Jumping in late. I successfully used cygwin, with the XFree86 port on my WinNT4 work system. I would launch XFree into in X Window session, then from the terminal window I would type ssh -X -l username domain.com
The -X exports it across the connection and the -l is for the logon with this name. This worked fine for me. I need to write this up for the lugod faqs section. Write up your method when you get it to work with putty. -sp On Fri, 12 October 2001, "Jay Strauss" wrote: > > Yippee, it works. I needed to download the latest (development) version of > putty. It supports X11 Forwarding. I just got an xterm on from my machine > at home, Pretty cool. > > Thanks ME > Jay > ----- Original Message ----- > From: "ME" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, October 12, 2001 2:22 PM > Subject: Re: [vox-tech] X, SSH across Internet through NAT > > > > On Fri, 12 Oct 2001, Jay Strauss wrote: > > > Is this possible, I have (crappy) linksys dsl router/NAT devices set up > > > on other sides of the internet. Behind one is my SSH client, behind the > > > other is my SSH server (on my deb box): > > > > It can be done if you can establish an ssh session from the source NAT-ed > > host to the destintaion NAT-ed host. > > > > > SSH SSHd > > > Client Debian > > > (putty) 192.168.5.102 > > > 192.168.5.100 > > > | | > > > | | > > > | | > > > | internet | > > > 192.168.5.254 =================== 192.168.5.254 > > > Linksys Linksys > > > NAT NAT > > > xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy > > > > Cool ASCII Drawing. (ME likes it) > > > > > I am able to SSH from the client to the server, but when I try to start > an > > > xterm: > > > > Whoah! Dejavu! > > > > > 192.168.5.102:jstrauss> xterm -display xxx.xxx.xxx.xxx > > > > In this case, you are probably trying to tell the remote machine to use an > > X $DISPLAY that would try to connect to the NAT-ed IP address and there is > > no service on the NAT linksys router to perform this by default. Also, the > > remote host does not know how to get to your reserved network IP address > > used in the NAT LAN at "home". > > > > By default most new ssh clients/servers seem to be shipping with disabled > > X forwarding by default due to security conerns with X. > > > > > It just hangs. Now I figure I can't really send the display to the > linksys > > > device in front of my client, but where > > > else can I send it? I can't send it to 192.168.5.100, cause it will try > to > > > route to it's local LAN. Is what I'm trying impossible? I thought you > > > could run X through (some sort of encrypted tunnel) ssh all the way back > to > > > the client. > > > > You can generally offer X updates/draw through an ssh session, but there > > are security implications with this. If you have one of the newer ssh > > varients (openssh or ssh2) then check the options when starting ssh. For > > one, I think you can add "-X" and the other you can add "-x" to explicitly > > state you want to tunnel X through SSH. (Not exactly sure, which is which > > ans which one uses "-X" for enable, but one seems to use -x for disable, > > so check your man pages to be sure.) > > > > Once you have enabled X through SSH, you will/should have a new env var on > > the remote machine called $DISPLAY. echo $DISPLAY in the shell on the > > remote machine to see if it is set. It will probably be a local high port > > like "yourhostname:11.0" > > > > You should be able to then start X apps on the remote location and have > > them appear on your local screen automagically. > > > > The cost of X through ssh is you will take a processor hit, and smooth > > graphics and video won't be so smooth. You will/should notice more lag > > than when you compare it to a non-encrypted session. If you are going from > > one NAT-ed host to another NAT-ed host, using an ssh session is the > > easiest way to get the stuff to yourself, but with the cost of speed and > > the X security issue. > > > > > One more thing, when I'm pick up my laptop and bring it home (onto the > LAN > > > where my sshd is located). I'm able to get an xterm sent sent locally, > but > > > how do I know its even using the ssh tunnel and not just sending it > clear > > > text? > > > > Use a sniffer. :-) Or you can examine your env variable $DISPLAY to see if > > it is set to send to the remote host, or is using the localhost and then > > SSH. > > > > Also, I just noticed that you mention "putty" as your client side. Most of > > the above (-X flag for enabling X session stuff) is/was for the > > openssh/fsecure ports of client ssh. I have not used this client (putty), > > so you should check to see if it offers X11 forwarding/redirection. If it > > does, then make sure you have enabled this option. If this is on Windows > > (Win32) then you need to have an X11 Server for windows (or if on the mac, > > then one for the mac). > > > > If you do not have an X-Server for your windows/mac machine, i think you > > can get one for trial for Mac or Windows called MI/X > > http://tnt.microimages.com/www/html/freestuf/mix/ > > I used that before (or at least an earlier one) and it seemed to work for > > most of the things I wanted to use at the time. It was rather feature > > limited, but the price at the times sounded right. > > > > There was one out there called Hummingbird Exceed or soemthing like that > > but I think it co$t a bit more. People that have used said they liked it, > > but what do people know anyway? They are only human. ;-) > > > > Others here may have more up-to-date suggestions on W32 based XServers > > that are fresh on the menu. > > > > -ME > > > > P.S. Just found from from putty docs: > > http://www.tartarus.org/~simon/puttydoc/output.txt > > 3.16.1 X11 forwarding > > > > If your server lets you run X Window System applications, X11 > > forwarding allows you to securely give those applications access to > > a local X display on your PC. > > > > This feature will only be useful if you have an X server on your > PC, > > such as Exceed or XWin32. > > > > To enable X11 forwarding, check the `Enable X11 forwarding' box. If > > your X display is not the primary display on your local machine > > (which it almost certainly will be unless you have deliberately > > arranged otherwise), you need to enter its location in the `X > > display location' box. > > > > Which really answers your last Q more more directly. > > That options should set the env var $DISPLAY on the remote machine. Check > > echo $DISPLAY to see if it does. > > > > -----BEGIN GEEK CODE BLOCK----- > > Version: 3.12 > > GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) > P+$>+++ > > L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP > > t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z? > > ------END GEEK CODE BLOCK------ > > decode: http://www.ebb.org/ungeek/ about: > http://www.geekcode.com/geek.html > > Systems Department Operating Systems Analyst for the SSU Library > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com
