[CLUE-Cert] SSH forwarding
Dave Anselmi
anselmi at americanisp.net
Thu Nov 1 09:56:53 MST 2001
Sean LeBlanc wrote:
> There is one other detail that is in the sshd_config
> file. There is a line that reads:
>
> X11Forwarding yes
Yes, this is a shortcut for the X specific case. It appears to create a forwarding
channel and then set the DISPLAY so that X apps will do the right thing. As the TTSSH
docs say, "it just works".
I'm not too familiar with the X protocol, so it isn't obvious how the chaining works.
But as you say, it apparently does. Do you have to keep the ssh session up the whole
time you are using kmail? As Lynn says, you could check the DISPLAY setting to confirm
that it is coming over the ssh channel, but it might be tricky to look at the one on the
middle box.
More than X forwarding, I was interested in port forwarding generally. I have a little
better handle on it after reading many poorly written howtos (the authentication gateway
one is particularly bad - it assumes that you know the authors objective and network
architecture).
I was especially interested in the VPN howto. It looks like setting that up is still
cumbersome - not for the faint of heart or those who haven't read at least the NET
howto. The docs I've seen don't address the details of multihoming (for a single
machine) or maintaining both internal and external DNS tables (for gateway machines).
But I guess with enough time to experiment we could figure it out.
Dave
More information about the clue-cert
mailing list