• RELEVANCY SCORE 3.82

    DB:3.82:[Solved] Can You Start X Server From Ssh (Not X Forwarding) kd





    Hi folks,

    Lets say my computer at home just rebooted.I can boot it up again with WOL.Login to it over SSH from a remote site.I have proccesses I need to start, but they require X-server to run.

    Is it possible to start X over SSH?

    This is not a question regarding X forwarding over ssh.This is not a question on Remote Desktop.

    Thanks

    Last edited by odp (2014-02-07 09:35:53)

    DB:3.82:[Solved] Can You Start X Server From Ssh (Not X Forwarding) kd


    I wonder why VNC got introduced into this post?

    Trillby, I guess because I did not use startx

    Thanks!

  • RELEVANCY SCORE 3.68

    DB:3.68:Re: Ssh -X But No X11 Forwarding dz




    any ssh updates in the past 8 months (config wise or bin/lib wise)?

    DB:3.68:Re: Ssh -X But No X11 Forwarding dz

    Alan_Feldstein wrote:
    does not apply. I don't have any 126133 patch installed on jesus. (fonzie and jesus are both SPARC computers, for the record.)Your choices for naming are quite interesting.

  • RELEVANCY SCORE 3.56

    DB:3.56:Ssh Forwarding Port jk





    Is it possible to change the ssh 22 --800 port on a cisco switch?

    DB:3.56:Ssh Forwarding Port jk


    Complete these steps to configure Secure Shell (SSH) to the PIX Firewall:

    Before a connection to the PIX is made through SSH, these prerequisites must be met:

    The PIX must run version 5.2 or later.

    The PIX must have a VPN Data Encryption Standard (DES) license, as indicated in the output of the show version command.

    Note: Refer to Product License Registration in order to request a DES license.

    Once all requirements are met, issue these commands on the PIX:

    hostname domain-name

    !--- Generate a key for the SSH encryption to use.

    ca generate rsa key 1024

    !--- Allow the desired host to connect to the PIX on the interface specified.

    ssh ip_address mask interface

    !--- Save your configuration.

    ca save all

    write memory

    This is an example:

    hostname mypix

    domain-name cisco.com

    ca generate rsa key 1024

    ssh 10.0.0.0 255.255.255.0 inside

    ca save all

    write memory

    Refer to the SSH - Inside or Outside section of How To Perform Authentication and Enabling on the Cisco Secure PIX Firewall (5.2 Through 6.2) for more information.

  • RELEVANCY SCORE 3.50

    DB:3.50:X Forwarding Vs Remote Display 3p


    Hello,
    I have a question about X forwarding. I was told that we can't X forwarding anymore, do to a security checklist.
    Example:

    cyberninja@server1# ssh -X server2

    So we have to use the DISPLAY variable now. I thought this was less secure?
    Example:

    cyberninja@server1# xhost + server2
    server1 being added to access control list
    cyberninja@server1# echo $DISPLAY
    :1.0
    cyberninja@server1# ssh server2
    cyberninja@server2# export DISPLAY=server1:1.0
    cyberninja@server1# gedit #for example

    What gives, is this more or less secure the X forwarding? Is there a better way?

    Any info would be helpful
    Edit/Delete Message

    DB:3.50:X Forwarding Vs Remote Display 3p

    user5287726,
    Thank you for replying to my question. I thought I saw stuff on the internet about remote display, being less secure. For me to get an exception for X forwarding I would need to justify it to the security person. Do you know of any cve or other such valuerbility listing that shows the DISPLAY security issue.

  • RELEVANCY SCORE 3.48

    DB:3.48:Having Issues With Port Forwarding fa


    I'm trying to port forward port 22 to a local LAN IP address but make it accessible over the internet. For some reason whenever I port forward port 22 (external) and internal to my LAN IP Address, I can't SSH to the my IP provided by my internet service provider. In the logs it shows the following logs:

    [LAN access from remote] from x.x.x.x:51504 to 192.168.1.15:22, Wednesday, Jan 08,2014 19:34:01

    [Log Cleared] Wednesday, Jan 08,2014 19:33:47

    Why would the SSH attempt be changing the external source port every single time?

    DB:3.48:Having Issues With Port Forwarding fa

    Figured out the issue. In case someone else runs into this disable IGMP Proxying and it works fine.

  • RELEVANCY SCORE 3.43

    DB:3.43:Why Ssh Is Secured Over Telnet dc



    Why SSH is secured over telnet?

    Hi folks,

    Why telnet is not secured and why SSh is secured?

    DB:3.43:Why Ssh Is Secured Over Telnet dc


    Thankq

    Regards Thanveer "Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

  • RELEVANCY SCORE 3.39

    DB:3.39:Pvpn - Vpn Over Ssh j8



    There are several ways of setting up a Layer 3 or even Layer 2 VPN using OpenSSH. pvpn is a small wrapper around pppd and SSH to set up Layer 3 VPNs and route traffic through them.

    Typical use cases: quick-and-dirty access to a private network (for example setting up a regular reverse SSH tunnel out of a NAT:ed office network, and connect to it from home), or to encrypt your traffic on an open wireless network.

    Requirements

    pppd installed on both client and server

    ssh on client and sshd running on server

    root access on client and root login using authentication key on the SSH server

    For routing you also need

    iproute2

    IP forwarding and masquerading enabled

    Hopefully, the --help switch will tell you enough to use it:
    pvpn --help

    DB:3.39:Pvpn - Vpn Over Ssh j8


    Tried sshuttle? Doesnt need root on server.

  • RELEVANCY SCORE 3.38

    DB:3.38:Problem Running Gui Remotely d7


    I wrote this swing application that I am to run remotely. I can upload the code to an established SSH server and then I connect to it with x11 forwarding with putty and it runs just great.

    The problem is that I need to run it on my personal SSH server. I've had Cygwin's ssh daemon (sshd) working for some time now on my windows box. I have turned x11 forwarding on and I can test it by connecting to the machine remotely and running some X applications like xeyes and xclock. They work just fine.

    However, when I try running my swing application, it loads up just fine (I can see that it's done loading from the console debug messages I put in) but I see no window.

    I thought that maybe it was a problem because I was using swing, so I wrote a simple hello world awt frame program but the same exact thing happens.

    Anyone have any ideas why simple X applications work fine, but my java gui's don't work over x11?

    DB:3.38:Problem Running Gui Remotely d7

    I wrote this swing application that I am to run remotely. I can upload the code to an established SSH server and then I connect to it with x11 forwarding with putty and it runs just great.

    The problem is that I need to run it on my personal SSH server. I've had Cygwin's ssh daemon (sshd) working for some time now on my windows box. I have turned x11 forwarding on and I can test it by connecting to the machine remotely and running some X applications like xeyes and xclock. They work just fine.

    However, when I try running my swing application, it loads up just fine (I can see that it's done loading from the console debug messages I put in) but I see no window.

    I thought that maybe it was a problem because I was using swing, so I wrote a simple hello world awt frame program but the same exact thing happens.

    Anyone have any ideas why simple X applications work fine, but my java gui's don't work over x11?

  • RELEVANCY SCORE 3.37

    DB:3.37:Help With Nat In Vmware Instance k7



    Hi all,

    I'm trying to set up a virtual LAN within my vmware server, so I've set all my vmware instances to use NAT. I will have 4 operating system running on the system, and port forwarding will not be sufficient for accessing all the systems. Is it possible to do something like this?

    client ssh Host OS.

    then from the Host OS ssh session, start another ssh session to one of the virtual machines? I tried doing this, but the host OS can't find any of the 173.x ips

    Thanks,

    Todd

    DB:3.37:Help With Nat In Vmware Instance k7


    Why is the port forwarding not sufficient? You can forward multiple ports to the port 22 on different ips.

    You might decide on using native OS forwarding instead of the Vmware NAT forwarding for the performance reasons. Please see my white paper on

    http://www.vmweekly.com/articles/networking_in_vmware/1/

    As far as your question is concerned, can you ping one VM from the other? Are you sure ip connectivity is okay?

    -Andrei

  • RELEVANCY SCORE 3.36

    DB:3.36:Forwarding Login Screen Over Ssh p7


    Hi,

    I am trying to forward my Solaris login screen to my PC running an X server. I want to forward the login screen that says

    "Welcome to hostname

    Solaris

    Please enter your user name"

    How do I go about this? What is the file in Soalris that boots this screen on start up? I can forward a CDE session to my PC, but I dont want to do that. I need this login screen.

    Appreciate the help guys,

    David.

    DB:3.36:Forwarding Login Screen Over Ssh p7

    What X server are you running? Generally you just need to do an XDMCP query of the sun and its a good idea to use the sun as a font server also.

    When I'm using cygwin, I use this:

    X -query host -fp tcp/host:7100 -once

    --
    Darren

  • RELEVANCY SCORE 3.31

    DB:3.31:Problems W Remote Access Of Gnome Desktop fx


    I am using RHEL 5.8.

    From my desk
    I use the physical terminal to access the gnome desktop. Works great.

    When I am remote
    I connect to the corporate network over VPN. I access RHEL as follows:
    - I use the command line over ssh as much as possible. Works great.
    - When I need a GUI over X, for example to run the Oracle dbms installer, dbca, netca, etc., I use an X Server and ssh with X11 forwarding. Works great.
    - If I need to access the gnome desktop, then I have problems.

    problems
    1) I realize that Windows vnc clients such as Ultra VNC are unsafe, so I prefer not to use Windows vnc clients. Do any secure Windows vnc clients exist? Do any alternative vnc-like protocols exist that provide the same type of functionality but with appropriate security?
    2) When I use a vnc client over vpn, the vnc client can connect sometimes, and other times the vnc client cannot connect. I cannot determine why. SELinux is off. Port 5900 is open. I have even shutoff the firewall. I have tried multiple clients. Still I cannot connect at certain times, despite that all other network services on RHEL are working perfectly. Any troubleshooting recommendations?
    3) I have tried running the X Server and ssh with X11 forwarding, and then launching vncviewer from the ssh terminal window. The graphics refresh VERY slowly. Often, the refresh rate is so slow that the user interface is not usable. Others on the web have reported the same experience.

    I would appreciate your thoughts and recommendations.

    Thanks,

    Scot

    DB:3.31:Problems W Remote Access Of Gnome Desktop fx

    Dude -

    Sorry for the delayed response. I had not forgotten about this, but it took me a while to circle back.

    I had to read your note a few times to understand what you were saying, but it finally sunk in. : )

    I don't have ssh installed on my local Windows machine. I use putty instead. I figured out how to do the same thing w putty, and it worked beautifully. Now my local vncviewer works again, AND I can tunnel securely over the ssh protocol.

    The steps I executed on Windows 7 for putty.
    1) put putty directory in Windows path.
    2) open DOS window
    3) plink -ssh remote host -l remote user -i private key -L local port:remote host:remote port
    4) run local vnc viewer and connect to localhost:local port.

    THANK YOU!!!

    Scot

  • RELEVANCY SCORE 3.31

    DB:3.31:X Forwarding In Ssh 8j



    Ive got an SSH server at my house at my college town, and Im at my parents house. Im trying to forward X from my house to my parents house but Im getting an error message. It worked on Xubuntu, so Im sure its something I havent onfigured correctly but I dont know how to fix it.
    nelson@alpha-pc:~$ oocalc
    X11 connection rejected because of wrong authentication.
    X connection to localhost:10.0 broken (explicit kill or server shutdown).
    nelson@alpha-pc:~$ X11 connection rejected because of wrong authentication.
    X connection to localhost:10.0 broken (explicit kill or server shutdown).

    nelson@alpha-pc:~$

    DB:3.31:X Forwarding In Ssh 8j


    I used ssh -X username@server

    Ill check if X11 is enabled. I know it was on the computer Im currently using before I formatted it, but it might not be on the one Im trying to connect to. I didnt even think of that... Ill let you know

  • RELEVANCY SCORE 3.29

    DB:3.29:Ssh Not Working Anymore... aj


    I recently ran into the following problem when trying to ssh into my Ubuntu 11.04 server: ssh user@site.comPTY allocation request failed on channel 0This occurred after I upgraded to Lion. I can SSH from any other machine without a problem. I've seen a few other posts saying they're having issues with SSH and Lion as well. Here's the -v output:GLPro:~ greg$ ssh -v user@site.comOpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011debug1: Reading configuration data /etc/ssh_configdebug1: Applying options for *debug1: Connecting to xxxx [xxx.xx.xx.xx] port 22.debug1: Connection established.debug1: identity file /xxx/xxx/.ssh/id_rsa type 1debug1: identity file /xxx/xxx/.ssh/id_rsa-cert type -1debug1: identity file /xxx/xxx/.ssh/id_dsa type -1debug1: identity file /xxx/xxx/.ssh/id_dsa-cert type -1debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-1ubuntu3debug1: match: OpenSSH_5.8p1 Debian-1ubuntu3 pat OpenSSH*debug1: Enabling compatibility mode for protocol 2.0debug1: Local version string SSH-2.0-OpenSSH_5.6debug1: SSH2_MSG_KEXINIT sentdebug1: SSH2_MSG_KEXINIT receiveddebug1: kex: server-client aes128-ctr hmac-md5 nonedebug1: kex: client-server aes128-ctr hmac-md5 nonedebug1: SSH2_MSG_KEX_DH_GEX_REQUEST(102410248192) sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_GROUPdebug1: SSH2_MSG_KEX_DH_GEX_INIT sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_REPLYdebug1: Host 'neek.us' is known and matches the RSA host key.debug1: Found key in /xxxx/xxxx/.ssh/known_hosts:1debug1: ssh_rsa_verify: signature correctdebug1: SSH2_MSG_NEWKEYS sentdebug1: expecting SSH2_MSG_NEWKEYSdebug1: SSH2_MSG_NEWKEYS receiveddebug1: Roaming not allowed by serverdebug1: SSH2_MSG_SERVICE_REQUEST sentdebug1: SSH2_MSG_SERVICE_ACCEPT receiveddebug1: Authentications that can continue: publickey,passworddebug1: Next authentication method: publickeydebug1: Offering RSA public key: /xxxx/xxxx/.ssh/id_rsadebug1: Server accepts key: pkalg xxx-xxx xxxx xxxxdebug1: Authentication succeeded (publickey).Authenticated to xxxx ([xxx.xx.xx.xx]x).debug1: channel 0: new [client-session]debug1: Requesting no-more-sessions@openssh.comdebug1: Entering interactive session.debug1: Remote: Forced command.debug1: Remote: Port forwarding disabled.debug1: Remote: X11 forwarding disabled.debug1: Remote: Agent forwarding disabled.debug1: Remote: Pty allocation disabled.debug1: Remote: Forced command.debug1: Remote: Port forwarding disabled.debug1: Remote: X11 forwarding disabled.debug1: Remote: Agent forwarding disabled.debug1: Remote: Pty allocation disabled.debug1: Sending environment.debug1: Sending env LANG = en_US.UTF-8PTY allocation request failed on channel 0

