From owner-freebsd-questions@FreeBSD.ORG Fri Aug 22 09:58:57 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A52C3106564A for ; Fri, 22 Aug 2008 09:58:57 +0000 (UTC) (envelope-from roberto.nunnari@supsi.ch) Received: from ti-edu.ch (posta.ti-edu.ch [195.176.176.171]) by mx1.freebsd.org (Postfix) with ESMTP id 174218FC12 for ; Fri, 22 Aug 2008 09:58:56 +0000 (UTC) (envelope-from roberto.nunnari@supsi.ch) X-Virus-Scanned: by cgpav Received: from [193.5.152.27] (HELO [127.0.0.1]) by ti-edu.ch (CommuniGate Pro SMTP 5.2.5) with ESMTP id 27669986; Fri, 22 Aug 2008 11:58:53 +0200 Message-ID: <48AE8DC0.1050603@supsi.ch> Date: Fri, 22 Aug 2008 11:58:24 +0200 From: Roberto Nunnari User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) MIME-Version: 1.0 To: Nikos Vassiliadis References: <48AADA2A.10803@supsi.ch> <48AD1125.6030509@supsi.ch> <200808211149.59449.nvass@teledomenet.gr> In-Reply-To: <200808211149.59449.nvass@teledomenet.gr> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: X11 tunnel over ssh and then rsh X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Aug 2008 09:58:57 -0000 Hello Nikos. Thank you for your reply. See my comments below. Nikos Vassiliadis wrote: > On Thursday 21 August 2008 09:54:29 Roberto Nunnari wrote: >> Anybody on this, please? >> >> Roberto Nunnari wrote: >>> Hello list. >>> >>> I have this scenario >>> >>> 1) host A with X server >>> 2) host B with ssh server but without X server >>> 3) host C with rsh server and X client programs but without X server >>> (on host C there's also an ssh server, but in our case, users >>> have to use rsh) > > Why rsh? Isn't ssh a drop-in replacement for rsh? The reason for using rsh instead of ssh is that it's a computing cluster. Host B is the master node and access point to the cluster, and host C is any one of the computing nodes. The cluster resources are managed by the Sun Grid Engine (SGE) and so users obtain the computing resources using the SGE interface. SGE under the cover uses rsh. I could search and see if it would possible to configure SGE so that it uses ssh instead of rsh, but then, you should take in accounting the cpu overhead of using ssh (encryption/decryption), so unnecessarily using cpu time, as the cluster is all in a private network. > >>> now, I need to connect from host A to host B with: >>> A$ ssh -Y B (-Y or -X, to create a X tunnel) >>> and then from host B to host C with: >>> B$ rsh C >>> and on host C I need to run an X client like: >>> C$ xterm >>> >>> Now, I would like the users not to have to set the >>> DISPLAY env var on host C, as they tend to forget >>> and also some user's X server don't accept plain >>> X connections.. >>> >>> Is there a way that I could configure host B to somehow >>> expose to host C the X tunnel to host A? > > Automatically? No. > You can however use ssh to create generic TCP tunnels, using > -R and -L. But this is much more complicated than remembering > a DISPLAY variable. Right. Also, it requires users to specify a port on host B, and then the chosen port could already be taken, so returning an error.. Too much hassle.. > >>> From host >>> B I have access to the users' homes on host C and I could >>> place there some script to set the DISPLAY env var on user >>> login. >>> >>> B$ echo $DISPLAY >>> on host B gives back something like localhost:16.0, >>> but if on host C I enter: >>> C$ export DISPLAY=B:16.0 >>> C$ xterm >>> it doesn't work.. probably host C doesn't expose a >>> network socket but maybe a unix socket for the X tunnel.. > > This is probably because the listener (which proxies X11 to > host A) is bound to localhost(127.0.0.1) and not B(12.23.34.45). > You can overcome this, using manual forwarding(-R & -L). > > HOST_A# ssh -R '*:6010:127.0.0.1:6000' HOST_B # create a listener > on HOST_B listening on all interfaces and TCP port 6010 > and tunnel everything from there to HOST_A's 127.0.0.1 6000 This is a possible solution, but as stated above, it requires the user to specify the port number (6010 in the example above).. Also, it requires GatewayPorts = yes in sshd_config.. Humm.. it's a pity that ssh -Y or -X will only listen on the loopback interface, but for sure there are good reasons it is done that way. Thank you again and best regards. Robi > > Then every host which can connect to HOST_B can connect to HOST_A > X11 server. Using generic TCP port forwarding through ssh to forward > X11 has an other minus. You have to handle yourself the X11 > authorization(xauth, XAUTHORITY and friends) > > You can of course use a second ssh session from HOST_B to HOST_C > to expose HOST_B's 127.0.0.1:6010 to HOST_C's 127.0.0.1:6010. > So, connecting from HOST_C to 127.0.0.1:6010 will be tunneled > to HOST_B's 127.0.0.1:6010, which will be tunneled to HOST_A's > 127.0.0.1:6000 were your X11 display lives. > > It's rather complicated, though... > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"