From owner-freebsd-questions@FreeBSD.ORG Fri Aug 22 10:11:01 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C2F41106566C for ; Fri, 22 Aug 2008 10:11:01 +0000 (UTC) (envelope-from roberto.nunnari@supsi.ch) Received: from ti-edu.ch (posta.ti-edu.ch [195.176.176.171]) by mx1.freebsd.org (Postfix) with ESMTP id 2D3828FC14 for ; Fri, 22 Aug 2008 10:11:00 +0000 (UTC) (envelope-from roberto.nunnari@supsi.ch) X-Virus-Scanned: by cgpav Received: from [193.5.152.27] (HELO [127.0.0.1]) by ti-edu.ch (CommuniGate Pro SMTP 5.2.5) with ESMTP id 27670210; Fri, 22 Aug 2008 12:10:57 +0200 Message-ID: <48AE9095.4030904@supsi.ch> Date: Fri, 22 Aug 2008 12:10:29 +0200 From: Roberto Nunnari User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) MIME-Version: 1.0 To: Nikos Vassiliadis References: <48AADA2A.10803@supsi.ch> <48AD1125.6030509@supsi.ch> <200808211149.59449.nvass@teledomenet.gr> <48AE8DC0.1050603@supsi.ch> In-Reply-To: <48AE8DC0.1050603@supsi.ch> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: X11 tunnel over ssh and then rsh X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Aug 2008 10:11:01 -0000 Roberto Nunnari wrote: > Hello Nikos. > > Thank you for your reply. > See my comments below. > > > Nikos Vassiliadis wrote: >> On Thursday 21 August 2008 09:54:29 Roberto Nunnari wrote: >>> Anybody on this, please? >>> >>> Roberto Nunnari wrote: >>>> Hello list. >>>> >>>> I have this scenario >>>> >>>> 1) host A with X server >>>> 2) host B with ssh server but without X server >>>> 3) host C with rsh server and X client programs but without X server >>>> (on host C there's also an ssh server, but in our case, users >>>> have to use rsh) >> >> Why rsh? Isn't ssh a drop-in replacement for rsh? > > The reason for using rsh instead of ssh is that > it's a computing cluster. Host B is the master node > and access point to the cluster, and host C is any > one of the computing nodes. The cluster resources are > managed by the Sun Grid Engine (SGE) and so users > obtain the computing resources using the SGE interface. > SGE under the cover uses rsh. I could search and see if it would > possible to configure SGE so that it uses ssh instead of rsh, > but then, you should take in accounting the cpu overhead of > using ssh (encryption/decryption), so unnecessarily using cpu > time, as the cluster is all in a private network. > > >> >>>> now, I need to connect from host A to host B with: >>>> A$ ssh -Y B (-Y or -X, to create a X tunnel) >>>> and then from host B to host C with: >>>> B$ rsh C >>>> and on host C I need to run an X client like: >>>> C$ xterm >>>> >>>> Now, I would like the users not to have to set the >>>> DISPLAY env var on host C, as they tend to forget >>>> and also some user's X server don't accept plain >>>> X connections.. >>>> >>>> Is there a way that I could configure host B to somehow >>>> expose to host C the X tunnel to host A? >> >> Automatically? No. >> You can however use ssh to create generic TCP tunnels, using >> -R and -L. But this is much more complicated than remembering >> a DISPLAY variable. Wait! I found a possible workaround.. it seams that setting X11UseLocalhost = no on sshd_config tell sshd to bind the X11 forwarding server to the wildcard address.. > > Right. Also, it requires users to specify a port on host B, > and then the chosen port could already be taken, so returning > an error.. > Too much hassle.. > >> >>>> From host B I have access to the users' homes on host C and I could >>>> place there some script to set the DISPLAY env var on user >>>> login. >>>> >>>> B$ echo $DISPLAY >>>> on host B gives back something like localhost:16.0, >>>> but if on host C I enter: >>>> C$ export DISPLAY=B:16.0 >>>> C$ xterm >>>> it doesn't work.. probably host C doesn't expose a >>>> network socket but maybe a unix socket for the X tunnel.. >> >> This is probably because the listener (which proxies X11 to >> host A) is bound to localhost(127.0.0.1) and not B(12.23.34.45). >> You can overcome this, using manual forwarding(-R & -L). >> >> HOST_A# ssh -R '*:6010:127.0.0.1:6000' HOST_B # create a listener >> on HOST_B listening on all interfaces and TCP port 6010 >> and tunnel everything from there to HOST_A's 127.0.0.1 6000 > > This is a possible solution, but as stated above, it requires the > user to specify the port number (6010 in the example above).. > Also, it requires GatewayPorts = yes in sshd_config.. > > Humm.. it's a pity that ssh -Y or -X will only listen on the > loopback interface, but for sure there are good reasons it > is done that way. > > Thank you again and best regards. > Robi > >> >> Then every host which can connect to HOST_B can connect to HOST_A >> X11 server. Using generic TCP port forwarding through ssh to forward >> X11 has an other minus. You have to handle yourself the X11 >> authorization(xauth, XAUTHORITY and friends) >> >> You can of course use a second ssh session from HOST_B to HOST_C >> to expose HOST_B's 127.0.0.1:6010 to HOST_C's 127.0.0.1:6010. >> So, connecting from HOST_C to 127.0.0.1:6010 will be tunneled >> to HOST_B's 127.0.0.1:6010, which will be tunneled to HOST_A's >> 127.0.0.1:6000 were your X11 display lives. >> >> It's rather complicated, though... >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"