Thanks ME, That's a lot of information, I'm going to have to digest for a little while. I neglected to tell you, but yes, I do have hummingbird (exceed) on my win32 box. I'll have to look around for the settings for X11 stuff
Jay ----- Original Message ----- From: "ME" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 12, 2001 2:22 PM Subject: Re: [vox-tech] X, SSH across Internet through NAT > On Fri, 12 Oct 2001, Jay Strauss wrote: > > Is this possible, I have (crappy) linksys dsl router/NAT devices set up > > on other sides of the internet. Behind one is my SSH client, behind the > > other is my SSH server (on my deb box): > > It can be done if you can establish an ssh session from the source NAT-ed > host to the destintaion NAT-ed host. > > > SSH SSHd > > Client Debian > > (putty) 192.168.5.102 > > 192.168.5.100 > > | | > > | | > > | | > > | internet | > > 192.168.5.254 =================== 192.168.5.254 > > Linksys Linksys > > NAT NAT > > xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy > > Cool ASCII Drawing. (ME likes it) > > > I am able to SSH from the client to the server, but when I try to start an > > xterm: > > Whoah! Dejavu! > > > 192.168.5.102:jstrauss> xterm -display xxx.xxx.xxx.xxx > > In this case, you are probably trying to tell the remote machine to use an > X $DISPLAY that would try to connect to the NAT-ed IP address and there is > no service on the NAT linksys router to perform this by default. Also, the > remote host does not know how to get to your reserved network IP address > used in the NAT LAN at "home". > > By default most new ssh clients/servers seem to be shipping with disabled > X forwarding by default due to security conerns with X. > > > It just hangs. Now I figure I can't really send the display to the linksys > > device in front of my client, but where > > else can I send it? I can't send it to 192.168.5.100, cause it will try to > > route to it's local LAN. Is what I'm trying impossible? I thought you > > could run X through (some sort of encrypted tunnel) ssh all the way back to > > the client. > > You can generally offer X updates/draw through an ssh session, but there > are security implications with this. If you have one of the newer ssh > varients (openssh or ssh2) then check the options when starting ssh. For > one, I think you can add "-X" and the other you can add "-x" to explicitly > state you want to tunnel X through SSH. (Not exactly sure, which is which > ans which one uses "-X" for enable, but one seems to use -x for disable, > so check your man pages to be sure.) > > Once you have enabled X through SSH, you will/should have a new env var on > the remote machine called $DISPLAY. echo $DISPLAY in the shell on the > remote machine to see if it is set. It will probably be a local high port > like "yourhostname:11.0" > > You should be able to then start X apps on the remote location and have > them appear on your local screen automagically. > > The cost of X through ssh is you will take a processor hit, and smooth > graphics and video won't be so smooth. You will/should notice more lag > than when you compare it to a non-encrypted session. If you are going from > one NAT-ed host to another NAT-ed host, using an ssh session is the > easiest way to get the stuff to yourself, but with the cost of speed and > the X security issue. > > > One more thing, when I'm pick up my laptop and bring it home (onto the LAN > > where my sshd is located). I'm able to get an xterm sent sent locally, but > > how do I know its even using the ssh tunnel and not just sending it clear > > text? > > Use a sniffer. :-) Or you can examine your env variable $DISPLAY to see if > it is set to send to the remote host, or is using the localhost and then > SSH. > > Also, I just noticed that you mention "putty" as your client side. Most of > the above (-X flag for enabling X session stuff) is/was for the > openssh/fsecure ports of client ssh. I have not used this client (putty), > so you should check to see if it offers X11 forwarding/redirection. If it > does, then make sure you have enabled this option. If this is on Windows > (Win32) then you need to have an X11 Server for windows (or if on the mac, > then one for the mac). > > If you do not have an X-Server for your windows/mac machine, i think you > can get one for trial for Mac or Windows called MI/X > http://tnt.microimages.com/www/html/freestuf/mix/ > I used that before (or at least an earlier one) and it seemed to work for > most of the things I wanted to use at the time. It was rather feature > limited, but the price at the times sounded right. > > There was one out there called Hummingbird Exceed or soemthing like that > but I think it co$t a bit more. People that have used said they liked it, > but what do people know anyway? They are only human. ;-) > > Others here may have more up-to-date suggestions on W32 based XServers > that are fresh on the menu. > > -ME > > P.S. Just found from from putty docs: > http://www.tartarus.org/~simon/puttydoc/output.txt > 3.16.1 X11 forwarding > > If your server lets you run X Window System applications, X11 > forwarding allows you to securely give those applications access to > a local X display on your PC. > > This feature will only be useful if you have an X server on your PC, > such as Exceed or XWin32. > > To enable X11 forwarding, check the `Enable X11 forwarding' box. If > your X display is not the primary display on your local machine > (which it almost certainly will be unless you have deliberately > arranged otherwise), you need to enter its location in the `X > display location' box. > > Which really answers your last Q more more directly. > That options should set the env var $DISPLAY on the remote machine. Check > echo $DISPLAY to see if it does. > > -----BEGIN GEEK CODE BLOCK----- > Version: 3.12 > GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ > L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP > t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z? > ------END GEEK CODE BLOCK------ > decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html > Systems Department Operating Systems Analyst for the SSU Library _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