    DB:3.29:Ssh Not Working Anymore... aj

    I recently ran into the following problem when trying to ssh into my Ubuntu 11.04 server: ssh user@site.comPTY allocation request failed on channel 0This occurred after I upgraded to Lion. I can SSH from any other machine without a problem. I've seen a few other posts saying they're having issues with SSH and Lion as well. Here's the -v output:GLPro:~ greg$ ssh -v user@site.comOpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011debug1: Reading configuration data /etc/ssh_configdebug1: Applying options for *debug1: Connecting to xxxx [xxx.xx.xx.xx] port 22.debug1: Connection established.debug1: identity file /xxx/xxx/.ssh/id_rsa type 1debug1: identity file /xxx/xxx/.ssh/id_rsa-cert type -1debug1: identity file /xxx/xxx/.ssh/id_dsa type -1debug1: identity file /xxx/xxx/.ssh/id_dsa-cert type -1debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-1ubuntu3debug1: match: OpenSSH_5.8p1 Debian-1ubuntu3 pat OpenSSH*debug1: Enabling compatibility mode for protocol 2.0debug1: Local version string SSH-2.0-OpenSSH_5.6debug1: SSH2_MSG_KEXINIT sentdebug1: SSH2_MSG_KEXINIT receiveddebug1: kex: server-client aes128-ctr hmac-md5 nonedebug1: kex: client-server aes128-ctr hmac-md5 nonedebug1: SSH2_MSG_KEX_DH_GEX_REQUEST(102410248192) sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_GROUPdebug1: SSH2_MSG_KEX_DH_GEX_INIT sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_REPLYdebug1: Host 'neek.us' is known and matches the RSA host key.debug1: Found key in /xxxx/xxxx/.ssh/known_hosts:1debug1: ssh_rsa_verify: signature correctdebug1: SSH2_MSG_NEWKEYS sentdebug1: expecting SSH2_MSG_NEWKEYSdebug1: SSH2_MSG_NEWKEYS receiveddebug1: Roaming not allowed by serverdebug1: SSH2_MSG_SERVICE_REQUEST sentdebug1: SSH2_MSG_SERVICE_ACCEPT receiveddebug1: Authentications that can continue: publickey,passworddebug1: Next authentication method: publickeydebug1: Offering RSA public key: /xxxx/xxxx/.ssh/id_rsadebug1: Server accepts key: pkalg xxx-xxx xxxx xxxxdebug1: Authentication succeeded (publickey).Authenticated to xxxx ([xxx.xx.xx.xx]x).debug1: channel 0: new [client-session]debug1: Requesting no-more-sessions@openssh.comdebug1: Entering interactive session.debug1: Remote: Forced command.debug1: Remote: Port forwarding disabled.debug1: Remote: X11 forwarding disabled.debug1: Remote: Agent forwarding disabled.debug1: Remote: Pty allocation disabled.debug1: Remote: Forced command.debug1: Remote: Port forwarding disabled.debug1: Remote: X11 forwarding disabled.debug1: Remote: Agent forwarding disabled.debug1: Remote: Pty allocation disabled.debug1: Sending environment.debug1: Sending env LANG = en_US.UTF-8PTY allocation request failed on channel 0

  • RELEVANCY SCORE 3.27

    DB:3.27:Altgr Not Working On Ssh X-Forwarding 1c



    Hello there,

    I found some places on the net which handled nearly a solution, but I cant get it to work or find the places they directed to.Well, the problem: Im connecting from an Arch Linux machine to an Arch Linux machine using ssh via xterm. X11 forwarding runs perfect, except that my AltGr-key is not working. Because I am german, I need this key to produce characters like { or }, which is very important for C programming .

    When Im in vi on my remote server, AltGr works with no problems. But any windowed application I run via ssh -X forwarding does not handle the AltGr-key. When Im directly on my remote machine and run X and an application, AltGr even works well.

    So this must be an ssh -X issue or something like that - any ideas?

  • RELEVANCY SCORE 3.25

    DB:3.25:Getting Around Port Blockings At Work 7j


    Here's a neat trick: I wanted to access my Mac at home from my Windows PC at work. I would use a VNC viewer (UltraVNC) to do it over an SSH tunnel, to encrypt it. However, work blocks port 22 - but not 5190 (instant messaging)! The built-in SSH server is fixed on port 22, though.

    Normally you use port forwarding to route a port to the same port to a specific IP address. This time I set my Airport Express router to route port 5190 to 22.

    Works like a charm.

    DB:3.25:Getting Around Port Blockings At Work 7j

    Here's a neat trick: I wanted to access my Mac at home from my Windows PC at work. I would use a VNC viewer (UltraVNC) to do it over an SSH tunnel, to encrypt it. However, work blocks port 22 - but not 5190 (instant messaging)! The built-in SSH server is fixed on port 22, though.

    Normally you use port forwarding to route a port to the same port to a specific IP address. This time I set my Airport Express router to route port 5190 to 22.

    Works like a charm.

  • RELEVANCY SCORE 3.24

    DB:3.24:Start A Gui Application Via Ssh Session Using The Remote Display. mz



    This is not about X forwarding, but about how to launch the gui application in SSH session so its window appears on a remote display, and not my own.

    The problem is when i try to set DISPLAY=:0.0, all X applications tell me no protocol specified.The remote host is running Ubuntu 9.10 in my case.

    DB:3.24:Start A Gui Application Via Ssh Session Using The Remote Display. mz


    This is not about X forwarding, but about how to launch the gui application in SSH session so its window appears on a remote display, and not my own.

    The problem is when i try to set DISPLAY=:0.0, all X applications tell me no protocol specified.The remote host is running Ubuntu 9.10 in my case.

  • RELEVANCY SCORE 3.24

    DB:3.24:X11 Over Ssh Weirdness kz


    Hi all,

    I do a great deal of my work logged into linux machines, forwarding X windows back. After installing 10.5, I tried ssh-ing into work. There are 3 big problems:

    1. It's unbelievably slow. It took 4 minutes to get a responsive emacs window, and even that was clunkier than usual.
    2. Emacs windows are suddenly big and ugly - like the fonts let themselves go and starting eating McDonalds. Gnuplot windows look normal, at least. (I can't launch local emacs to compare - it's completely FUBAR'd after the upgrade, but that's for a different thread)
    3. The cursor turns yellow inside the X11 windows forwarded over ssh. (Yeah, this is an old problem, but the old fix no longer works)

    I'm ssh-ing with -X and -Y, and I've tried doing this both with and without "ForwardX11Trusted yes" in my .ssh/config.

    My other machine (with a tiger install) has none of these problems. Anyone else having these issues? Should I give up on Leopard and go back to Tiger?

    DB:3.24:X11 Over Ssh Weirdness kz

    (I'd have spawned a new one if I knew how)

    Go to the top page of [Unix forum|http://discussions.apple.com/forum.jspa?forumID=735start=0], and use the link "Post New Topic" at the top-left of the page.

    where is it documented?

    See, for example, *man bash* and search for "Brace Expansion".

  • RELEVANCY SCORE 3.15

    DB:3.15:Ssh -X ≪Solaris 9 Host≫ Fails To Set Display d7


    i'm running Suse 9.1 Pro as my graphis client. x86 doesn't quite work yet on my host.

    i'm trying to run smc from my E250 (headless) to my Suse 9.1 desktop.

    the E250 is running Solaris 9. when i ssh -X and echo $DISPLAY, DISPLAY is empty.

    howerver, i can ssh -X (from suse) to another suse system, DISPLAY is set.

    i can also ssh -X (from suse) to my e250 running Solaris 10 and the DISPLAY is set!

    i've don't xhost + on all systems.

    why is Solaris 9 not working with the ssh -X forwarding setup? what am i missing on the Solaris 9 side? both Solaris 10 and 9 look to be the same in setup.

    thanks!

    DB:3.15:Ssh -X ≪Solaris 9 Host≫ Fails To Set Display d7

    If you use OpenSSH on the server side, X forwarding is turned off in the config by default on the server. Maybe the same with the Solaris OE bundled sshd?

  • RELEVANCY SCORE 3.15

    DB:3.15:Is Port Forwarding Broken Airport 7.5 &Amp; 7.5.1? fm


    Hi,

    VPN, SSH, Remote Desktop nothing works - the Mac Mini Server can not be reached from the internet. I now have exactly the same problem on my father's home network too since changing over to the current 2TB Time Capsule model - I can't SSH or Remote Desktop into his machine. The previous TC model we had running 7.4.2 works fine for both of us. Is anyone having issues with port forwarding on TC or AEBS 7.5 devices?

    The Macs are being allocated static IPs by DHCP Client ID and the IP allocated is correct.

    DB:3.15:Is Port Forwarding Broken Airport 7.5 &Amp; 7.5.1? fm

    Hi,

    Probably not desirable in your case but having the AEX as DHCP router and TC extending it (so the other way around) will probably resolve the issue meanwhile. If it doesn't then there may be something else going on in your network. My own solution to the port forwarding problem was to have the 7.4.2 device leading the 7.5.1 via Ethernet plugs.

  • RELEVANCY SCORE 3.14

    DB:3.14:Does The Rv016 Port Forwarding Bypass Firewall Default Rules? 79



    Hello everyone, this is my first discussion within this community (I think) and I got a strange issue when opening SSH service to a Database Administrator within my LAN, that has a RV016 as the default gateway. So confidence, I just set up a port forwarding in Setup Forwarding and everything works fine, cool.

    However, I do not want this to be a public access, I need a specific firewall rule for a specific external IP address (only the DBA fixed IP Internet might connect to my database server through SSH).

    O noticed that when a port forwarding is created within RV016, it bypass the firewall default rules and wide-opens the service (port) to the web. Conceptually, this is correct, as port forwarding is a network translation, but I expected that my firewall had work over this.

    My current solution was to create a "Deny from all" rule at port 22 and then create one additional rule that allows traffic from an specific IP at port 22.

    Any help?

    Thanks!

    DB:3.14:Does The Rv016 Port Forwarding Bypass Firewall Default Rules? 79


    Hi Bruno,

    Paolo is referring to this:

    Cisco Support Community NetPro Small Business Support Community

  • RELEVANCY SCORE 3.13

    DB:3.13:Re: Steup Xclock 1f


    I assume you use a windows system to logon to the sles server?

    If yes,
    1. make sure an X server (xming for example) is installed on your windows system, and running
    2. Use putty to connect to the sles server. enable 'X-forwarding' in putty, for the session
    3. logon. (using ssh protocol)
    This is all that is necessary. If you look, ssh has the DISPLAY setting already been done, and it uses a tunnel.

    If no, and you logon directly on the machine
    1. Just logon with the user you want to run the installer. Your display is alright.

    DB:3.13:Re: Steup Xclock 1f

    Download Xming from: http://sourceforge.net/project/showfiles.php?group_id=156984
    (the first link on the page)

    And install it.

    Then open putty, and enable X forwarding (see http://faq.rutgers.edu/?q=node/838)

    After you've logged in on the linux server (make sure you use the ssh protocol, not rlogin or telnet!!), there's no need to set the DISPLAY variable.

  • RELEVANCY SCORE 3.13

    DB:3.13:Help With Ssh Port Forwarding k3



    I am having an issue with ssh port forwarding. I have the ARRIS TG862. I have ssh enabled and sometimes is works, other times it does not. Thoughts?

    DB:3.13:Help With Ssh Port Forwarding k3


    I have the same setup, and noticed this too.

    Last week, I could access port 22 from "outside". Now, I cannot.

  • RELEVANCY SCORE 3.12

    DB:3.12:Jrmc Not Starting Up On Redhat Es 4 - X86_64 z1


    Hi ,
    Am new to the jrockit mission control. Did read the documentation a bit and downloaded the jrockit mission control for linux. As per the documentation to start up the console , i need to run $JROCKIT_HOME/bin/jrmc, but on trying to do that , i only get two lines of output :

    May 14, 2009 8:02:40 AM com.jrockit.mc.rjmx.internal.RJMX initializeSettings
    INFO: Reading console settings from /home/xxxx/.missioncontrol/rjmx.3.1.0.xml

    and nothing else happens. There is no other error which comes.

    Is there some dependency on any other package which it needs ?

    I am trying to run the command over ssh (using ssh -X to login to the box) using cygwin with X server from windows. My X server is configured fine and X forwarding is enabled (i could test that).

    Would really appreciate any help for this issue.

    Regards

    Soumendu

    DB:3.12:Jrmc Not Starting Up On Redhat Es 4 - X86_64 z1

    Hi ,
    Am new to the jrockit mission control. Did read the documentation a bit and downloaded the jrockit mission control for linux. As per the documentation to start up the console , i need to run $JROCKIT_HOME/bin/jrmc, but on trying to do that , i only get two lines of output :

    May 14, 2009 8:02:40 AM com.jrockit.mc.rjmx.internal.RJMX initializeSettings
    INFO: Reading console settings from /home/xxxx/.missioncontrol/rjmx.3.1.0.xml

    and nothing else happens. There is no other error which comes.

    Is there some dependency on any other package which it needs ?

    I am trying to run the command over ssh (using ssh -X to login to the box) using cygwin with X server from windows. My X server is configured fine and X forwarding is enabled (i could test that).

    Would really appreciate any help for this issue.

    Regards

    Soumendu

  • RELEVANCY SCORE 3.11

    DB:3.11:Vmware Server + Nomachine Nx - Blank Screen sa



    I installed VMware server, everything works fine.

    However, when I want to access "vmware" using NoMachine NX, there is only blank/black screen where one normally sees guest screen.

    When I start "vmware" using plain SSH and X-forwarding, everything displays just fine.

    I found a couple of posts in google describing exactly the same problem, but with no solution.

    Anyone?

    DB:3.11:Vmware Server + Nomachine Nx - Blank Screen sa


    By default, most distributions are set up to not be able to display X as root. I don't quite understand all the security issues there, but there are several ways to work around it.

  • RELEVANCY SCORE 3.11

    DB:3.11:Fudged My X Forwarding Over Ssh s9



    Ok, somewhere along the line I screwed up my X11 ssh link at work...I got a new computer and my laptop was in the shop for a bit... so things may have changed here and there....

    I can ssh into the box just fine, but, the display variable is set to HOSTNAME:10.0 instead of localhost:10.0... when i run something, like xclock, it runs fine, but I have no clue where its displaying (X is not running locally on the machine I am sshing into)...

