I don't know if this is a bug or a limitation in ssh2 but I am unable to get get an xdm (or gdm) login on my machine at home through an ssh tunnel through our firewall at work. Should this be possible using ssh port forwarding? Please reply to me at: rwk at americom.com Thanks, Dick
rwk at americom.com wrote:> I don't know if this is a bug or a limitation in ssh2 but I am unable to > get get an xdm (or gdm) login on my machine at home through an ssh > tunnel through our firewall at work. > > Should this be possible using ssh port forwarding?No. Xdcmp is UDP based. See: http://tldp.org/HOWTO/XDMCP-HOWTO/procedure.html#SECURITY which says, in part, "Unfortunately, XDMCP uses UDP, not TCP, therefore, it is not natively able to use it with SSH." -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Wed, 2002-09-04 at 22:42, Darren Tucker wrote:> No. Xdcmp is UDP based. See: > http://tldp.org/HOWTO/XDMCP-HOWTO/procedure.html#SECURITY which says, in > part, "Unfortunately, XDMCP uses UDP, not TCP, therefore, it is not > natively able to use it with SSH."There is no standard way to forward UDP over a SSH connection. Even if there was, it would be pretty easy to spoof packets perhaps even packets to localhost (depending on the OS). -d
Is anyone aware of any other (non-ssh) way to run a gdm connection through a firewall?> On Wed, 2002-09-04 at 22:42, Darren Tucker wrote: > > No. Xdcmp is UDP based. See: > > http://tldp.org/HOWTO/XDMCP-HOWTO/procedure.html#SECURITY which says, in > > part, "Unfortunately, XDMCP uses UDP, not TCP, therefore, it is not > > natively able to use it with SSH." > > There is no standard way to forward UDP over a SSH connection. Even if > there was, it would be pretty easy to spoof packets perhaps even packets > to localhost (depending on the OS). > > -d >
Yo rwk! Why bother? You are already authenticated and logged in. Just double check that the ssh connection has X tunneling up and that DISPLAY var is set to use the SSH tunnel. Then just run the app of your choice on the remote end and the local window manager. If you really must run a remote window manager, then start windows on you local host without a window manager, then ssh over to the remote, be sure DISPLAY is set and working, then start the remote window manager. In most cases running a remote window manager will confuse people to distraction. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem at rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676 On 4 Sep 2002 rwk at americom.com wrote:> Is anyone aware of any other (non-ssh) way to run a gdm connection through > a firewall? > > > On Wed, 2002-09-04 at 22:42, Darren Tucker wrote: > > > No. Xdcmp is UDP based. See: > > > http://tldp.org/HOWTO/XDMCP-HOWTO/procedure.html#SECURITY which says, in > > > part, "Unfortunately, XDMCP uses UDP, not TCP, therefore, it is not > > > natively able to use it with SSH." > > > > There is no standard way to forward UDP over a SSH connection. Even if > > there was, it would be pretty easy to spoof packets perhaps even packets > > to localhost (depending on the OS). > > > > -d > > > _______________________________________________ > openssh-unix-dev at mindrot.org mailing list > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev >
OK, I'll chip in with my 2 cents. I recommend looking into a software package called vnc. There are two parts, a server and a client. The server runs on your unix box, and there is a client for your PC that runs under windows. The server on the unix side is a modified X server. When the client connects to it, it's exactly like logging in to the unix machine, and the client (your PC) opens a window that is an exact copy of what you would see if you were logging in at the unix console. When you login, you'll get the gnome toolbar, the window manager, and everything else. Incidently, there are windows versions of the server, and unix (and java) versions of the client, making it possible to export unix and windows sessions to just about anywhere. There are many nice things about vnc. For example, the client stores no information about the state of the session. You can be using it in one location, disconnect and go somewhere else, and reconnect to the same session. It's also fairly intelligent about how the client and server communicate to minimize I/O. The PC client is small, and fits on a floppy. You don't need Xserver software on the PC. What vnc lacks is encryption. However, it's tcp based, and you can use ssh port forwarding to tunnel an encrypted connection through a firewall (Hence any relevence to this group...) Vnc has some kind of challenge-response password to protect your sessions, but I don't really know how secure the server is; you're own your own there. If it sounds interesting, surf to http://www.uk.research.att.com/vnc/ for more information. David Potterveld Argonne National Laboratory