HPE Community
Operating System - OpenVMS
1825771 Members
2179 Online
109687 Solutions
New Discussion

Tunneling X11 via ssh : what to put into access rules for the server?

 
Jansen_8
Regular Advisor

‎11-26-2009 06:50 AM

‎11-26-2009 06:50 AM

Tunneling X11 via ssh : what to put into access rules for the server?

Hi

I have 2 VMS Alpha (8.3) systems separated by a firewall and many access restrictions on the network.

One acts as X-Server the other is an X-client
To display application on the server I give the following commands on the client:

$ ssh -"L" 6000:client.nl:6000 client.nl
(and logon)
$ set display/crea/node=loaclhost/disp/transp=tcpip

Than I have to fill something into the access securuity of the X-server. I have no idea what to fill in. I tried already both host-names and local host. The only thing that seems to work is allowing all incoming TCPIP X11 requests.
But that is ofcourse not very secure.
1) What should be the proper node-name in this case?
or
2) How can I find out who with what protocol makes connection to my X-server?

Jouk
0 Kudos
7 REPLIES 7
Hoff
Honored Contributor

‎11-26-2009 06:54 AM

‎11-26-2009 06:54 AM

Re: Tunneling X11 via ssh : what to put into access rules for the server?

Here's how to do this from Mac OS X and other boxes, and including (since you're looking to ssh between OpenVMS boxes) the rather bizarre ssh syntax used on OpenVMS:

http://labs.hoffmanlabs.com/node/134

0 Kudos
Jansen_8
Regular Advisor

‎11-26-2009 06:58 AM

‎11-26-2009 06:58 AM

Re: Tunneling X11 via ssh : what to put into access rules for the server?

The normal ssh-tunneling is not going to work since I do not have "direct" ssh access to the client machine. So I have to tunnel port 6000 over ssh back to the server.
0 Kudos
Hoff
Honored Contributor

‎11-26-2009 07:15 AM

‎11-26-2009 07:15 AM

Re: Tunneling X11 via ssh : what to put into access rules for the server?

May I presume you have tried the "+X" as described in the referenced web page?
0 Kudos
Steven Schweda
Honored Contributor

‎11-26-2009 07:26 AM

‎11-26-2009 07:26 AM

Re: Tunneling X11 via ssh : what to put into access rules for the server?

> I tried already both host-names and local
> host.

What, exactly, did you try? ("*" for the
user?)

> 2)

Perhaps: TCPIP HELP SHOW DEVICE

Knowing actual names and/or IP addresses
might be helpful, too.
0 Kudos
Jansen_8
Regular Advisor

‎11-26-2009 10:58 PM

‎11-26-2009 10:58 PM

Re: Tunneling X11 via ssh : what to put into access rules for the server?

Some more explanation. The X-client is on a Vlan reacheable via OpenVPN only. Since OpenVPN does not run on OpenVMS I have to set up a connection via another host. In that case the +x (VMS) or -X/-Y (linux) does not work since the VMS machine thinks the trafic comes from the intermediate host.
The X-server is in a VLAN that does not allow incoming trafic on port 6000.

In the X-server security every thing works if I fill in
node=* User=* Transport=TCPIP

What does not work is
localhost,*,TCPIP
client.nl,*,TCPIP
server.nl,*,TCPIP

So I have no idea what the I should fill in for the node.

0 Kudos
Edwin Gersbach_2
Valued Contributor

‎11-26-2009 11:53 PM

‎11-26-2009 11:53 PM

Re: Tunneling X11 via ssh : what to put into access rules for the server?

It's been a while since I used this last, but shouldn't the x-server have the details of the failed connection attempt in a log or error file?
0 Kudos
Jansen_8
Regular Advisor

‎11-27-2009 03:15 AM

‎11-27-2009 03:15 AM

Re: Tunneling X11 via ssh : what to put into access rules for the server?

Thanks for all the replies. I finally found out that I had to insert the IP-name of the localhost WITHOUT the domain. That made it work

It would have been better to "translate" all the names in case of TCPIP to the ip-number.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.