gabriel rosenkoetter on Thu, 19 Dec 2002 06:30:33 -0500 |
... evidenced by the fact that this works: ssh -A host ssh 192.168.A.B cat foo (modulo TERM settings; note that, for instance, Solaris probably lacks a setting for "screen" and "linux" terminal types unless you've bothered to set them up). Even more remarkable, this, which used to fall flat on its face, seems to work flawlessly with OpenSSH 3.4p1 and above (haven't tested before, that's the minimum version on the path I'm using): ssh -f -A -X host ssh -f -X 192.168.A.B xterm You probably don't have to do anything fancy with DISPLAY to make this work. It Just Works for me, provided I allow X forwarding throughout. The -f's get me my current terminal back (nearly immediately, long before the xterm opens). Note that the 192.168/16 host is completely behind a firewall, wholly unaccessible even if I could address it. "host" has only port 22 available via a stateful (Cisco) firewall. Now, it may be self-evident that something like this should work, based on the advertising for agent and X forwarding and tunnels in the SECSH protocol, but think about all the ways in which it *could* have failed. Yes, you could construct a full VPN based on this, never touching either IPSec or SSL. And you wouldn't need any special access to networking hardware (or, really, any special networking hardware at all, provided you weren't especially interested in speed). -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgp0PHhkwmHU7.pgp
|
|