    I have :
    X11Forwarding yes
    X11DisplayOffset 10
    X11UseLocalhost no

    DB:3.11:Fudged My X Forwarding Over Ssh s9


    gosh..this is a brain musher for me..
    are you setting anything silly in /etc/profile, ~/.bash_profile or ~/.bashrc ?

  • RELEVANCY SCORE 3.09

    DB:3.09:Exec Command Via Ssh In Existing X-Session 8x



    Hello,i want to start the media player app via SSH in an existing X-Session (real display) on the ssh target (ssh user = x-session user, all same machine). I do not mean X-forwarding! After the app is started, i want to disconnect the ssh connection and all should be still running. Any ideas?

    Greetings,Sebastian

    DB:3.09:Exec Command Via Ssh In Existing X-Session 8x


    The difference:
    #remote display
    ssh user@host DISPLAY=:0 some_command

    # although you might assume it gets passed through ssh, it does not and is displayed on the remote machine
    ssh -X user@host DISPLAY=:0 some_command

    # local display
    DISPLAY=:0 ssh -X user@host some_command

  • RELEVANCY SCORE 3.09

    DB:3.09:Xsession Howto? p7



    Can someone point me to a good howto for xsessions on arch? I have enabled X11forwarding in my /etc/ssh/sshd_config and I connected to the target box via ssh -X ip but actually getting the X11 forwarding working is unclear from this point on... my goal is to run ossxmixer in the ssh shell and have it pop up on my other boxs Gnome session.

    DB:3.09:Xsession Howto? p7


    Can someone point me to a good howto for xsessions on arch? I have enabled X11forwarding in my /etc/ssh/sshd_config and I connected to the target box via ssh -X ip but actually getting the X11 forwarding working is unclear from this point on... my goal is to run ossxmixer in the ssh shell and have it pop up on my other boxs Gnome session.

  • RELEVANCY SCORE 3.08

    DB:3.08:Guide To Better Ssh-Security fj


    There are countless recommendations for the configuration of SSH on Cisco devices available. But many of them propose settings that are not adequate any more. This document shows how to set up SSH on IOS and ASA for advanced session-security and how to configure an Apple Mac with OS X to only negotiate secure crypto. The client-side part of this document can also be used for checking the settings on a Linux-system. 

     
    Cisco IOSIt always starts with the generation of a public/private keypair that will be only used for the SSH-process. In this command we use a dedicated label "SSH-KEY" which we later assign to the SSH-config. The default-keylength ist typically too small, it's time to move to a stronger crypto. For new setups I only use 4096 Bit keys. Thats more then recommended on sites like http://www.keylength.com and makes the session-setup a little slower. But by far not that slow that it's unusable. And it typically doesn't hurt to have better crypto then the others.  
    crypto key generate rsa label SSH-KEY modulus 4096
     
    The RSA-Keypair is assigned to the SSH-config:
    ip ssh rsa keypair-name SSH-KEY
     
    Next we only allow SSH version 2. By default also version 1 is allowed:
    ip ssh version 2
     
    When the SSH-session is established, the session-keys are computed with the Diffie-Hellmann key exchange protocol. By default this is done with 768 Bit, which is not state-of-the-art any more. For my setups (with MacOS and Linux clients) I configure a bitlength of 4096 Bit. If you are using Putty in the actual version (0.63 at the time of writing), this is more then Putty can handle. You should change to a more powerful terminal like SecureCRT or use only a size of 2048 Bit which is still very secure. And if your IOS is to old, this command will also not be available.
    ip ssh dh min size 4096
     
    Depending on your needs you could enable the logging of SSH-login-events:
    ip ssh logging events
     
    The last step is to restrict the vty-lines to only use SSH, so that Telnet is not allowed any more:
    line vty 0 4
      transport input ssh
     
    In some setups, where SSH has to be reachable over the internet, I also change the SSH-port to something non-standard. This won't really increase the security of the setup, but it gives less log-entries from bots that try to login to SSH with commonly used username/password-combinations.
    ip ssh port 7890 rotary 1
    line vty 0 4
      rotary 1
     
    Some more protection-mechanisms that should be thought about are Control-Plane-Protection and Management-Plane-Protection. But that is not SSH-specific.
     
     
    Cisco ASAThe setup on the ASA has the same goal as on IOS, but there are less options to secure SSH. The syntax is also a bit different:
    crypto key generate rsa modulus 4096
    ssh version 2
    ssh key-exchange group dh-group14-sha1
     
    The keylength is dependent on the ASA platform in use. The legacy ASAs are not capable of a keylength larger then 2048 Bit. On the actual 5500-X devices, 4096 Bit is also possible.
    The command "ssh key-exhange group group14-sha1" was introduced in 8.4(4.1) and 9.1(2).
     
    On the ASA, the SSH-access has to be allowed from the management-IPs:
    ssh 10.10.0.0 255.255.0.0 inside
    ssh 192.0.2.100 255.255.255.255 outside
     
    Cisco NexusThe Nexus by default uses only 1024 Bit keys, and only supports SSH version 2.
    The only available option (to my knowledge and based on the config guide) is to use keys with a maximum length of 2048 Bits for the SSH-server:
     
    ssh key rsa 2048 force
     

    DB:3.08:Guide To Better Ssh-Security fj

    There are countless recommendations for the configuration of SSH on Cisco devices available. But many of them propose settings that are not adequate any more. This document shows how to set up SSH on IOS and ASA for advanced session-security and how to configure an Apple Mac with OS X to only negotiate secure crypto. The client-side part of this document can also be used for checking the settings on a Linux-system. 

     
    Cisco IOSIt always starts with the generation of a public/private keypair that will be only used for the SSH-process. In this command we use a dedicated label "SSH-KEY" which we later assign to the SSH-config. The default-keylength ist typically too small, it's time to move to a stronger crypto. For new setups I only use 4096 Bit keys. Thats more then recommended on sites like http://www.keylength.com and makes the session-setup a little slower. But by far not that slow that it's unusable. And it typically doesn't hurt to have better crypto then the others.  
    crypto key generate rsa label SSH-KEY modulus 4096
     
    The RSA-Keypair is assigned to the SSH-config:
    ip ssh rsa keypair-name SSH-KEY
     
    Next we only allow SSH version 2. By default also version 1 is allowed:
    ip ssh version 2
     
    When the SSH-session is established, the session-keys are computed with the Diffie-Hellmann key exchange protocol. By default this is done with 768 Bit, which is not state-of-the-art any more. For my setups (with MacOS and Linux clients) I configure a bitlength of 4096 Bit. If you are using Putty in the actual version (0.63 at the time of writing), this is more then Putty can handle. You should change to a more powerful terminal like SecureCRT or use only a size of 2048 Bit which is still very secure. And if your IOS is to old, this command will also not be available.
    ip ssh dh min size 4096
     
    Depending on your needs you could enable the logging of SSH-login-events:
    ip ssh logging events
     
    The last step is to restrict the vty-lines to only use SSH, so that Telnet is not allowed any more:
    line vty 0 4
      transport input ssh
     
    In some setups, where SSH has to be reachable over the internet, I also change the SSH-port to something non-standard. This won't really increase the security of the setup, but it gives less log-entries from bots that try to login to SSH with commonly used username/password-combinations.
    ip ssh port 7890 rotary 1
    line vty 0 4
      rotary 1
     
    Some more protection-mechanisms that should be thought about are Control-Plane-Protection and Management-Plane-Protection. But that is not SSH-specific.
     
     
    Cisco ASAThe setup on the ASA has the same goal as on IOS, but there are less options to secure SSH. The syntax is also a bit different:
    crypto key generate rsa modulus 4096
    ssh version 2
    ssh key-exchange group dh-group14-sha1
     
    The keylength is dependent on the ASA platform in use. The legacy ASAs are not capable of a keylength larger then 2048 Bit. On the actual 5500-X devices, 4096 Bit is also possible.
    The command "ssh key-exhange group group14-sha1" was introduced in 8.4(4.1) and 9.1(2).
     
    On the ASA, the SSH-access has to be allowed from the management-IPs:
    ssh 10.10.0.0 255.255.0.0 inside
    ssh 192.0.2.100 255.255.255.255 outside
     
    Cisco NexusThe Nexus by default uses only 1024 Bit keys, and only supports SSH version 2.
    The only available option (to my knowledge and based on the config guide) is to use keys with a maximum length of 2048 Bits for the SSH-server:
     
    ssh key rsa 2048 force
     

  • RELEVANCY SCORE 3.07

    DB:3.07:Workgroup Manager - Port Forwarding Problem 3a


    Hi,

    Within my local network, I can easily connect to my server using Server Admin, Server Monitor, and Workgroup Manager. They all work great without SSH.

    But when I use SSH to set up port forwarding on my local network like this:

    "sudo ssh MySecretAdminID@192.xxx.x.x -L 311:127.0.0.1:311 -L 625:127.0.0.1:625"

    I get this error message: "The login information is not valid for this server." Then, I switch the server IP back to its true IP (instead of 127.0.0.1) and it works great.

    Server Admin and Server Monitor work fine under ssh.

    Both ports 311 and 625 are open on the server for TCP.

    Is there another port I need to forward?

    Dual G5 Mac OS X (10.4.8)

    DB:3.07:Workgroup Manager - Port Forwarding Problem 3a

    Hi jaydisc

    Thank you for correcting me. Of course you are absolutely correct in what you say.

  • RELEVANCY SCORE 3.06

    DB:3.06:Dgmgrl And Ssh Port Forwarding dj


    Has any one installed combination of dgmgrl and SSH port forwarding.

    I would like to have dgmgrl because it is easier to monitor and switch/fail over is easier. I have not implemented this yet. I am managing it using sqlplus.

    I also have my standby half way across the globe (not my choice, can't fight that). This means latency is killing. I need ssh port forwarding to make it work. I have this in place already.

    When I configure the database and standby in data guard manager it changes log_archive_dest_2 on primary. It seems to get the values from the local listener parameter on the standby. I want log_archive_dest_2 to point to localhost:forwarded_port, other wise ssh port forwarding optimization is bypassed. Not sure how to make this work or if it is even possible.

    I have both 9.2.0.8 and 10.2.0.3 databases in my environment.

    DB:3.06:Dgmgrl And Ssh Port Forwarding dj

    Has any one installed combination of dgmgrl and SSH port forwarding.

    I would like to have dgmgrl because it is easier to monitor and switch/fail over is easier. I have not implemented this yet. I am managing it using sqlplus.

    I also have my standby half way across the globe (not my choice, can't fight that). This means latency is killing. I need ssh port forwarding to make it work. I have this in place already.

    When I configure the database and standby in data guard manager it changes log_archive_dest_2 on primary. It seems to get the values from the local listener parameter on the standby. I want log_archive_dest_2 to point to localhost:forwarded_port, other wise ssh port forwarding optimization is bypassed. Not sure how to make this work or if it is even possible.

    I have both 9.2.0.8 and 10.2.0.3 databases in my environment.

  • RELEVANCY SCORE 3.06

    DB:3.06:Port Forwarding + Westell 9100em + Ssh + Mac Os X ak



    hi,

    my goal is to get my Mac OS X laptop to be world accessible via ssh. I turn on remote sharing on my mac, and i can ssh into it using the local ip assigned by the router. to get the computer world-accessible, i add in TCPAny - 22 and UDPAny - 22 in my port forwarding options. when i try to ssh using the global ip of the router (can be found using numerous websites to determine ip), the connection is refused. when i check the port with other port checking sites, the connection is refused. i tried the same for ftp, and numerous other options. i even tried DMZ option, but the connections seems to be closed. the only port that seems to be open is 4567, which is turned to localhost (router?) by default in the port forwarding options TCP Any - 4567.

    at first i thought it was an OS problem, but this can't possibly be it since i could ssh using the local ip. also, same thing happens with ftp. called verizon and they said they don't support port forwarding (customer service that is). i asked if they block any ports, and they said no. so problem must be the router. does anyone know how to fix this? i see lots of this in the forum but the solution seem to not be here.

    help?!?! this is really CRAPPY.

    DB:3.06:Port Forwarding + Westell 9100em + Ssh + Mac Os X ak


    #1 Does any of these guides help you in any way:

    a) http://www.portforward.com/english/routers/port_fo​rwarding/Actiontec/MI-424-WRv2/SSH.htm

    b) http://www.portforward.com/english/routers/port_fo​rwarding/Actiontec/MI-424-WR/SSH.htm

    #2 As to why I told you to change the DHCP range, I point to:

    portforward.com -- forum -› Knowledge Base -› How to choose a Static IP address





    If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

  • RELEVANCY SCORE 3.05

    DB:3.05:Ssh Tcp Port Forwarding pc



    Does IOS support SSH TCP port forwarding ?

    Thank you,

    Yves

    DB:3.05:Ssh Tcp Port Forwarding pc


    Hi,

    If you mean fordward a request on a internet router1, port 22, to a private router2/gw ,port 22, using nat, try this:

    ip nat inside source static tcp 22 22 extendable

    Rene

  • RELEVANCY SCORE 3.05

    DB:3.05:Ssh Client Library c9


    Hi all,
    I am working on a product that already provides VT220 terminal emulation over Telnet.
    The requirement is to add SSH support (i.e. VT220/SSH). There is no need for any SSH extras, like tunnels, X11 forwarding,Environment Variable Passing, Remote Command Execution or anything more than the VT220 emulation. Does anyone know of any Java library (open source or not) that does this? Of course I googled and the closest things I could find were IBM's[http://www.alphaworks.ibm.com/tech/sshlite] and Ganymed[http://www.ganymed.ethz.ch/ssh2/].
    I would appreciate any hints, like the good and the bad about libraries that you may have used.
    Thanks!

    Edit: Just to make sure it is clear, I already have the presentation in place, I only need to hook another type of communications, therefore I need a data stream level API, not a full SSH terminal program, like Putty.

    Edited by: baftos on Aug 4, 2009 5:54 PM

  • RELEVANCY SCORE 3.05

    DB:3.05:Putty Xming Cant Open Display 93



    Yes I have googled and went through all Xming trouble? pages. Thanks for asking.

