Just to point out the obvious, does the ssh server have it set? In the /etc/ssh/sshd_config file, there shoud be a line "X11Forwarding yes" w/o the quotes and in the f /etc/ssh/ssh_config file on Crystaldragon, there should be a line "ForwardX11 yes" w/o quotes in the in the Host * section or under a special host section for chrystal dragon. Then you don't have to add the -X to your command. Just try that and see. Bryce C. Network Administrator CoBryce Communications Bryce @ BryceCo . Net On 10 Apr 2002 13:48:53 -0700, der.hans wrote: > Am 10. Apr, 2002 schwätzte Thomas Mondoshawan Tate so: > > > Unfortunately, no it doesn't. I'm guessing it has to have this to provide > > X11 connection forwarding, right? > > xauth is required for X services over ssh. It's what provides the > authentication for X. Actually, I heard of a possiblity to use a different > auth service for X, but it still requires stuff to be installed, so use > xauth :). > > > What I'm trying to do is forward an X client connection through two > > firewalls to my internal box. Eg: > > > > Crystaldragon -> Tank (firewall) -> { I-net } -> Thing (firewall) -> Nadesico > > > > Both Tank and Thing are Linux servers/firewalls. I'm sitting at > > Crystaldragon and want an xterm run on Nadesico to appear here. My guess is > > if SSH requires xauth to be present, then I can't do this via the X11 > > forwarding option. How, then, is it possible to do this forwarding securely? > > Is it possible to setup a pair of SSH tunnels running on Tank and Thing that > > forwards incoming connections from Nadesico to Crystal? > > Make sure xauth is installed everywhere. It's not a security issue for the > firewalls, so no reason not to have it. > > Another possibility might be to put up an ssh tunnel or other vpn type of > thing between the two firewalls. Then Crystaldragon and Nadesico would have > a 'local' connection. > > You could also do ssh tunneling for port 6000, but that seems like a strange > way to go. > > ciao, > > der.hans > -- > # This line intentionally left blank. > # We now return you to your regularly scheduled paranoia... > > ________________________________________________ > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >