Hello,
We run a freebsd 7.1 ssh gateway behind out NAT firewall.
Users first login to this gateway host from the internet and then login to other machines on the LAN.
It is desirable for users to be able to remotely run X applications on hosts of the internal LAN, tunnelling that X display throught the intermediate FreeBSD SSH gateway and displaying it on their local machine.
The FreeBSD gateway does not have X installed.
If machines on the internal LAN make direct ssh connections via:
From localmachine:
ssh -X othermachine
They are able to start X applications on othermachine and view the GUI of these applications on their localmachine X server host.
However if this ssh session is daisy-chained through the intermediate gateway the X forwarding fails.
From localmachine:
ssh -X gateway
From gateway:
ssh -X othermachine
Now when attempting to start an X application on othermachine this message results:
The current pertinent settings in the sshd_config on gateway:
I've tried various combinations of GatewayPorts, X11UseLocalhost, and PermitTunnel. The AllowTcpForwarding and X11Forwarding have stayed at their default enabled state.
I've tried various internet search queries on this topic and find an overabundance of "tunneling X through SSH" results, many of which are out of date and inaccurate. However I'm able to find very little on tunneling X through an intermediate gateway and what I've found hasn't helped.
Do I need to install X on the gateway in order to tunnel X through the gateway to another host?
There is no requirement to run X applications on the gateway itself and it is highly preferable to not install X on this machine.
Thank You So Much for Your Expert Advice!!!
johnea
We run a freebsd 7.1 ssh gateway behind out NAT firewall.
Users first login to this gateway host from the internet and then login to other machines on the LAN.
It is desirable for users to be able to remotely run X applications on hosts of the internal LAN, tunnelling that X display throught the intermediate FreeBSD SSH gateway and displaying it on their local machine.
The FreeBSD gateway does not have X installed.
If machines on the internal LAN make direct ssh connections via:
From localmachine:
ssh -X othermachine
They are able to start X applications on othermachine and view the GUI of these applications on their localmachine X server host.
However if this ssh session is daisy-chained through the intermediate gateway the X forwarding fails.
From localmachine:
ssh -X gateway
From gateway:
ssh -X othermachine
Now when attempting to start an X application on othermachine this message results:
Code:
Error: Can't open display:
The current pertinent settings in the sshd_config on gateway:
Code:
#AllowAgentForwarding yes
#AllowTcpForwarding yes
GatewayPorts yes
#X11Forwarding yes
#X11DisplayOffset 10
X11UseLocalhost no
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
PermitTunnel yes
#ChrootDirectory none
I've tried various combinations of GatewayPorts, X11UseLocalhost, and PermitTunnel. The AllowTcpForwarding and X11Forwarding have stayed at their default enabled state.
I've tried various internet search queries on this topic and find an overabundance of "tunneling X through SSH" results, many of which are out of date and inaccurate. However I'm able to find very little on tunneling X through an intermediate gateway and what I've found hasn't helped.
Do I need to install X on the gateway in order to tunnel X through the gateway to another host?
There is no requirement to run X applications on the gateway itself and it is highly preferable to not install X on this machine.
Thank You So Much for Your Expert Advice!!!
johnea