Tunneling X11 without Xorg


Results 1 to 1 of 1

Thread: Tunneling X11 without Xorg

  1. 06-05-2012, 12:29 PM #1
    trilarian's Avatar
    trilarian
    trilarian is offline Debian Junkie
    Join Date
    Jul 2002
    Location
    New Orleans, LA USA
    Posts
    986

    [Resolved] Tunneling X11 without Xorg

    I'm curious if this particular setup is possible. I will have a remote Windows box connecting via putty to a Debian box that does not have X installed, then ssh -X into another Debian box on the LAN that does have X installed. Program invoked on that Debian box to be tunneled through the first Debian box and back to the Windows box running an X-Server like Xming.

    (Win7 - Xming) ---WAN--- (Debian #1 - no X) ---LAN--- (Debian #2 - X)

    So far the Putty to SSH works fine, and I've verified settings for Putty to successfully forward X with a direct connection. However, once I make the hop through the non-X box it fails with this error:

    Code:
    PuTTY X11 proxy: MIT-MAGIC-COOKIE-1 data did not match Cannot open display "localhost:10.0"
    I assumed X wouldn't be needed on the middle box as it is just forwarding X11 packets tunneled in SSH.

    The short version is I have a text only firewall/router setup between my LAN and WAN ISP. Almost all ports are blocked and I rely on tunneling to gain access past this box from a remote source. I'd prefer not to slow it down with a X server.

    EDIT =>

    To follow up a bit, I thought maybe this cookie issue could be resolved similar to when you switch to a different user, however it still did not help.

    On the firewall/router:

    Code:
    trilarian@Debian-Firewall ~ $ xauth list
Debian-Firewall/unix:10  MIT-MAGIC-COOKIE-1  xxx
    On the desktop that is SSH into via the firewall:

    Code:
    trilarian@Debian-Desktop ~ $ xuath add Debian-Firewall/unix:10  MIT-MAGIC-COOKIE-1  xxx
trilarian@Debian-Desktop ~ $ export DISPLAY=localhost:10.0
trilarian@Debian-Desktop ~ $ xcalc
    Still get the same error:

    Code:
    PuTTY X11 proxy: MIT-MAGIC-COOKIE-1 data did not match Error: Can't open display: localhost:10.0
    Resolved Edit:

    I resolved this with port forwarding to allow only one cookie to be generated so there wasn't a mismatch anymore. SSH (putty) to firewall with a port forward of a non-used port local to remote LAN IP of host on SSH port with X11 forward OFF (turned off in sshd config file on firewall too). Open second SSH (putty) and connect to localhost:xxxx where xxxx is the port I chose and X11 on.
    Last edited by trilarian; 06-07-2012 at 11:18 AM.
    "Whenever you find yourself on the side of the majority, it's time to pause and reflect."

    -Mark Twain
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules