'ssh -X' doesn't seem to work, any alternative ways to do the same?
I'm currently away from home and I'm trying to get a GUI application running on a machine at home with the display here in N. Wales. Normally I would connect from the remote location using 'ssh -X' so that the DISPLAY environment variable would be set up to work through the ssh 'pipe' and a GUI app run on the remote machine (at my house) would use the display on the machine where I'm sitting currently (in North Wales). For some reason (possibly security on intermediate machines, this isn't a single hop ssh connection) the -X parameter in ssh isn't working for me in this case so I'm looking for alternatives. Can anyone suggest alternative ways of achieving my goal? The *real* aim is to allow me to get at my router configuration from here in Wales so I can change it to allow direct ssh access from this IP address. The router's web configuration uses so much bad/arcane javascript that you can't access it using lynx/links/w3m and the telnet access to its configuration is far too difficult to attempt to use remotely, the chances of screwing it up so that access is completely denied are very high. I have full root access to the server machine at home if necessary so can install/configure stuff as necessary, similarly at this end I'm running Linux on the laptop I'm using and can do whatever's needed. Thanks for any help and suggestions. -- Chris Green
On Wed, 6 Oct 2010, Chris G wrote:
I'm currently away from home and I'm trying to get a GUI application running on a machine at home with the display here in N. Wales.
Normally I would connect from the remote location using 'ssh -X' so that the DISPLAY environment variable would be set up to work through the ssh 'pipe' and a GUI app run on the remote machine (at my house) would use the display on the machine where I'm sitting currently (in North Wales).
Is the GUI application in question Firefox? Is there already an instance of Firefox running on the ssh client machine? Do you find that a mysterious extra tab opens in this already-running Firefox when you try to run Firefox on the ssh server? If the answers to all three of these are "yes", then you're suffering from Firefox trying to be too clever: Firefox on the ssh server contacts the X server on the ssh client machine, and asks it if another X client with the same name (i.e. "firefox") is already running. If so, then Firefox on the ssh server machine sends a request to Firefox on the ssh client machine to open a new tab, then exits. There are three possible solutions to this: - Give Firefox on the ssh server a different name, using the -a command line option, e.g. firefox -a weirdname - Suppress all this X question-asking and requesting for one session by giving the -Y option to ssh ssh -Y yourserver - Forbid all this X question-asking and requesting permanently by rebuilding xorg-server on the ssh client machine with the xc_security compile-time option. -- HTH, Dan
On Wed, Oct 06, 2010 at 11:38:33AM +0100, Dan wrote:
On Wed, 6 Oct 2010, Chris G wrote:
I'm currently away from home and I'm trying to get a GUI application running on a machine at home with the display here in N. Wales.
Normally I would connect from the remote location using 'ssh -X' so that the DISPLAY environment variable would be set up to work through the ssh 'pipe' and a GUI app run on the remote machine (at my house) would use the display on the machine where I'm sitting currently (in North Wales).
Is the GUI application in question Firefox?
Is there already an instance of Firefox running on the ssh client machine?
Do you find that a mysterious extra tab opens in this already-running Firefox when you try to run Firefox on the ssh server?
If the answers to all three of these are "yes", then you're suffering from Firefox trying to be too clever: Firefox on the ssh server contacts the X server on the ssh client machine, and asks it if another X client with the same name (i.e. "firefox") is already running. If so, then Firefox on the ssh server machine sends a request to Firefox on the ssh client machine to open a new tab, then exits.
There are three possible solutions to this:
- Give Firefox on the ssh server a different name, using the -a command line option, e.g. firefox -a weirdname
- Suppress all this X question-asking and requesting for one session by giving the -Y option to ssh ssh -Y yourserver
- Forbid all this X question-asking and requesting permanently by rebuilding xorg-server on the ssh client machine with the xc_security compile-time option.
I've come across this too-cleverness before in other situations but it's not my current problem. -- Chris Green
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/10/2010 11:05, Chris G wrote:
I'm currently away from home and I'm trying to get a GUI application running on a machine at home with the display here in N. Wales. Can anyone suggest alternative ways of achieving my goal? The *real* aim is to allow me to get at my router configuration from here in Wales so I can change it to allow direct ssh access from this IP address. The router's web configuration uses so much bad/arcane javascript that you can't access it using lynx/links/w3m and the telnet access to its configuration is far too difficult to attempt to use remotely, the chances of screwing it up so that access is completely denied are very high.
