Author: der.hans Date: Subject: Linux Computer Store and Cafe
Am 10. Apr, 2002 schwätzte Thomas Mondoshawan Tate so:
> Unfortunately, no it doesn't. I'm guessing it has to have this to provide
> X11 connection forwarding, right?
xauth is required for X services over ssh. It's what provides the
authentication for X. Actually, I heard of a possiblity to use a different
auth service for X, but it still requires stuff to be installed, so use
xauth :).
> What I'm trying to do is forward an X client connection through two
> firewalls to my internal box. Eg:
>
> Crystaldragon -> Tank (firewall) -> { I-net } -> Thing (firewall) -> Nadesico
>
> Both Tank and Thing are Linux servers/firewalls. I'm sitting at
> Crystaldragon and want an xterm run on Nadesico to appear here. My guess is
> if SSH requires xauth to be present, then I can't do this via the X11
> forwarding option. How, then, is it possible to do this forwarding securely?
> Is it possible to setup a pair of SSH tunnels running on Tank and Thing that
> forwards incoming connections from Nadesico to Crystal?
Make sure xauth is installed everywhere. It's not a security issue for the
firewalls, so no reason not to have it.
Another possibility might be to put up an ssh tunnel or other vpn type of
thing between the two firewalls. Then Crystaldragon and Nadesico would have
a 'local' connection.
You could also do ssh tunneling for port 6000, but that seems like a strange
way to go.
ciao,
der.hans
--
# This line intentionally left blank.
# We now return you to your regularly scheduled paranoia...
(text/plain)