HPE Community
Operating System - HP-UX
1826417 Members
3734 Online
109692 Solutions
New Discussion

Re: Cannot Tunnel with HP-SSH (A.03.10)

 
SOLVED
Go to solution
Daniel Simard
Frequent Advisor

‎04-03-2003 06:57 AM

‎04-03-2003 06:57 AM

Cannot Tunnel with HP-SSH (A.03.10)

Hp's version of Secure Shell (A.03.10)

It seems like I cannot tunnel back CDE. The os version is 11.11. I use Exceed version 7.0

Here is what i'm trying to do exactly.

I have installed HP's latest SSH product. I have downloaded putty and also have at my disposal
(F-Secure's SSH Client). Currently, both allow me to connect to the server.

Problem is in both occasions, I cannot tunnel CDE. After making sure that the clients have Tunneling enabled, I log in as myself, make sure the DISPLAY is host:10.0 and start Xsession(/usr/dt/bin/Xsession &). It works on other servers that have F-Secure's SSH server installed but as of right now, I can't get the HP-SSH server working.

Do you know if there are any additional configuration to do ?

Thanks,
Si tu n'as pas ce que tu aimes, aimes ce que tu as.
0 Kudos
Reply
7 REPLIES 7
Colin Topliss
Esteemed Contributor

‎04-03-2003 07:05 AM

‎04-03-2003 07:05 AM

Solution

Re: Cannot Tunnel with HP-SSH (A.03.10)

Thats because Exceed is using XDMCP to make its connection to the CDE server (using the normal ports). It doen't tunnel traffic over the SSH link because it doesn't know anything about it or the SSH protocol.
Reply
Donny Jekels
Respected Contributor

‎04-03-2003 07:07 AM

‎04-03-2003 07:07 AM

Re: Cannot Tunnel with HP-SSH (A.03.10)

do you access your compnay through a VPN system?

if so, verify the udp port for X11 traffic is not blocked on the VPN gateway's firewall.

not sure what the port is off hand.
"Vision, is the art of seeing the invisible"
Reply
Donny Jekels
Respected Contributor

‎04-03-2003 07:11 AM

‎04-03-2003 07:11 AM

Re: Cannot Tunnel with HP-SSH (A.03.10)

Colin,

I use Reflection X through SSH F-Secure through a VPN connection to the bank.
Since exceed and reflectionX, camelion and other X-windows apps are the same and they all uses XDMCP.

We had the same issue, and it resulted in the UDP port being opened on the VPN Gateways Firewall.

my 2 cents
"Vision, is the art of seeing the invisible"
Reply
Daniel Simard
Frequent Advisor

‎04-03-2003 07:13 AM

‎04-03-2003 07:13 AM

Re: Cannot Tunnel with HP-SSH (A.03.10)

Guys,
I forgot to mention that I have 40 servers. 39 of them have F-Secure SSH installed and they work fine with Exceed 7.0


The one that has HP-SSH seems not to work. I wonder if it's a problem with the configuration for HP-SSH.
Si tu n'as pas ce que tu aimes, aimes ce que tu as.
0 Kudos
Reply
Donny Jekels
Respected Contributor

‎04-03-2003 07:23 AM

‎04-03-2003 07:23 AM

Re: Cannot Tunnel with HP-SSH (A.03.10)

check out this tread.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x1c4f28c64656d71190080090279cd0f9,00.html

peace
Donny
"Vision, is the art of seeing the invisible"
Reply
Colin Topliss
Esteemed Contributor

‎04-03-2003 07:25 AM

‎04-03-2003 07:25 AM

Re: Cannot Tunnel with HP-SSH (A.03.10)

Donny,

Ahh, but therein lies the problem. XDMCP goes over udp, not tcp. Your X-traffic I think you'll find is therefore not actually being tunnelled over the SSH connection, but back over UDP through the ports opened on your firewall. When you set your display, what do you set it to? Your local IP address, your VPN address, or your session address? You may find that these are different (I'd have to check SSH over VPN to be 100% sure though).

Exceed only supports tunnelling X sessions over SSH with the security pack option (see http://mimage.hummingbird.com/alt_content/binary/pdf/collateral/ds/securitypack_ds.pdf).


Daniel - check your X-forwarding settings. I've seen some mention somewhere that this can cause problems. Though I'm a bit bemused that the other systems work (not sure why unless these systems are all on the same network, hence the issues caused by firewalls are inconsequential because your Xtraffic doesn't traverse any)!
Reply
Donny Jekels
Respected Contributor

‎04-03-2003 07:42 AM

‎04-03-2003 07:42 AM

Re: Cannot Tunnel with HP-SSH (A.03.10)

Colin,

In my .profile I read my dhcp address obtained from the VPN gateway, then set the DISPLAY var with that address.

who -Rm
then I do a nslookup on the name.
I use that IP as the display.

thanx for the link to exceed.
Donny
"Vision, is the art of seeing the invisible"
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.