    I have a arch box called janus and a xp workstation japetus

    on janus /etc/ssh/sshd_config haveX11Forwarding yesX11DisplayOffset 10X11UseLocalhost yes

    on japetus installed: Putty 0.60, under Connection|SSH|X11|Enable X11 forwarding is switched on the X display location is: localhost:0, with MIT-Magic-Cookie-1 protocolon japetus installed: Xming 6.9.0.31there is no firewall running on japetus

    on japetus started Xlaunch and left Display number: 0on japetus fired up putty and connected to janus. Contrary to recommend the DISPLAY var is not set, so:on janus:export DISPLAY=localhost:0

    echo $DISPLAY returns localhost:0 so that is in order

    on janus: xlock resultError: Cant open display: localhost:0

    Ive been over these settings over and over and am not able to get it working. It must be a small simple oversight

    DB:3.05:Putty Xming Cant Open Display 93

    sprungknoedl wrote:
    as far as I know only xauth is needed

  • RELEVANCY SCORE 3.04

    DB:3.04:Ssh Requires High-Numbered Port Forwarding? cx


    I am running a cygwin ssh daemon on my windows system behind my WPN824v2. On the router, I set up port forwarding for port 22. Then I tried to ssh in from work. Connection timeout.

    However, if I also set up port forwarding on a high-numbered port range (e.g. 65000 - 65100), I can then ssh in. This makes no sense to me. Can anyone explain it?

    DB:3.04:Ssh Requires High-Numbered Port Forwarding? cx

    That's weird. I've never seen a problem like that (where port forwarding was needed on both 22 and a bunch of high ports for SSH to work...)

    The only times I've ever seen a high port needed were when the ISP blocked inbound connections to low ports (rare for a blanket block, common for specific ports to be blocked, esp. 25 and 80, sometimes 22.) or when the server process did not have administrative/root/etc privileges.

  • RELEVANCY SCORE 3.04

    DB:3.04:Problem Running Yahoo! Wdk Over Ssh X11 Forwarding 33



    Hi everyone,Im developing an web application for TV using Yahoo! Widget Development Kit (http://developer.yahoo.com/connectedtv/). Yahoo only provide their WDK for Ubuntu 32bit and I am using Arch 64bit . So I have to use VirtualBox to run an Ubuntu guest to develop. I dont want to spend all my time in Ubuntu so I have setup a SSH server in the Ubuntu guest with the X11Forwarding enabled. I can connect from my Arch (host) to Ubuntu guest with the command:
    ssh -X admin@my-ubuntu-host

    DB:3.04:Problem Running Yahoo! Wdk Over Ssh X11 Forwarding 33


    Hi everyone,Im developing an web application for TV using Yahoo! Widget Development Kit (http://developer.yahoo.com/connectedtv/). Yahoo only provide their WDK for Ubuntu 32bit and I am using Arch 64bit . So I have to use VirtualBox to run an Ubuntu guest to develop. I dont want to spend all my time in Ubuntu so I have setup a SSH server in the Ubuntu guest with the X11Forwarding enabled. I can connect from my Arch (host) to Ubuntu guest with the command:
    ssh -X admin@my-ubuntu-host

  • RELEVANCY SCORE 3.03

    DB:3.03:Remote Development And X Forwarding z8


    Heres what I am trying to do - Remotely use Xcode to do iPhone development while I am stuck away from home for extended hours and dont have access to my Mac.
    I tried just going inside the .app directory , into the Contents/MacOS folder and running Xcode over a SSH session, but this doesnt bring anything up. In fact I cant run any .app remotely. However if I run xcalc (a simple X11 application) X forwarding works just fine. So my question is, is it possible to use X forwarding for Xcode ?

    I would like to avoid using VNC because my wife uses our mac too, and I dont want to interrupt her by grabbing control over the mouse / session. Any way I can get remote development going?

    DB:3.03:Remote Development And X Forwarding z8

    Does this mean that any Cocoa / mac app cannot be used remotely ??

    Mac OS X GUI is NOT X11 Client/Server based. You cannot set DISPLAY and redirect the GUI display output.

    The best you can do is VNC into your Mac. You can use the built-in VNC server (System Preferences - Sharing - Screen Sharing - Computer Settings - VNC viewers may control screen with password)

    Or you can install a 3rd party VNC server, such as Vine Server (Free). There are advantages and disadvantages to both servers).

    As to clients that depends on what you are using as a remote host OS and what VNC clients are supported. Some clients play better with some servers than others.

  • RELEVANCY SCORE 3.02

    DB:3.02:881w Isr: Wan Access Significantly Slower For Wireless Users cp



    I am seeing a significant degrdation of applications using X11 forwarding when I connect over the wireless versus the wired lan on the back of the unit.

    The ICMP latency is average 0ms, max 9ms, on the lan, as opposed to average 10ms, max 70ms, on the wireless.

    This doesn't seem like enough of a difference to affect performance, yet something is. The client is using Cisco VPN through the 881w to a remote cisco router, and then ssh -X to a workstation on the remote network. Performance is bad when local client is on 881w wireless, but acceptable when local client plugs in 881w lan.

  • RELEVANCY SCORE 3.01

    DB:3.01:Using Ssh To Forward Sql Server Connection 77


    I have just found a bizzare problem when using SSH to forward SQL Server connections. We use SSH to encrypt all traffic coming over the internet from our partners. We have a marketing database that needs to be shared with our partners. Each external partner gets a certificate and they authenticate themselves against our SSH server with the certificate key. Should they authenticate successfully with our SSH server, the SSH client is configured to forward all connections from port 1433 on the client to our sql server on port 1433.
     
    Now, depending on how I configure the port forwarding, I may or may not succeed.
     
    If port-forwarding from 127.0.0.1:1433 to IP Address of SQL Server:1433, everything works. On the other hand, port forwarding from 127.0.0.1:1433 to DNS Name of SQL Server:1433 will result in a general network error.
     
    For example, 127.0.0.1:1433 - 10.1.1.6:1433 will work and 127.0.0.1:1433 - myserver:1433 will fail (myserver has IP address of 10.1.1.6).
     
    If we run the SSH server on the SQL Server, the same thing happens as well. In addition, the following port forwarding rule will also cause connection attempt to result in general network error: 127.0.0.1:1433 - 127.0.0.1:1433 (note that first 127.0.0.1 refers to the client and the second one refers to the SQL server).
     
    Any idea what's going on? It' not a major issue as I have worked the work-around. However, I prefer not to specify IP address in the forwarding rule as it means we will have a lot of work to reconfigure all the forwarding rules on the client should we ever change the server to a new IP address.

    DB:3.01:Using Ssh To Forward Sql Server Connection 77

    Set-up the tunnel as in SQL Host scenario. Connect SQL Profiler to the SQL Server then try to connect to the server from client. Let's if SQL Profiler reports the established connection. Please also post the log file corresponding to this experiment.
     
    Thanks!

  • RELEVANCY SCORE 3.00

    DB:3.00:X Forwarding Over Ssh f8



    Hi all, Ive been trying to get this working for several days and finally figure that I need some help. I have an Arch box that I use for backups and for compiling large C programs that I recently installed all the X stuff on so that I could get some graphical apps on my Windows box. I thought the setup should be easy, with sshd_config:
    X11Forwarding yes
    X11DisplayOffset 10
    X11UseLocalhost yes

    DB:3.00:X Forwarding Over Ssh f8


    archwade, thats a 4 year old post. I am sure the op fixed it by now or stopped caring.

    Please do not necrobump threads.

    Our policy :: https://wiki.archlinux.org/index.php/Fo … Bumping.22

    Closing...

  • RELEVANCY SCORE 2.99

    DB:2.99:Dns Forwarding 192.168.1.X To 192.168.2.X xs



    Started a new thread. How do you get this to happen:

    Push VPN Site 2 DNS requests over to Site 1 and vice versa.

    192.168.2.x trying to resolve192.168.1.x addresses via their hostnamesand vice versa.

    Thank you

    Adam

    DB:2.99:Dns Forwarding 192.168.1.X To 192.168.2.X xs


    Started a new thread. How do you get this to happen:

    Push VPN Site 2 DNS requests over to Site 1 and vice versa.

    192.168.2.x trying to resolve192.168.1.x addresses via their hostnamesand vice versa.

    Thank you

    Adam

  • RELEVANCY SCORE 2.98

    DB:2.98:Keeping X Apps Running After Closing Ssh Session js



    edit: this problem is a bit different to what I thought it was, see my post further down

    Im having a problem...

    I have an arch install which i am ssh-ing into using putty on my Windows desktop, where Xming is also running. I then launch X apps via ssh which connect straight to xming over LAN. This works fine.

    I would like them to then stay open even after closing the ssh session. Sometimes this works fine for a while, and then it wont for a while.

    I have tried using
    app

  • RELEVANCY SCORE 2.98

    DB:2.98:Run An X11 Application On A Remote Machine k1



    I have two computers, a server and a desktop. I would like the server to run an X11 application (i.e. dzen2) on the desktop.

    My confusion arises from whether or not to use X11 forwarding over SSH for this task. I only want to send a command from the server to the desktop to be run in an X11 environment. I do not want that application to be sent back to the server or for the application to be run on the server and then sent to the desktop.

    When I tried to implement X11 forwarding, as outlined in the ArchWiki, but I received the following error:
    $ ssh -X -f user@port xterm
    xterm Xt error: Cant open display:
    xterm: DISPLAY is not set

    DB:2.98:Run An X11 Application On A Remote Machine k1

    filam wrote:eldragon wrote:
    enable the corresponding flags in /etc/ssh/sshd_config

    then ssh -Y user@server

    that should do it.

    why -Y and not -X....i dont know.

  • RELEVANCY SCORE 2.97

    DB:2.97:Forward Windows Applications As X11 Clients? sz



    I suspect this isnt possible (Ive done a fair share of Googling the topic), but Ill ask to be sure:

    I know how there are X servers for Windows to allow X11 forwarding over SSH to a Windows machine. I use Xming at work to run applications on my Linux machine remotely from a Windows laptop.

    What I want now is the reverse: I want a Linux machine running an X server, and to connect from it to a Windows SSH server and run, for example, notepad.exe via X11 forwarding over SSH. So I can only fathom that for this to be possible, the Windows GUI libraries would need third-party changes to behave with the client-server model that X11 uses. Has this ever been attempted?

    Thanks for any suggestions!

    DB:2.97:Forward Windows Applications As X11 Clients? sz


    I dont have much supporting information for this, but I like TigerVNC over TightVNC. Their vision and active development are what makes me prefer TigerVNC

  • RELEVANCY SCORE 2.97

    DB:2.97:Re: X Forwarding cd


    Yes,

    DB:2.97:Re: X Forwarding cd

    Thanks!!!!!!
    It's working now, I wasn't suppose to export the DISPLAY after creating the X authority file.

  • RELEVANCY SCORE 2.96

    DB:2.96:Ssh Port Forwarding To Router? fz



    We use SecureCRT to make SSH vpn connections to our routers remotely. Is it possible to have the router perform port forwarding thru this vpn connection to a server on the router's internal network?

    I ask this because SSH connections are the only possible way for us to make these remote connections, IPSec or PPTP client connections are blocked at the firewall. I know I can install an SSH server inside that network to accomplish this, but we can't install 250 SSH servers.

    Thanks, Jeff

    DB:2.96:Ssh Port Forwarding To Router? fz


    Your question is somewhat vague as to your current setup. To simply forward port 22... Yes this can be done... You can do this quite easily with NAT.

    ip nat inside source static tcp 10.0.0.1 22 202.202.202.2 22

    Now, if you have a bunch of boxes you need to ssh to you can still use one IP address and specify ports in your SSH client.

    ip nat inside source static tcp 10.0.0.1 22 202.202.202.2 1030

    ip nat inside source static tcp 10.0.0.2 22 202.202.202.2 1031

    ip nat inside source static tcp 10.0.0.3 22 202.202.202.2 1032

    See the following link for more information...

    http://cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

  • RELEVANCY SCORE 2.95

    DB:2.95:Re: Installing Oracle 10g Ee. Can't Find X? 71


    Try/use ssh -X username@hostname Yes, X11 forwarding is the second option.

    DB:2.95:Re: Installing Oracle 10g Ee. Can't Find X? 71

    Thank you for reading up on this thread and continuing to reply to me :)You are welcome. Now you should do that for other OTN members... :-)

    For future readers of this thread:
    libXp.so.6 is included in xorg-x11-deprecated-libs package until FC4. Since FC5 is included in libXp package.

  • RELEVANCY SCORE 2.93

    DB:2.93:Xdmcp Broadcast f1


    hello,
    I want to login on a soalris 9 machine. The computer works fine . SSH with X-Forwarding runs too.

    But if I want login with dtlogin, I allways see:

    "Remote Host could not be accessed. The remote host name is vaild, but the remote host may not be runnig dtlogin (or other displaz manager)

    What can I do???

    Thanks

    DB:2.93:Xdmcp Broadcast f1

    If you do a:

    # ps -ef |grep dtl

    Do you see this process?

    root 264 1 0 09:26:06 ? 0:00 /usr/dt/bin/dtlogin -daemon

  • RELEVANCY SCORE 2.92

    DB:2.92:Hurtin: Ssh'ing From Host To Guest On A Host-Only Network? p7



    hi folks

    i'm using gsx 3.0. windows xp pro, my host, ip is 10.38.4.x / 255.255.254.0. i can't change this ip. i'm running a single instance of fedora 2 on gsx, within a host-only network. the ip address assigned to it is 192.168.1.200/255.255.255.0

    using putty from the windows xp host, how do i ssh into my fedora/guest? i have samba running on the guest, how do i get explorer to see it? i've tried to use NAT but i could only get ssh port forwarded, not samba. it was port forwarding hell.

    thanks

    DB:2.92:Hurtin: Ssh'ing From Host To Guest On A Host-Only Network? p7


    Notice that the host is using netmask 255.255.254.0,

    while the guest is using 255.255.255.0

    You are confusing two interfaces. Ethernet interface on your uses 10.x.x.x and netmask 255.255.254.0. Host-only interface uses 192.168.1.x and netmask 255.255.255.0.

    And how would putty know what NIC to call via?

    By IP address routing tables. IP addresses used on your ethernet interface differs from IP addresses used on host-only. BTW, your guest uses 192.168.1.128 and not 192.168.1.200 as you wrote. Maybe this is reason why you cannot connect to guest?

  • RELEVANCY SCORE 2.92

    DB:2.92:Hyperic Installation Over Ssh sc


    DB:2.92:Hyperic Installation Over Ssh sc

    is your Ubuntu system 64 bit ? If so, do you have 32 bit libraries installed to run 32 bit software ?In that case I'd use the OpenJDK and PostgreSQL/MySQL shipped with Ubuntu, works great for me on a 64bit Ubuntu.Cheers, Bjoern

  • RELEVANCY SCORE 2.91

    DB:2.91:Cant Open Port 1960 For Ssh sf



    Hi

    I have followed the tutorial on port forwarding on sky hub, But i stiil cant get a connection

    I have created a new service. I have changed ssh port number, All works over lan

    New router services

    ssh allways allow "ip 192.168.0.20:1960:1960

    The enabled radio button is either blank or has a x in it I have tried with both.

