![]() Useful command-line options for the commands discussed above: ![]() If opening a privileged port for listening on a remote system, the “PermitRootLogin” the directive must be set to either “yes” or “without-password”. If setting up a TCP-forwarding listener on a privileged port (0 to 1023), this must be doneĪs root.It may be necessary to set “GatewayPorts” to “yes”. If setting up a TCP-forwarding listener on a non-loopback network interface,.Make sure that “AllowTcpForwarding” is enabled (set to “yes”).(using the -R option)ssh -R ssh -R :80:localhost:80 few quick notes on sshd_config directives: (using the -L option)ssh -L -L 8080:localhost:80 -L a remote TCP port to a local TCP port: ![]() Here are some examples of SSH commands that probably look quite familiar:įorwarding a local TCP port to a remote TCP port: Many of us are quite familiar with the setup of SSH tunnels using the “-L” and “-R” options to do TCP port-forwarding - to access a web server behind a NAT and/or firewall, to connect to a MySQL or Oracle database that isn’t directly reachable, or to make a desktop workstation at the office reachable via SSH through a bastion host which is SSH-reachable. I still believe setting up a VNC server and client will give you better result.By Bill Brassfield – Dev Ops Technical Consultantįirst, a review of simple TCP SSH tunnels: I still suspect most X programs will exit when their connection to the server closes. If you do 1, 2 and 3, you should be able to forward X11 connections while using neither -X nor -Y. Handling the X-authority is probably the trickiest, and I do not know how to do it, but I suspect it can be done. You can (probably?) manually adjust the X-authority settings somehow. You can manually forward any port using -R. Some form of handling X-authority requirementsĪll three of these can be done manually.So X11 forwarding over SSH probably involves 3 elements: I believe you can run a VNC server on a "virtual" display (meaning you will only be able to see that display if you connect with a VNC client), but I have never done this. You can tunnel the VNC connection securely with SSH. If you want to run persistent X programs, look at running a VNC server, and connecting to it with a VNC client. In any case, if the socket closes (due to an SSH connection ending), any programs running on that socket may quit and exit. (BTW, ssh -Y may be more secure than ssh -X, but it has been a long time since I used either.) (I'm not sure if this is true of ssh-forwarded X connections, but it may be.) So you could move any socket to any other path, and it would still work. ![]() For example: /tmp/.X11-unix/X0 is display :0 On Linux (or at least on Ubuntu), displays are just sockets in /tmp/.X11-unix/. But it needs to occupy two ports: the one assigned by ssh -X and the one that you want to use.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |