[Toshi]

hi all,

yes, i need help as i'm over my head.



ok, here's the scenario:

mycomputer <-- OS X machine, full access
myrouter <-- full access
[internet]
labgateway <-- no access
[internal school network]
mylabcomputer <-- running Red Hat (64-bit! woot), user-level access but not root

what connections can i make?

i can ssh from the lab computer to the outside world, including directly to my OS X machine. i canNOT ssh from the outside world directly to the lab machine (i can ssh to it from within the lab, however).

what do i want to do?

my work is in Matlab on the lab computer. i want to work from home in a secure fashion. this means no vnc for the time being: i want to forward X over ssh.

what have i tried?

the obvious solution would be to use the -X flag with ssh, no? yeah, i thought that, too, but the syntax of -X is such that it's used when connecting from the computer on which you wish to display things (ie, my OS X machine) to the computer that will actually be running the app (ie, Matlab on the Linux lab machine).

so the net result is that ssh -X won't work directly...

unix admins, what should i do? is there a "reverse -X" flag or equivalent out there that would let me do what i wish to do directly?

am i better off running a ghetto vnc server on the linux machine restricted to connections from localhost and then doing a ssh reverse tunnel from the lab machine to my machine? (i think that'd work, but i might raise the ire of my lab admin, and it wouldn't handle my 4 virtual desktops at all.)

TIA.

 

[$tinkle]

here's what i do to get outside the firewall to the dev box & push display back:

edit your home machine's $HOME/.ssh/config to have these 2 entries:

Host [i][mylabcomputer][/i]
ProxyCommand /usr/local/bin/proxytunnel -q -p [b]ssh.[/b][i][internal school network][/i]:80 -u [i]<uname>[/i] -N -d [i][mylabcomputer's[b]IPaddy[/b]:22][/i]

then when you ssh into your [internal school network], you'll be prompted for passwd to match <uname> in your .ssh/config file


of course, you'll need stuff from here: http://proxytunnel.sourceforge.net/.

 

[Toshi]

thanks for the reply. the way i parse it, your solution would work if i had ssh access to [internal school network]. this is normally true for computers on the school network proper, but it isn't true for my lab: although i can ssh to the school's servers, i can't ssh from the school's servers directly to my lab machine.

 

[Toshi]

the only feasible long term solution will be to get a VPN setup, i think, but this just might work (suggested by our helpful C&C staff):

labmachine$ ssh -R 2222:localhost:22 homemachine

homemachine$ ssh -X -p 2222 localhost

it essentially was what i was trying to do but didn't quite grasp: i didn't realize you could use the reverse tunnel to tunnel ssh itself. i'd only ever tunneled vnc over it. awesomeness. (it seems to work at first look, too, in that i can get to the shell on the lab machine over the reverse tunnel from my home box. no idea if X forwarding will work, but i don't see why not...)

 

[$tinkle]

dood! that just might work. reminds me of when i used PuTTY to port fwd w/ winamp @ work so i could get streams.

also be aware some are configured to close inactive sessions, so consider adding another arg like KeepAliveInterval=30 (or something like that).

one more for the road: http://the.taoofmac.com/space/SSH/