    I have tried to connect via external ip using port 1960.

    The server firewall excepts connections from 192.168.0.0/24:1960

    Port scan from shields up

    1960 stealthnasmanager,Merit DAC NASmanager

    DB:2.91:Cant Open Port 1960 For Ssh sf


    Hi

    I have followed the tutorial on port forwarding on sky hub, But i stiil cant get a connection

    I have created a new service. I have changed ssh port number, All works over lan

    New router services

    ssh allways allow "ip 192.168.0.20:1960:1960

    The enabled radio button is either blank or has a x in it I have tried with both.

    I have tried to connect via external ip using port 1960.

    The server firewall excepts connections from 192.168.0.0/24:1960

    Port scan from shields up

    1960 stealthnasmanager,Merit DAC NASmanager

  • RELEVANCY SCORE 2.91

    DB:2.91:No X11 Forwarding With Network-Based Home Directory 83


    Hi

    When I log into my local mac via a network-based home directory, I cannot display X11 apps from a remote unix server either with Telnet or SSH.

    When I log into the same mac with a local user account, I have no issues displaying X11 apps.

    Any help is appreciated!

    Thanks

    Kraiwulf

    Mac OS X (10.4.8)

    DB:2.91:No X11 Forwarding With Network-Based Home Directory 83

    Have you tried using the '-v' option with ssh? And did it give any indication of what the problem might be? I would try '-v' first, and if nothing useful, then '-vv'

    Is the server also running OpenSSH, or is it running some other variant?

  • RELEVANCY SCORE 2.91

    DB:2.91:Vnc Through Ssh Forwarding 9j


    I have a Solaris 10 system at home with the SSH port open to a limited number of hosts including my static IP at work. I would like to access the VNC server on my Mac (running OS-X Tiger) from work through the Solaris SSH server but I haven't been able to do so. I have the forwarding option enabled on the Solaris system in /etc/ssh/sshd_config (AllowTcpForwarding GatewayPorts are set to Yes). I'm using the following command to start forwarding:

    ssh -L 5901:home.mac:5900 username@home.sparcthen run the vncviewer and point to to localhost::5901 but the ssh session returns:

    channel 2: open failed: administratively prohibited: open failedwhen I try to connect. What am I doing wrong?

    I should add that port 22 is already being forwarded from the firewall's (with NAT) public IP to the sparc system with SNAT IP address. Could that be the problem?

    Thanks!

    DB:2.91:Vnc Through Ssh Forwarding 9j

    I have similar problem too. My problem was fixed after I enabled AllowTcpForwarding in the /etc/ssh/sshd_config on the remote ssh server. Usually that is your vncserver.

    Don't forget to have sshd reread its config file.

    Cheers

  • RELEVANCY SCORE 2.91

    DB:2.91:Ssh X Forwarding Not Working 8j


    So this used to work just fine but I dont know why it doesnt work anymore. I have it all configured in the sshd_config but it still won't even open a connection any more. I can ssh just fine. If I do ssh -X .... it just hangs, there isn't an error or a password prompt. If I try to ssh -X to a host that I havent previously been to, it will ask if I want to save the fingerprint, ask for a password, then hang (once again no errors). Any ideas why this is happening? I need this for work and as I said before, this used to work.

    DB:2.91:Ssh X Forwarding Not Working 8j

    So this used to work just fine but I dont know why it doesnt work anymore. I have it all configured in the sshd_config but it still won't even open a connection any more. I can ssh just fine. If I do ssh -X .... it just hangs, there isn't an error or a password prompt. If I try to ssh -X to a host that I havent previously been to, it will ask if I want to save the fingerprint, ask for a password, then hang (once again no errors). Any ideas why this is happening? I need this for work and as I said before, this used to work.

  • RELEVANCY SCORE 2.91

    DB:2.91:[Solved] X Memory Usage Blows Up With Ssh X11 Forwarding x8



    My X ends up using almost 1gb of ram as I use ssh with x11 forwarding to run programs. Even after I quit the programs, the memory usage never drops back down again.

    I use ssh -c arcfour -YC server

    SOLVED: Seems its an issue with the arcfour compression, using blowfish-cbc instead

    Last edited by boast (2013-05-03 18:06:57)

    DB:2.91:[Solved] X Memory Usage Blows Up With Ssh X11 Forwarding x8


    Oh you didnt mention your system would lock up. Yeah, thats definitely a memory leak, but I have a feeling its specific to arcfour since X forwarding has been around for a while and such a bug would have been ironed out by now.

    See if theres memory leaks when running the command locally. Theres a possibility its streaming errors, though I dont see why thatd use up so much RAM.

  • RELEVANCY SCORE 2.91

    DB:2.91:Can't Get Tiger X11 Server To Work Via Ssh 3d


    I am trying to get my Tiger system to "xterm" my Linux(2.6.9) box by tunneling/forwarding X11 traffic. No problem with connecting ("ssh -X user@host"), but the DISPLAY variable does not get set at all. ssh -Y doesn't work either. I've noticed that there is no DISPLAY variable in my Tiger terminals session and I have tried to manually set it ("export DISPLAY=localhost:0.0") but this does not work either; I get "connection refused" error message. I have no problem with ssh/X11 forwarding to the Linux box from other machines so I believe the problem lies with Tiger.

    Oh yeah; X11Forwarding yes, Remote Login is turned on

    I've Googled around and checked the boards here and have not found a solution.

    What to do?

    DB:2.91:Can't Get Tiger X11 Server To Work Via Ssh 3d

    've noticed that there is no DISPLAY variable in my Tiger terminals session and I have tried to manually set it ("export DISPLAY=localhost:0.0") but this does not work either;

    This is your problem. You have already noticed that only xterm sessions launched from the X11 application get they DISPLAY variable set. If you want to work with X11 and the Terminal.app application, you have to set it manually. However, for a reason or another, you must NOT set it to "localhost:0.0", but to ".0".

    On my system :
    FlyingPig:~ cochonou$ export DISPLAY="localhost:0.0"
    FlyingPig:~ cochonou$ xeyes
    Error: Can't open display: localhost:0.0

    FlyingPig:~ cochonou$ export DISPLAY=".0"
    FlyingPig:~ cochonou$ xeyes
    xeyes is OK.

    If you want to do this configuration automatically, put it in the .bash_profile file in your home directory.

    Now if you followed the advices of the other users in this thread, ssh -Y or -X should set the display variable correctly on the remote machine, and X11 forwarding should work.

  • RELEVANCY SCORE 2.91

    DB:2.91:Newest Xquartz Makes X11 Work Great In Leopard/Spaces z3


    I was a loud whiner about X11 in Leopard. A new version of Xquartz came out yesterday and since installing it this morning and using it heavily, I haven't been able to make it fail yet.

    I got my preferred work process back today and I'm quite happy. I can open multiple xterms to the same and different computers at the same time, do X forwarding over SSH to any of them, launch new xterms from inside a remote destination, distribute them over different desktops and it all seems to work just fine now.

    This isn't in the "software update" yet, but you can get it directly here:
    http://xquartz.macosforge.org/downloads/X11-2.2.0_rc3.pkg

    DB:2.91:Newest Xquartz Makes X11 Work Great In Leopard/Spaces z3

    I was a loud whiner about X11 in Leopard. A new version of Xquartz came out yesterday and since installing it this morning and using it heavily, I haven't been able to make it fail yet.

    I got my preferred work process back today and I'm quite happy. I can open multiple xterms to the same and different computers at the same time, do X forwarding over SSH to any of them, launch new xterms from inside a remote destination, distribute them over different desktops and it all seems to work just fine now.

    This isn't in the "software update" yet, but you can get it directly here:
    http://xquartz.macosforge.org/downloads/X11-2.2.0_rc3.pkg

  • RELEVANCY SCORE 2.91

    DB:2.91:About Init Gui On Linux Or Solaris s9


    About init GUI on linux or solaris

    Error1.xhost: unable to open display ""

    Possible Solution:
    root@oardc:~# xhost +
    xhost: unable to open display ""
    root@oardc:~# export DISPLAY=localhost:1
    root@oardc:~# xhost +
    access control disabled, clients can connect from any host

    Error2.No protocol specified
    xhost: unable to open display ":1.0"

    Possible Solution:
    Forget about DISPLAY and xhost, that's ancient history!
    Use SSH X-forwarding.
    - On the solaris server make sure SSH server is running and X11
    forwarding is enabled.
    - On the Cygwin-PC, start the X11 environment ("startx" I think), open an xterm and
    ssh -X username@solaris-hostname-or-ip
    sometimes you need -Y instead of -X (don't remember why)
    ssh -Y username@solaris-hostname-or-ip
    That's all. X programs on Solaris should open on Cygwin.)

    DB:2.91:About Init Gui On Linux Or Solaris s9

    About init GUI on linux or solaris

    Error1.xhost: unable to open display ""

    Possible Solution:
    root@oardc:~# xhost +
    xhost: unable to open display ""
    root@oardc:~# export DISPLAY=localhost:1
    root@oardc:~# xhost +
    access control disabled, clients can connect from any host

    Error2.No protocol specified
    xhost: unable to open display ":1.0"

    Possible Solution:
    Forget about DISPLAY and xhost, that's ancient history!
    Use SSH X-forwarding.
    - On the solaris server make sure SSH server is running and X11
    forwarding is enabled.
    - On the Cygwin-PC, start the X11 environment ("startx" I think), open an xterm and
    ssh -X username@solaris-hostname-or-ip
    sometimes you need -Y instead of -X (don't remember why)
    ssh -Y username@solaris-hostname-or-ip
    That's all. X programs on Solaris should open on Cygwin.)

  • RELEVANCY SCORE 2.90

    DB:2.90:[Solved] X Forwarding Inside Virtualbox Guest 9s



    hi, this is my configuration:

    virtualbox4.0host: windows7 sp1guest: arch linux (updated)

    Ive installed and configured ssh server in arch... I had to set port forwarding to let windows connect to arch (windows:2222 ---- arch:22) (I use the default NAT network in virtualbox)

    So far, its all ok.. I can connect with windows to arch with no problems..

    Now Ive installed xming on windows.. tried to do X forwarding with a test server, which works for sure, no problems again.

    Finally I tried to connect to arch guest using X forward, and everytime I get unable to open display, DISPLAY is not set with all gui commands.obviously I can open a command in the guest Xorg, but Im not able to connect to xming.maybe its an sshd misconfiguration... this is my config (I followed archwiki):

    http://nopaste.info/bfba65c945.html

    any suggestion?

    Last edited by Cornholio (2011-09-16 19:10:48)

    DB:2.90:[Solved] X Forwarding Inside Virtualbox Guest 9s


    oh wait, lol.I didnt configure putty correctly. solved.

  • RELEVANCY SCORE 2.90

    DB:2.90:[Solved]X11 Forwarding Not Working After Move From Kde In [Extra] To cd



    Meh, Im an idiot. /etc/hosts was missing localhost definition

    localsystem:~/:$ ssh remotesystemPassword:

    remotesystem:/~:$ cat /etc/ssh/sshd_config | grep -i forwardAllowAgentForwarding yesAllowTcpForwarding yesX11Forwarding yes

    remotesystem:/~:$ set | grep -i displayDISPLAY=localhost:10.0

    remotesystem:/~:$ xeyesError: Cant open display: localhost:10.0

    --

    hosts.deny is emptyhosts.allow has one lineALL:ALL:ALLOW

    (yes, I know this isnt secure, but until my X works remotely, I will disable any security I can)

    --- That is all the info I have on the X11 Forwarding Issue..

    Last edited by break19 (2009-03-04 04:28:18)

    DB:2.90:[Solved]X11 Forwarding Not Working After Move From Kde In [Extra] To cd


    Meh, Im an idiot. /etc/hosts was missing localhost definition

    localsystem:~/:$ ssh remotesystemPassword:

    remotesystem:/~:$ cat /etc/ssh/sshd_config | grep -i forwardAllowAgentForwarding yesAllowTcpForwarding yesX11Forwarding yes

    remotesystem:/~:$ set | grep -i displayDISPLAY=localhost:10.0

    remotesystem:/~:$ xeyesError: Cant open display: localhost:10.0

    --

    hosts.deny is emptyhosts.allow has one lineALL:ALL:ALLOW

    (yes, I know this isnt secure, but until my X works remotely, I will disable any security I can)

    --- That is all the info I have on the X11 Forwarding Issue..

    Last edited by break19 (2009-03-04 04:28:18)

  • RELEVANCY SCORE 2.89

    DB:2.89:X11 Forwarding With Non-X11 Apps j1


    is there a way to forward the graphical output (like ssh -X) of a Mac-application?
    I want to forward the output of my macbook to a cinema display without messing around with cables.

    DB:2.89:X11 Forwarding With Non-X11 Apps j1

    is there a way to forward the graphical output (like ssh -X) of a Mac-application?
    I want to forward the output of my macbook to a cinema display without messing around with cables.

  • RELEVANCY SCORE 2.88

    DB:2.88:X11 Forwarding Not Working 3x


    I'm running OS 10.4.7. I've successfully installed X11 and ssh'd over to the linux box at work. But even though I've used the -X or -Y option for ssh, typing "xclock" over there just gives me an error message: "Error: Can't open display: work:0", where work is the name of the box that I'm connected to over there.

    So, I suspect that the problem isn't with some sort of permission that needs to be set over here on my mac, but rather that the message to do X11 forwarding isn't getting through.

    I also tried a "setenv DISPLAY" command on the remote computer, using the IP address that my mac seems to have. When I did that, typing "xclock" just makes the shell hang, as though it believes that it's displaying an xclock somewhere in the world. But I can't see it.

    So what should I do? Is there something different that I need to do for the forwarding information to get sent over with my ssh command? Or should I use the "setenv DISPLAY" option, and do something so that my mac actually shows me the xclock?

    Any help greatly appreciated.

    MacPro Mac OS X (10.4.7)

    DB:2.88:X11 Forwarding Not Working 3x

    Sure enough, there was a line in my .cshrc on the remote computer that set the DISPLAY variable. I should have figured this out myself. But thanks for the tip!

  • RELEVANCY SCORE 2.88

    DB:2.88:Ssh To Home Computer To Check My Email 1f


    I have an iBook G4 and PowerMac G5. I want to leave the G5 on at home and ssh to an account on the G5 while away from home using the iBook connecting over a public wifi spot. My goal is to somehow check my email SECURELY once I successfully connect to my G5. Can this be done somehow?

