnels in the way you guys suggested :-)
Cheers,
Malte
dani1l schrieb:
for example your X was opened at freya of port 6123
first:
malte@freya $ ssh -R 1234:localhost:6123 malte@hal # port 1234 or other
then you at hal:
malte@hal $ ssh -R 6125:localhost:1234 malte@ririu
then at ririu
malte@ririu $ export DISPLAY=localhost:125.0
malte@ririu $ xterm &
在2008-10-01,"Dirk H. Schulz" <dirk.schulz@xxxxxxxxxxxxx> 写道:
>Malte,
>
>just one preliminary question:
>You have verified that every sshd on the way has X Forwarding enabled? And
>restarted it afterwards, eventually?
>
>Ah, well, and another question:
>Have you started sshd and ssh in very verbose mode (-vvv) and looked into
>the logs? Many things in verbose mode are completely alien wording, but
>sometimes one can get a hint.
>
>I have not tried using X forwarding on such a double ssh route myself, but
>I have configured something similar some months ago for someone else to
>use.
>What I did, was:
>On the first part of the way (that is freya to hal, isn't it?) I used
>public key authentication, and in authorized_keys I added
>"command=/path/to/ssh -X -l USER ririu" before the key. That makes the
>shell on hal open up the second part of the way on its own - you hop right
>through hal from freya to ririu. And you are restricted to exactly that
>command in the shell on hal, you can do nothing else.
>
>My first server was HPUX, the second some Linux (don't know the distro,
>presumably RedHat), and I remember I had to fiddle around with the syntax,
>but it worked in the end including X forwarding (according to the guy who
>had to use it).
>
>By the way, the above syntax is right away off my head - don't trust it
>down to the single sign.
>
>Regards,
>
>Dirk
>
>
>--On 30. September 2008 13:21:14 +0200 Malte Horst Arthur Skoruppa
>
