gabriel rosenkoetter on Thu, 19 Dec 2002 06:30:33 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] ssh is a really beautiful tool...


... evidenced by the fact that this works:

  ssh -A host ssh 192.168.A.B cat foo

(modulo TERM settings; note that, for instance, Solaris probably
lacks a setting for "screen" and "linux" terminal types unless
you've bothered to set them up).

Even more remarkable, this, which used to fall flat on its face,
seems to work flawlessly with OpenSSH 3.4p1 and above (haven't
tested before, that's the minimum version on the path I'm using):

  ssh -f -A -X host ssh -f -X 192.168.A.B xterm

You probably don't have to do anything fancy with DISPLAY to make
this work. It Just Works for me, provided I allow X forwarding
throughout. The -f's get me my current terminal back (nearly
immediately, long before the xterm opens).

Note that the 192.168/16 host is completely behind a firewall,
wholly unaccessible even if I could address it. "host" has only port
22 available via a stateful (Cisco) firewall.

Now, it may be self-evident that something like this should work,
based on the advertising for agent and X forwarding and tunnels in
the SECSH protocol, but think about all the ways in which it *could*
have failed.

Yes, you could construct a full VPN based on this, never touching
either IPSec or SSL. And you wouldn't need any special access to
networking hardware (or, really, any special networking hardware at
all, provided you weren't especially interested in speed).

-- 
gabriel rosenkoetter
gr@eclipsed.net

Attachment: pgp0PHhkwmHU7.pgp
Description: PGP signature