    My ISP doesn't support creating an ssh tunnel to securely connect to my ISP and get mail from my pop3 account, so that is out.

    When I tested using ssh to the G5, I could open Apple Mail, but it appears on the G5, and there is no way for me to get the mail over the ssh connection to the iBook so I can look at the mail.

    Since Apple Mail is not an X11 application, X11 Forwarding will probably not work.

    I'm guessing VNC is my only choice here. Is that so? I really don't need to see the G5 screen on my iBook after I ssh in, I simply want some way to retrieve the mail from the G5 and bring it to my iBook for reading.

    I don't know anything about setting up a mail server, but I do have a spare G3 BW PowerMac at home. Is there some way to make it a mail server that can retrieve mail from my ISP via the DSL modem and THEN I use my iBook to ssh into the BW G3 to retrieve my mail?

    If anyone can point me to a website to do any of this or they can explain how to set up a workable solution to let me get my email, please post it here.

    PowerMac G5 Dual 2 GHz (rev 2) 20 Cinema Disp. Mac OS X (10.4)

    DB:2.88:Ssh To Home Computer To Check My Email 1f

    It sounds like you want to be able to download mail from your ISP using your laptop, but you wanted to have a secure connection throught the public wifi hotspot. Since your ISP doesn't support SSL or an ssh tunnel, you wanted to setup an ssh tunnel to your home machine, and check from there.

    You don't need to use Terminal and Pine to do this. You can use Apple Mail on your laptop with an ssh tunnel to your home machine, and setup that tunnel to forward POP traffic to your ISP. The connection between your laptop and your home machine will be secure, but the connection between your home machine and the ISP will not be (as I presume it isn't when you check mail at home anyway).

    To do this, you just need to setup port forwarding when you start the ssh session. I do this with an entry in my .ssh/config file on the laptop like this:

    Host home
    User user-name
    Hostname your.home.ip.address
    LocalForward 9110 pop.yourisp.net:110
    LocalForward 9025 smtp.yourisp.net:25

    (The "user-name" would be the user name you login with on your home machine.)

    Now you can type "ssh home" and, while your session is open, you'll have a tunnel from 127.0.0.1:9110 to the POP server at your ISP, and a tunnel from 127.0.0.1:9025 to the SMTP server at your ISP.

    Then make an Apple Mail account with incoming mail server set to 127.0.0.1 and (under the advanced tab) port set to 9110, and you'll be able to download your mail securely. To send mail using your ISP's SMTP server, just configure the outgoing mail server (SMTP) for that account as 127.0.0.1 and the server port as 9025.

    If your home machine is setup to constantly check mail even while you're away, you'll need to make sure that it's set to leave mail on the server for at least a day or more (depending on how often you intend to check mail on the road).

    For even more fun, put this LocalForward command with the other two:

    LocalForward 9548 127.0.0.1:548

    Now, you can securely mount your home machine's hard disk on your laptop over afp whenever the tunnel is open. From the Finder, just go Go Connect to Server... and type in "afp://127.0.0.1:9548/".

  • RELEVANCY SCORE 2.88

    DB:2.88:Port Forwarding Via Ssh 1c



    I want to SSH into a Cisco 1841 router and depending on the suffix added to the SSH (i.e ssh myrouter.myroute.com 2002), would like it to forward this request to a terminal server.

    Can this be done?  If so, how does one accomplish this?  I have done something similar with RDP but I was not sure about SSH.

    Thank you

    Dwane                  

    DB:2.88:Port Forwarding Via Ssh 1c


    I will test this today.  Thank you all.  I have a question about SSH into an 1841.  How does this need to be configured if I would like to use a 3rd party certificate like a Comodo certificate?

  • RELEVANCY SCORE 2.88

    DB:2.88:Enabling X11 Forwarding On Solaris 10? xa


    Greetings,

    I am getting no $DISPLAY (DISPLAY: Undefined variable. ) on the solaris 10 system when doing an 'ssh -X hostname' from my linux workstation. Can someone please help?

    I've installed Solaris 10 01/06 Core System Support Software Group to this sun4u sparc machine. I've additionally installed the following packages:
    system SUNWsshcu SSH Common, (Usr)
    system SUNWsshdr SSH Server, (Root)
    system SUNWsshdu SSH Server, (Usr)
    system SUNWsshr SSH Client and utilities, (Root)
    system SUNWsshu SSH Client and utilities, (Usr)
    system SUNWxge Xframe 10GE NIC Driver
    system SUNWxwdv X Windows System Window Drivers
    system SUNWxwmod X Window System kernel modules

    I set in /etc/ssh/sshd_config:
    ListenAddress 0.0.0.0
    AllowTcpForwarding yes
    GatewayPorts yes
    X11Forwarding yes
    X11DisplayOffset 10
    X11UseLocalhost yes

    But it is still not working. Please advise.

    regards,
    Ryan

    DB:2.88:Enabling X11 Forwarding On Solaris 10? xa

    set the environment variable DISPLAY in the Solaris server.

    setenv DISPLAY serverIP:port

    It should work.

  • RELEVANCY SCORE 2.87

    DB:2.87:Ssh-Plugin And Port Forwarding Applets Not Working 3c



    Hi,

    I have just upgraded my ASA 5505 to last image asa844-1-k8.bin and completely clear config because I want start over.

    I have installed ssh-plugin.111006.jar into appliance. In older firmware 8.4.1 it was working without any problems.

    Now when I lauch applet it ask for login and password and status is online/connected. After I press OK in login window the window is immediately changed to disconnected status.

    Then I tried to use other applet in client less VPN which is bundled by default "port forwarding". I have setup local port 60022 and remote port 22 with remote IP of my ssh server.

    from my computer i'm able to connect without any problems. But when I tried to connect to localhost ip and port 60022 connection was immediately closed.

    Could someboedy help me?

    DB:2.87:Ssh-Plugin And Port Forwarding Applets Not Working 3c


    Hi,

    I have just upgraded my ASA 5505 to last image asa844-1-k8.bin and completely clear config because I want start over.

    I have installed ssh-plugin.111006.jar into appliance. In older firmware 8.4.1 it was working without any problems.

    Now when I lauch applet it ask for login and password and status is online/connected. After I press OK in login window the window is immediately changed to disconnected status.

    Then I tried to use other applet in client less VPN which is bundled by default "port forwarding". I have setup local port 60022 and remote port 22 with remote IP of my ssh server.

    from my computer i'm able to connect without any problems. But when I tried to connect to localhost ip and port 60022 connection was immediately closed.

    Could someboedy help me?

  • RELEVANCY SCORE 2.86

    DB:2.86:Ssh Port Forwarding Stopped Workiing z8


    OK, truly bizarre. I run the computers for my wife's office (which is in NYC and I'm in CT). I ssh in to their local network, and use VNC to connect to whatever computer I want. Recently we switched to an airport extreme router, and I seem to have a strange issue. I can connect to the computer which the router forwards port 22 to no problem (forwarding 5901 to 5900 if I want to use VNC on that machine, or 5901 to 5901 if I want to go to another machine), but when I try to ssh over to another machine on the local network forwarding 5901 to 5900 (or any other port to any other as far as I can tell) it just hangs. I can ssh fine with no port forwarding. Truly strange, if I ssh to another machine, and then ssh back using -R to reverse port forward, I can get VNC access to any machine I want.

    Anyone have any ideas?
    Thanks, jeff

    DB:2.86:Ssh Port Forwarding Stopped Workiing z8

    Re #7: I don't know where your "ultimate destination" remote computer is at, OS10.x.x-wise, or whether it is PPC or intel, but you might consider downloading the appropriate combo update and rerunning it, even if said computer is at the same OS 10.x.x level as the combo update is. Doing that has, in the past, been reported to fix problems experienced by folks over in the iChatAV forum. If you do that, don't forget to verify the disk and repair permissions before running the combo update, and don't forget to run software update afterwards just to make sure that the combo update didn't walk on any later-issued security patches.

    On the other hand, IF you are willing to try a radically different approach when you have time to burn someday, here's a suggestion for you:

    I'm wondering whether this might work without the need for running osxvnc and just use the capability already built-in to your Mac. (What I'm going to suggest works for me -- I can vnc work to home and home to work without the need for osxvnc, just by proper firewall configuration using the capability already built-in to the Mac -- although one guy I tried helping here in one of these apple forums never could get my configuration to work on his computers).

    On the computer that you wish to vnc into, disable/get rid of osxvnc on that "ultimate destination" remote computer. Then, go to System Preferences on each of them and go to Sharing. In Sharing Firewall, is VNC checkbox checked? If not, check it. If you don't have a VNC checkbox, click on New and make one -- it is a default in the pulldown Port Name list, and check it. Then in the Sharing Services, is Apple Remote Desktop checked? If not, check it. While ARD is highlighted, click on the Access Privileges button. Set up the stuff in the upper half of that window as desired, and in the bottom part of that window, check the "VNC viewers may control screen with password" checkbox and enter a password.

    Back on your home computer, use the password you specified above when making your CotVNC connection.

    This works great for me from home-to-work, work-to home, road-to-work, and road-to-home (i.e., with laptop when on business travel).

    I think I tried using osxvnc back in the OS 10.0 or 10.1 or maybe even 10.2 days (don't remember the name), and the built-in capabilities of 10.4 are significantly faster than what I had experienced with what I think was osxvnc back then (still running the same hardware, too -- now five- and six-year -old computers).

    But like I said, at least with one guy I tried helping out in these forums, we could never get my configuration to work for him, so no guarantees.

  • RELEVANCY SCORE 2.86

    DB:2.86:How To Disable Ssh For Port Forwarding . 9c



    I would like to disable ssh on my 1711. I am trying to have a machine inside my network (NAT)answer the ssh login. I have the following:

    ip nat inside source static tcp 10.10.10.100 22 interface FastEthernet0 22

    It does not seem to work . The router keeps answering. I did remove ssh from the VTY lines.

    DB:2.86:How To Disable Ssh For Port Forwarding . 9c


    Did not seem to work. My router is IOS. The link that you refered to is for CatOS. My key remains even after the clear command.

    I think this command did it.

    Router(config)#crypto key zeroize rsa

    thanks for the assist

  • RELEVANCY SCORE 2.86

    DB:2.86:Port Forwarding For Ssh aj



    Hi there,

    I was wondering if anyone could help me with an issue I am having.

    I have a server which I have reserved a local IP address for, and set up port forwarding from port 22 to port 22. OpenSSH is running on the server and I can successfully ssh into it from the LAN. I am also running a web server from the machine with the appropriate port forwarding rule in place.

    From the WAN, I can access the webpage over port 80. However when trying to SSH into the machine, I get the following output (from ssh -vvv):

    debug1: /etc/ssh_config line 20: Applying options for *debug1: /etc/ssh_config line 53: Applying options for *debug2: ssh_connect: needpriv 0

    ssh connection refused

    No sign of an attempted connection has appeared in the server logs, leading me to think the ssh connection is not getting past the router. I have tried this from a device on a different network (I am aware of some routers experiencing loopback issues) but that didn't work either.

    Are only some ports allowed to be used? I have tried disabling the firewall and instrusion detection but still no luck.

    Any help would be greatly appreciated.

    Many thanks,

    Matthew

    DB:2.86:Port Forwarding For Ssh aj


    I've got a similar problem.

    I've been running a web server from home for many years and on many different networks and routers. Recently I changed to EE and I can no longer access it externally. I've forwarded all the relevant ports (80) just like before, but no luck. If I put the server in the DMZ, it works, but port forwarding gives me nothing. I don't really want my server in the DMZ, so this is not a solution for me.

    Shortly after receiving my EE router, I found that it didn't work very well - it was fine for a while, then just stopped transferring data. So EE sent me a new one. In the time I was waiting for the new router, I plugged in my old BT router and changed the ADSL username and password to make that work. It works fine, but I still can't access my web server remotely. Given that this router was working for years on another network and all I've changed is the ADSL connection data, it seems like the problem is caused by the EE network somehow.

    But it is strange that using DMZ works.

    And strange that the EE docs specify how to enable a web server with port forwarding, when it doesn't work.

  • RELEVANCY SCORE 2.86

    DB:2.86:Ssh Freezes Up On 10.5.2 8f


    I have recently started noticing ssh connections freezing up after several minutes of inactivity. I am ssh-ing over the internet from Leopard 10.5.2 to a linux machine behind a firewall, without X forwarding. The connection starts normally and I can work normally for the most part. However if the connection stays idle for several (~10) minutes then the terminal stops responding completely. The terminal application does not stop responding, but the window/tab running the ssh connection stops responding to any keyboard input. My only option seems to be to close the window/tab or let the connection time out after about 20 minutes (remote server setting).

    I was wondering if anyone else has seen similar problems (there are several discussion threads about ssh failing completely but none quite like what I am experiencing), and has any idea on how to get around it. I have attached a debug dump of one session below.