If it is a standard web application, and it's on a known port, you can set up an ssh tunnel to your home machine and then connect to a local port which is mapped to the remote port of some remote service - e.g.: ssh -L localport:your_router_ip_address:router_port user@your_ssh_host ssh -L 8081:10.1.1.254:80 me@myhomeserver.co.uk then point your local browser to "localhost:8081", which is tunneled over ssh to your home server and pops out and points to 10.1.1.254:80 on your home network. If the remote host you are ssh-ing to is the same as the host containing the webapp you're talking to, the remotehost can obviously be just 127.0.0.1. I use this sometimes to configure a Netgear router (at home) from work. Hth, Simon - -- ====================================================================== Simon Ransome http://nosher.net Photo RSS Feed: http://nosher.net/images/images.rss -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkysU/UACgkQ8tdcY+OcZZzk2wCfYuMSqp6jPvtfeH45foCPzZz/ 4ZQAnRRan+fwzwiQoRjJqk7HnyglNcLj =uDqM -----END PGP SIGNATURE-----
On Wed, Oct 06, 2010 at 11:48:21AM +0100, Simon Ransome wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/10/2010 11:05, Chris G wrote:
I'm currently away from home and I'm trying to get a GUI application running on a machine at home with the display here in N. Wales. Can anyone suggest alternative ways of achieving my goal? The *real* aim is to allow me to get at my router configuration from here in Wales so I can change it to allow direct ssh access from this IP address. The router's web configuration uses so much bad/arcane javascript that you can't access it using lynx/links/w3m and the telnet access to its configuration is far too difficult to attempt to use remotely, the chances of screwing it up so that access is completely denied are very high.
If it is a standard web application, and it's on a known port, you can set up an ssh tunnel to your home machine and then connect to a local port which is mapped to the remote port of some remote service - e.g.:
ssh -L localport:your_router_ip_address:router_port user@your_ssh_host
ssh -L 8081:10.1.1.254:80 me@myhomeserver.co.uk
then point your local browser to "localhost:8081", which is tunneled over ssh to your home server and pops out and points to 10.1.1.254:80 on your home network. If the remote host you are ssh-ing to is the same as the host containing the webapp you're talking to, the remotehost can obviously be just 127.0.0.1.
I use this sometimes to configure a Netgear router (at home) from work.
Yes, thanks, I've done exactly this before and it works perfectly. It's a bit messy to do in this case though as there is an intermediate hop for the ssh connection. I.e. to get to my home server I first ssh to an intermediate server and then to the home server. This is because the firewall at home only allows ssh connections from specific IP addresses. I have sorted it though, see my response to myself. -- Chris Green
On Wed, Oct 06, 2010 at 11:05:55AM +0100, Chris G wrote:
The *real* aim is to allow me to get at my router configuration from here in Wales so I can change it to allow direct ssh access from this IP address. The router's web configuration uses so much bad/arcane javascript that you can't access it using lynx/links/w3m and the telnet access to its configuration is far too difficult to attempt to use remotely, the chances of screwing it up so that access is completely denied are very high.
... a bit of lateral thinking (along with the ideas from here) has got me to a solution. Although ssh access to the router's firewall configuration is too arcane for safe use I *was* able to enable direct external https access to the router using the ssh interface and can now access it directly using firefox from here. I'll probably disable remote configuration access again now I have done what I want, it's easy enough to turn on and off as needed. -- Chris Green
On 06 Oct 11:05, Chris G wrote:
I'm currently away from home and I'm trying to get a GUI application running on a machine at home with the display here in N. Wales.
Normally I would connect from the remote location using 'ssh -X' so that the DISPLAY environment variable would be set up to work through the ssh 'pipe' and a GUI app run on the remote machine (at my house) would use the display on the machine where I'm sitting currently (in North Wales).
For some reason (possibly security on intermediate machines, this isn't a single hop ssh connection) the -X parameter in ssh isn't working for me in this case so I'm looking for alternatives.
Can anyone suggest alternative ways of achieving my goal?
How many hops? Have you got a key on the intermediaries (i.e. a password-less login)? If so, then add in your ~/.ssh/config: Host home-via-places ProxyCommand ssh user@intermediary-server.co.uk nc -q1 home.ip.add.ress 22 ForwardX11 yes And bob may well be your mothers brother when you do: ssh home-via-places HTH, HAND, -- Brett Parker http://www.sommitrealweird.co.uk/ PGP Fingerprint 1A9E C066 EDEE 6746 36CB BD7F 479E C24F 95C7 1D61
participants (4)
-
Brett Parker -
Chris G -
Dan -
Simon Ransome