[NMLUG] ssh X forwarding

Robbins, Wesley L nmlug@swcp.com
Wed, 7 Nov 2001 12:45:33 -0700


Use the file keys. (To and from the internal Firewall) I really 
do not see to much damage from the world to firewall.  Also, Make the 
firewall limit its access to use ssh to only the machine you want.  
This stops rogue systems from showing up on the network and using 
the ssh.   


(Internal Unix Box) <---> (Firewall) <---(Any ssh client)
                      ^   
                      |
 (Rogue System)  -----+
So the Rogue system can see the internet but cannot be ssh to
directly.  Have the person contact the Admin for an SSH Key file
and then walk him through setting it up. After you get to inspect 
the system and make sure it is semi-locked down.

For your X11-Forward

I had a prob. very similar to this last week I'll outline how 
I found it and fixed it.

 (Windows) --> (Linux) --> (Linux) --> (Linux)

This was my connection.  
I was sitting on a Windows machine with an X server running.
I enabled X11 Forward in the Windows ssh program I was running
I connected to the first Linux server and did xclock.
It came up just fine.  I ssh'd to the next Linux server and 
typed xclock It came up fine.  I then ssh'd to the third Linux box
xclock. Did not work.

   I typed 'echo $DISPLAY' on each.  
   All had the machine name of the previous server and :10 "linux1:10"
   I then edited each ssh_config Not sshd_config
    I noticed   ForwardAgent no  ForwardX11 no was on the second Linux box.
   I changed it and logged out of ssh and back in.  I was then able to use 
   X on the third Xbox.


------------------------------------------------------
To UNSUBSCRIBE send a message to nmlug-request@swcp.com
with only the word unsubscribe in the body.  More
information can be found at www.nmlug.org/info.html
-----------------------------------------------------