    Thanks, -A

    I start ssh with 3 levels of debugging messages

    $ ssh -vvv login
    OpenSSH_4.7p1, OpenSSL 0.9.7l 28 Sep 2006
    debug1: Reading configuration data /etc/ssh_config
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to login [xxx.xxx.xxx.xxx] port 22.
    debug1: Connection established.
    debug1: identity file /Users/arnab/.ssh/identity type -1
    debug3: Not a RSA1 key file /Users/arnab/.ssh/id_rsa.
    debug2: keytype_fromname: unknown key type '-----BEGIN'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug2: keytype_fromname: unknown key type '-----END'
    debug3: key_read: missing keytype
    debug1: identity file /Users/arnab/.ssh/id_rsa type 1
    debug1: identity file /Users/arnab/.ssh/id_dsa type -1
    debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
    debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.7
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2MSGKEXINIT sent
    debug1: SSH2MSGKEXINIT received
    debug2: kexparsekexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kexparsekexinit: ssh-rsa,ssh-dss
    debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes1 92-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kexparsekexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.co m,hmac-sha1-96,hmac-md5-96
    debug2: kexparsekexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.co m,hmac-sha1-96,hmac-md5-96
    debug2: kexparsekexinit: none,zlib@openssh.com,zlib
    debug2: kexparsekexinit: none,zlib@openssh.com,zlib
    debug2: kexparsekexinit:
    debug2: kexparsekexinit:
    debug2: kexparsekexinit: firstkexfollows 0
    debug2: kexparsekexinit: reserved 0
    debug2: kexparsekexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-g roup1-sha1
    debug2: kexparsekexinit: ssh-rsa,ssh-dss
    debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijn dael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kexparsekexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijn dael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac- md5-96
    debug2: kexparsekexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac- md5-96
    debug2: kexparsekexinit: none,zlib
    debug2: kexparsekexinit: none,zlib
    debug2: kexparsekexinit:
    debug2: kexparsekexinit:
    debug2: kexparsekexinit: firstkexfollows 0
    debug2: kexparsekexinit: reserved 0
    debug2: mac_setup: found hmac-md5
    debug1: kex: server-client aes128-cbc hmac-md5 none
    debug2: mac_setup: found hmac-md5
    debug1: kex: client-server aes128-cbc hmac-md5 none
    debug1: SSH2MSG_KEX_DH_GEXREQUEST(102410248192) sent
    debug1: expecting SSH2MSG_KEX_DH_GEXGROUP
    debug2: dhgenkey: priv key bits set: 139/256
    debug2: bits set: 524/1024
    debug1: SSH2MSG_KEX_DH_GEXINIT sent
    debug1: expecting SSH2MSG_KEX_DH_GEXREPLY
    debug3: checkhost_inhostfile: filename /Users/arnab/.ssh/known_hosts
    debug3: checkhost_inhostfile: match line 1
    debug3: checkhost_inhostfile: filename /Users/arnab/.ssh/known_hosts
    debug3: checkhost_inhostfile: match line 1
    debug1: Host 'login' is known and matches the RSA host key.
    debug1: Found key in /Users/arnab/.ssh/known_hosts:1
    debug2: bits set: 513/1024
    debug1: sshrsaverify: signature correct
    debug2: kexderivekeys
    debug2: set_newkeys: mode 1
    debug1: SSH2MSGNEWKEYS sent
    debug1: expecting SSH2MSGNEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2MSGNEWKEYS received
    debug1: SSH2MSG_SERVICEREQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2MSG_SERVICEACCEPT received
    debug2: key: /Users/arnab/.ssh/identity (0x0)
    debug2: key: /Users/arnab/.ssh/id_rsa (0x107eb0)
    debug2: key: /Users/arnab/.ssh/id_dsa (0x0)
    debug3: inputuserauthbanner

    debug1: Authentications that can continue: publickey,gssapi-with-mic,password,hostbased
    debug3: start over, passed a different list publickey,gssapi-with-mic,password,hostbased
    debug3: preferred publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethodisenabled publickey
    debug1: Next authentication method: publickey
    debug1: Trying private key: /Users/arnab/.ssh/identity
    debug3: no such identity: /Users/arnab/.ssh/identity
    debug1: Offering public key: /Users/arnab/.ssh/id_rsa
    debug3: sendpubkeytest
    debug2: we sent a publickey packet, wait for reply
    debug1: Server accepts key: pkalg ssh-rsa blen 277

    debug3: signand_sendpubkey
    debug1: read PEM private key done: type RSA
    debug1: Authentication succeeded (publickey).
    debug1: channel 0: new [client-session]
    debug3: sshsession2open: channel_new: 0
    debug2: channel 0: send open
    debug1: Entering interactive session.
    debug2: callback start
    debug2: clientsession2setup: id 0
    debug2: channel 0: request pty-req confirm 0
    debug3: ttymakemodes: ospeed 38400
    debug3: ttymakemodes: ispeed 38400
    debug3: ttymakemodes: 1 3
    debug3: ttymakemodes: 2 28
    debug3: ttymakemodes: 3 127
    debug3: ttymakemodes: 4 21
    debug3: ttymakemodes: 5 4
    debug3: ttymakemodes: 6 255
    debug3: ttymakemodes: 7 255
    debug3: ttymakemodes: 8 17
    debug3: ttymakemodes: 9 19
    debug3: ttymakemodes: 10 26
    debug3: ttymakemodes: 11 25
    debug3: ttymakemodes: 12 18
    debug3: ttymakemodes: 13 23
    debug3: ttymakemodes: 14 255
    debug3: ttymakemodes: 17 255
    debug3: ttymakemodes: 18 255
    debug3: ttymakemodes: 30 0
    debug3: ttymakemodes: 31 0
    debug3: ttymakemodes: 32 0
    debug3: ttymakemodes: 33 0
    debug3: ttymakemodes: 34 0
    debug3: ttymakemodes: 35 0
    debug3: ttymakemodes: 36 1
    debug3: ttymakemodes: 38 1
    debug3: ttymakemodes: 39 1
    debug3: ttymakemodes: 40 0
    debug3: ttymakemodes: 41 1
    debug3: ttymakemodes: 50 1
    debug3: ttymakemodes: 51 1
    debug3: ttymakemodes: 53 1
    debug3: ttymakemodes: 54 1
    debug3: ttymakemodes: 55 1
    debug3: ttymakemodes: 56 0
    debug3: ttymakemodes: 57 0
    debug3: ttymakemodes: 58 0
    debug3: ttymakemodes: 59 1
    debug3: ttymakemodes: 60 1
    debug3: ttymakemodes: 61 1
    debug3: ttymakemodes: 62 1
    debug3: ttymakemodes: 70 1
    debug3: ttymakemodes: 72 1
    debug3: ttymakemodes: 73 0
    debug3: ttymakemodes: 74 0
    debug3: ttymakemodes: 75 0
    debug3: ttymakemodes: 90 1
    debug3: ttymakemodes: 91 1
    debug3: ttymakemodes: 92 0
    debug3: ttymakemodes: 93 0
    debug2: channel 0: request shell confirm 0
    debug2: fd 3 setting TCP_NODELAY
    debug2: callback done
    debug2: channel 0: open confirm rwindow 0 rmax 32768
    debug2: channel 0: rcvd adjust 131072

    At this point I have the connection active. I keep the terminal window open for several minutes in the background, and the terminal becomes non-responsive. Eventually the ssh connection is timed out by the remote machine.

    debug1: channel 0: free: client-session, nchannels 1
    debug3: channel 0: status: The following connections are open:
    #0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cfd -1)

    debug3: channel 0: close_fds r 4 w 5 e 6 c -1
    Read from remote host login: Operation timed out
    Connection to login closed.
    debug1: Transferred: stdin 0, stdout 0, stderr 79 bytes in 1691.6 seconds
    debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
    debug1: Exit status -1

    DB:2.86:Ssh Freezes Up On 10.5.2 8f

    I think I found the culprit of our problem.

    The original post is on: http://www.securityfocus.com/archive/121/474437/30/300/threaded

    OpenSSH sets the IP TOS (to either "lowdelay" or "throughput") and some some routers have been known to choke on such packets.

    The TOS is set immediately after the TCP_NODELAY so it's a pretty good bet that's your culprit.

    As a workaround, you can recompile ssh then you can insert a "return;" at the start of packetsettos() in packet.c. Alternatively you can use ssh's ProxyCommand to use a program such as netcat as an alternative transport that doesn't set those bits, eg:

    ssh -o "ProxyCommand nc %h %p" yourserver

    Using that command to bypass the TOS actually worked for me.
    So now I have to find where the TOS is being chocked.

    cheers

  • RELEVANCY SCORE 2.86

    DB:2.86:Ssh X11 Forwarding ax



    Hi,

    Having major problems getting X11 forwarding over SSH working.

    So the client box is fine, that works when I test forwarding with SSH from an Ubuntu box.

    My server has X up and running on tty7 (just idling at gdb login) and my sshd_config has the following defined:

    X11Forwarding yesX11DisplayOffset 10X11UseLocalhost yesAllowTcpForwarding yes

    I think the problem is related to the $DISPLAY variable:
    [jack@tcore ~]$ ssh -XY 192.168.1.43
    jack@192.168.1.43s password:
    Last login: Sat Feb 5 02:04:47 2011 from 192.168.1.64
    [jack@se ~]$ ps -e | grep X
    1415 tty7 00:00:08 X
    [jack@se ~]$ echo $DISPLAY
    localhost:10.0
    [jack@se ~]$ xterm
    xterm Xt error: Cant open display: localhost:10.0

    DB:2.86:Ssh X11 Forwarding ax


    Im not sure I understand you...

    You are trying to run a program(xterm) from your server (192.168.1.43) on your ubuntu laptop (192.168.1.64), right?

    If thats so... your $DISPLAY seems just fine. Have you disabled the --nolisten tcp option on your laptop? (check /etc/X11/xinit/xserverrc) If you run xhost on your laptop whats the output? are you sure you allowed connections from the server?

    If you happen to run kdm, be carefull because it runs a different config and you have to change the options in there (at least here in archlinux)

    Regards

  • RELEVANCY SCORE 2.86

    DB:2.86:Event Forwarding Syslog Over Tcp m7



    When configuring an Event Forwarding destination to use one of the syslog

    formats, you may choose between the UDP or TCP transport protocols. UDP is the

    protocol standard syslog is based on. Packets sent via syslog over TCP are

    formatted exactly like their UDP counterparts including facility, severity, and

    message, the only exception being a new line character (ASCII character code

    10) appended to the end of the message.

    Unlike UDP, which is a connectionless protocol, a TCP connection must be

    established between the ESM and the server listening for the forwarded events. If

    a connection cannot be established or the connection is dropped, the ESM keeps

    track of the last event successfully forwarded, and will try to establish the

    connection again in a few minutes. Once the connection is reestablished, the ESM

    picks up forwarding events where it left off.

    SSH Port Forwarding

    If you choose to use syslog over TCP, you have the option of making the TCP

    connection over an SSH tunnel. As syslog is an unencrypted protocol, using an

    SSH tunnel prevents your Event Forwarding messages from being examined by

    other parties.

    To enabled SSH tunneling, configure your Event Forwarding destination to use one

    of the syslog formats over the TCP protocol. Several options on the configuration

    dialog determine how the SSH connection is made:
    Use SSH check this box to enable the use of the SSH tunnel Local Relay Port the port to use on the ESM`s side of the SSH connection Remote SSH Port the port on which the SSH server is listening on the other side of the SSH connection Destination Port the port on which the TCP syslog server is listening on the other side of the connection SSH Username the SSH username to use to establish the SSH connection SSH DSA Key the public DSA authentication key used for SSH authentication. The contents of this field should be added to the authorized_keys file or equivalent on the machine running the SSH server.

    DB:2.86:Event Forwarding Syslog Over Tcp m7


    When configuring an Event Forwarding destination to use one of the syslog

    formats, you may choose between the UDP or TCP transport protocols. UDP is the

    protocol standard syslog is based on. Packets sent via syslog over TCP are

    formatted exactly like their UDP counterparts including facility, severity, and

    message, the only exception being a new line character (ASCII character code

    10) appended to the end of the message.

    Unlike UDP, which is a connectionless protocol, a TCP connection must be

    established between the ESM and the server listening for the forwarded events. If

    a connection cannot be established or the connection is dropped, the ESM keeps

    track of the last event successfully forwarded, and will try to establish the

    connection again in a few minutes. Once the connection is reestablished, the ESM

    picks up forwarding events where it left off.

    SSH Port Forwarding

    If you choose to use syslog over TCP, you have the option of making the TCP

    connection over an SSH tunnel. As syslog is an unencrypted protocol, using an

    SSH tunnel prevents your Event Forwarding messages from being examined by

    other parties.

    To enabled SSH tunneling, configure your Event Forwarding destination to use one

    of the syslog formats over the TCP protocol. Several options on the configuration

    dialog determine how the SSH connection is made:
    Use SSH check this box to enable the use of the SSH tunnel Local Relay Port the port to use on the ESM`s side of the SSH connection Remote SSH Port the port on which the SSH server is listening on the other side of the SSH connection Destination Port the port on which the TCP syslog server is listening on the other side of the connection SSH Username the SSH username to use to establish the SSH connection SSH DSA Key the public DSA authentication key used for SSH authentication. The contents of this field should be added to the authorized_keys file or equivalent on the machine running the SSH server.

  • RELEVANCY SCORE 2.85

    DB:2.85:Unable To Open Xclock,While Insatllation 10g(Sol.10) c1


    Hi All,

    I am unable to invoke xclock.

    I have manager in my Desktop and enabled the ssh X11 forwarding for current session

    @appt4-testbed2 set DISPLAY=localhost:10.0
    x@appt4-testbed2 export DISPLAY=localhost:10.0
    @appt4-testbed2 echo $DISPLAY
    localhost:10.0
    @appt4-testbed2 /usr/openwin/bin/xclock
    Error: Can't open display: localhost:10.0
    @appt4-testbed2

    and X.authority file is not creating..!!!

    Thanks in Advance.

    DB:2.85:Unable To Open Xclock,While Insatllation 10g(Sol.10) c1

    What shell does root use ? If C shell, try the following

    DISPLAY=whatever
    export DISPLAYHTH
    Srini

  • RELEVANCY SCORE 2.85

    DB:2.85:Ssh Traffic da



    Hello Team,

    I have 2 locations, NJ NY, i have a  P2P link and OSFP between the two over 2600 routers. I also have FW-FW vpn tunnel over 5505.

    I have 2 vlans in NJ, vlan1 with 192.168.1.x subnet, and vlan10 with 192.168.101.x.

    Problem: I cant ssh to machines in NY on subnet 172.20.30.x from machines in NJ on subnet 192.168.101.x. But i am able to ssh to NY-172.20.30.x  and NJ-192.168.101.x  from machines in NJ on subnet 192.168.1.x.

    Note: I am able to ping 172.20.30.x subnet from the 2600 router and from the switch with vlan10 (192..168.101.x) which is my gateway switch.

    any suggestion:

    Thanks in advance

    Winston

    DB:2.85:Ssh Traffic da


    Can you ping 172.20.30.x from PC's on 192.168.101.x?

  • RELEVANCY SCORE 2.84

    DB:2.84:Performace Issues With Ssh Through Nat Port 3k



    See this thread: http://www.vmware.com/community/click.jspa?searchID=2718957messageID=542118

    So, I got all that working as was able to ssh into my guest RHEL 4 guest through the NAT port 8889. Cool!

    But once the guest gets busy, there seems to be a performance issue. I run a make with -j 4 under an emacs which is using X to talk to the host server. Response gets very very bad until the compile finishes.

    Alternatively, I can use ssh from the guest console to make listen on the host:

    ssh -R 22:localhost:8887 host

    And then ssh into this port from the host:

    ssh localhost -p 8887

    Now this make under emacs works much better. You wouldn't think so since there is more than one trip over an ssh encrypted connection. But there it is.

    I suspect this due to some issue in the vm itself, which needs to service both the interrupts of the guest and the nat forwarding.

    Anyway, this might be the sort of issue the beta is meant to expose.

    DB:2.84:Performace Issues With Ssh Through Nat Port 3k


    I don't know if this is related but I opened an SR because I noticed nat traffic isn't returned from the Guest VM unless the host is sending data. In some way, nat forwarding works in a reciprocal manner. My example was, I enabled Microsoft Terminal Services RDP in a Windows VM, and the screen would not render unless I moved the mouse around. The data transfer from the guest to the host was obviously blocked. You could the see the screen paint in row "chunks", each time data was sent from the host-to-the-guest. It would stop when the host would not send data. I described the issue in the SR as a buffer holding issue.

    I also experimented with changing the udp buffer timeout and I even added a 'fictious' tcp buffer setting in nat.conf and set them all to zero. Nothing changed the behavior I submitted in the SR.

  • RELEVANCY SCORE 2.84

    DB:2.84:Port Forwarding On Hh2 Not Working For Ssh cx



    Hi All,

    I have a linux SSH server setup on my home network but cannot get port forwarding to work either inside or outside the network.

    I can log in no problem from another machine on my network using 192.168.1.x or via the machine name. So I have set port forwarding up to forward the included SSH (I assume it uses port 22) to this machine but no joy when using my HH2's broadband IP add either direct or via DynDns.

    I have also tried listening on another port (426) and set up port forwarding for this new one but still no joy.

    I've also tried moving the server to a DMZ but can't connect.

    When using canyouseeme to check the ports I get;

    Error:I could not see your service on 86.155.xx.xxx on port (426) (or 22)Reason:Connection timed out

    Any ideas.

    TIA







    Solved!
    Go to Solution.

    DB:2.84:Port Forwarding On Hh2 Not Working For Ssh cx


    What is it's internal IP set to? Could be worth changing this to an entirely new static IP address, rebooting the SSH server (clearing it's arp cache), rebooting the HomeHub (ditto and clearing the DHCP leases) and then setup the Port forwarding all over again from scratch.

    As an aside you can set the high numbered port to point to the normal SSH port.... If you want to PM me your IP address and port combination, I'm happy to attempt to connect using my SSH client if you think whatsmyip is getting it wrong. That might sound dodgy, so feel free to ignore this if you are offended.

    `

    As another aside (pointing out the bleeding obvious ;-), make sure that you have PermitRootLogin set to "no" before you reboot.

    $ grep PermitRootLogin /etc/ssh/sshd_configPermitRootLogin no

    It'll help stop the brute force attacks - they would have to guess a username and a password.

  • RELEVANCY SCORE 2.84

    DB:2.84:Vmware-Config.Pl Overwrites "Nat.Conf" Per Default z7



    Please change the default of "vmware-config.pl" to NOT overwrite "/etc/vmware/vmnet8/nat/nat.conf" because you can not use "vmware-config.pl -d" which is very nice after kernel-updates on the host.

    OK, now its better as in version 1.0.x where was no question, auto-start-vms bootet after update, you had to stop them, recover the "nat.conf" and start again -gt; very painful and forwarding port 22 from the virtual machines to 222,223,224... on the host is in combination with ssh-forwarding/x-fowarding one of the finest things without opening firewalls.

    DB:2.84:Vmware-Config.Pl Overwrites "Nat.Conf" Per Default z7

    Thats not the point

    Sure can backup, note the valuies but that does not matter

    The default answer "YES" for the question "overwrite?" makes no sense

    Its the same let it run with the -d option and restore a backup, press enter at all other questions and type NO here - The point is that the script takes notice that there is a changed "nat.conf" and here is "overwrite" simply an "option from hell"

  • RELEVANCY SCORE 2.83

    DB:2.83:Ssh Annoyances sx


    Is there a way to disable ssh from sending your Mac OS X username as the ssh connection username, that way the ssh session prompts for the username?

    For example; so I can run 'ssh 127.0.0.1' and don't have to run 'ssh user@127.0.0.1' or 'ssh -l user 127.0.0.1'.

    DB:2.83:Ssh Annoyances sx

    if the short user login name on the account of the computer that you are physically on and currently logged into is the same as the short user login name of the computer that is the ssh server that you are trying to connect to, you can do exactly what you are trying to do, you don't need the "-l" user" option or the "user@" prefix.

    (if this solves your problem, or is actually helpful towards arriving at a solution to your problem, please consider clicking on either the gold or green star above in order to mark this reply as "helpful" or "solved")

  • RELEVANCY SCORE 2.83

    DB:2.83:Re: Problems Using Kregedit Through Ssh - Hopping Over 2 Machines zf


    I found a solution by myself: I used a different SSH-Client namely
    "SecureCRT3.3" by VanDyke. Under Options I checked "X11 packet forwarding"
    and everything worked fine :-)) I didn't have to set a DISPLAY variable or
    anything else!!!

    Klaus

    "Klaus Stake" klaus-dieter.stake@epost.de schrieb im Newsbeitrag
    news:9k97g1$ank1@secnews.netscape.com...
    Due to security issues I must use SSH (with port forwarding) if I want to
    use kregedit. Usually there aren't any problems. In my special case I have
    to hop over 2 machines, means: login onto machine 1, from machine 1 login
    onto machine 2 and from there login onto machine 3 where kregedit resides.
    The problem is that the xclient doesn't repaint correctly that I can't use
    kregedit or IASAT. A window refresh doesn't help.
    Did anybody recognized this issue before? What could I do?

    DB:2.83:Re: Problems Using Kregedit Through Ssh - Hopping Over 2 Machines zf

    Due to security issues I must use SSH (with port forwarding) if I want to
    use kregedit. Usually there aren't any problems. In my special case I have
    to hop over 2 machines, means: login onto machine 1, from machine 1 login
    onto machine 2 and from there login onto machine 3 where kregedit resides.
    The problem is that the xclient doesn't repaint correctly that I can't use
    kregedit or IASAT. A window refresh doesn't help.
    Did anybody recognized this issue before? What could I do?

  • RELEVANCY SCORE 2.83

    DB:2.83:Oracle Rac On Soaris With Two Nodes, Ssh Configuration Error df


    Ssh configuration error
    I follow the Oracle RAC documentation for solaris and Iconfigure SSH but it still
    prompt for a password.

    I try to solve the problem through the running configuration several times but it did not help.

    My configuration steps.

    Configuring SSH on All Cluster Nodes
    su oracle

    Create RSA and DSA keys on each node through log in as the oracle user.

    $ mkdir ~/.ssh
    $ chmod 700 ~/.ssh

    Generate RSA key for rac1

    [.ssh] $ /usr/bin/ssh-keygen -t rsa

    Generate DSA key for rac1

    [.ssh] $ /usr/bin/ssh-keygen -t dsa

    Generate RSA key for rac2

    [.ssh] $ /usr/bin/ssh-keygen -t rsa

    Generate DSA key for rac2
    [.ssh] $ /usr/bin/ssh-keygen -t dsa

    Create an authorized key file
    touch ~/.ssh/authorized_keys

    Use SSH and copy the contents of the ~/ssh/id_rsa.pug and ~/.ssh/id_dsa.pub files to file ~/.ssh/ authorized_keys

    Rac1
    [.ssh] $ ssh rac1 cat /opt/app/oracle/.ssh/id_rsa.pub authorized_keys
    Password:xxxxx (rac1s password)

    [.ssh] $ ssh rac1 cat /opt/app/oracle/.ssh/id_dsa.pub authorized_keys

    [.ssh] $ ssh rac2 cat /opt/app/oracle/.ssh/id_rsa.pub authorized_keys
    Password: xxxxx (rac2s password)

    [.ssh] $ ssh rac2 cat /opt/app/oracle/.ssh/id_dsa.pub authorized_keys

    Rac2
    [.ssh] $ ssh rac1 cat /opt/app/oracle/.ssh/id_rsa.pub authorized_keys
    Password: xxxxx (rac2s password)

    [.ssh] $ ssh rac1 cat /opt/app/oracle/.ssh/id_dsa.pub authorized_keys

    [.ssh] $ ssh rac2 cat /opt/app/oracle/.ssh/id_rsa.pub authorized_keys
    Password:xxxxx (rac1s password)

    [.ssh] $ ssh rac2 cat /opt/app/oracle/.ssh/id_dsa.pub authorized_keys

    Copy the authorized_keys file to the Oracle user .ssh directory by using SCP.
    Rac1(Optional)
    [.ssh] $ scp authorized_keys rac2:/opt/app/oracle/.ssh/
    Password:

    this procedure repeted on both nodes in the cluster.

    Change the permission on the Oracle users /.ssh/authorized_keys file on both nodes

    $ chmod 600 ~/.ssh/authorized_keys

    Enabling SSH user Equivalency on Cluster Member Nodes

    Rac1

    $ exec /usr/bin/ssh-agent $SHELL
    $ bash
    $ /usr/bin/ssh-add

    Rac2

    $ exec /usr/bin/ssh-agent $SHELL
    $ /usr/bin/ssh-add
    )

    When test the SSH configuration from rac1

    $ ssh rac2 date
    password:

    To ensure that X11 forwarding will not cause the installation to fail. Create the ~oracle/.ssh/config on Rac1 and rac2 as following.

    vi .ssh/config
    Host *
    ForwardX11 no

    When I run "ssh rac2 date" it prompts password:

  • RELEVANCY SCORE 2.83

    DB:2.83:Unable To Open Xclock,While Insatllation 10g(Sol.10) xj


    Hi All,

    I am unable to invoke xclock.

    I have manager in my Desktop and enabled the ssh X11 forwarding for current session

    @appt4-testbed2 set DISPLAY=localhost:10.0
    x@appt4-testbed2 export DISPLAY=localhost:10.0
    @appt4-testbed2 echo $DISPLAY
    localhost:10.0
    @appt4-testbed2 /usr/openwin/bin/xclock
    Error: Can't open display: localhost:10.0
    @appt4-testbed2

    and X.authority file is not creating..

    Thanks in Advance.

  • RELEVANCY SCORE 2.82

    DB:2.82:Freenx And Fluxbox kd



    Im having some problems getting fluxbox to work over FreeNX. FreeNX works perfectly using GNOME, and FluxBox works perfectly on the computer itself, its just making them friends which is hard.I can make the system work if I get a GNOME session running over NX, then do a custom one with the command startfluxbox. Just using startx gives me a blank screen.

    If I have x running on the machine to begin with and try to run startfluxbox, it errors out with a complaint that an X Server isnt running.

    From this I suspect that what I need is an X11 server running that FreeNX can access (and that is shared to this machine? Ive enabled ssh x11 forwarding), but I have no clue how to achieve that. I know I can make it work by starting gnome first, but thats just incredibly inelegant.

    Thanks for any help

    DB:2.82:Freenx And Fluxbox kd


    hm weird maybe freenx just doesnt like me.

  • RELEVANCY SCORE 2.82

    DB:2.82:[Solved] Ssh X11 Forwarding 8s



    I setup ssh so that I can run X applications through ssh. Basically I added ForwardX11 yes

    Here is the message when I try to run Abiword:
    (abiword:5172): GModule-CRITICAL **: g_module_close: assertion `module != NULL failed
    The program abiword received an X Window System error.
    This probably reflects a bug in the program.
    The error was BadWindow (invalid Window parameter).
    (Details: serial 66 error_code 3 request_code 38 minor_code 0)
    (Note to programmers: normally, X errors are reported asynchronously;
    that is, you will receive the error a while after causing it.
    To debug your program, run it with the --sync command line
    option to change this behavior. You can then get a meaningful
    backtrace from your debugger if you break on the gdk_x_error() function.)

    [1]+ Exit 1 abiword

  • RELEVANCY SCORE 2.82

    DB:2.82:Opengl Glx Extension For Tiger/Panther 9m


    I have Panther installed on my laptop and I'm able to ssh (with X Forwarding) into a server to run an opengl application. However, when I try and do that same thing using Tiger, I get errors about

    Xlib: extension "GLX" missing on display "localhost:10.0".

    I have X11 running in both instances so I can't figure out why I would be getting this unless I am missing something from Tiger.

    Any ideas?

    DB:2.82:Opengl Glx Extension For Tiger/Panther 9m

    ssh -Y "Enables trusted X11 forwarding".

    Suggests that additional security/authentication protocols must be invoked in Tiger.

  • RELEVANCY SCORE 2.81

    DB:2.81:Ssh And X11 Forwarding cc


    I would like to login into a remote host using SSH and use a specific X11 server on my local host.

    I am doing this because a particular application will only work in 8-bit color, so I setup a second local X11 session running a 8-bit server. I can use this fine if I set the DISPLAY option explicitily everytime I login in to point to my localhost, and second X11 port number. I would set this permenantly, but my local host name changes because I am a DHCP host.

    How can I pass the localhost name to the remote host when I start a SSH session from my Mac? I can't use the SendEnv/AcceptEnv because I don't have admin privilages on the remote host to configure SSH. The REMOTEHOST environment variable does not get set when I login.

    Thanks

    iMac G5 Mac OS X (10.4.6)

    DB:2.81:Ssh And X11 Forwarding cc

    Well, I had thought of using that variable, but was wondering if there was an alternate, cleaner way to do it. In the end this is my Perl hack

    ######################################
    #!/usr/bin/perl -w
    #
    # Aquire the remote host address for displaying
    # to a remote X11 server
    #
    # Get the SSH client environment variable value
    #
    my $env = $ENV{'SSH_CLIENT'};

    #
    # Remove carrige returns, and parse the value,
    # first colon seperated, then by whitespace
    #
    chomp($env);
    my @env_list = split(/:/,$env);
    my @add_list = split(/ /, $env_list[3]);

    #
    # Now print the resulting value
    #
    print $add_list[0],"\n";
    ######################################

    I call this from my .cshrc file to set the REMOTEHOST environment variable so other applications have access to it

    setenv REMOTEHOST `getremotehost.pl`

    Thanks to all who replied.

    Albion

    iMac G5 Mac OS X (10.4.6)

  • RELEVANCY SCORE 2.80

    DB:2.80:Sr102 Port Forwarding Enquiry xd


    Just moved over to Sky Broadband Unlimited today, and my main concern at the moment is that I can't access my raspberry pi on the network. It's wired to the router with a fixed (reserved)IPaddress, and the pi can connect to the internet without problem. However, I cant ssh into it from my mac. I continually get:
    port 22: Connection refusedI've added SSH to the firewall inbound services using the pre-configuration from the drop down menu with the 'Send to LAN' address as the raspberrypi's and 'Allow Always'' but it hasn't changed anything. I can ping the raspberry pi via terminal without any problems. I've restarted the router without success.

    Previously withBT/02 etc I never had to purposely set up SSH port forwarding, it just worked as standard. Any ideas on what I'm doing wrong? Something simple I'm sure.

    DB:2.80:Sr102 Port Forwarding Enquiry xd

    If you're accessing the raspberry pi internally you shouldn't setup any port forwarding, unless you wish to access it from the public internet. Connection refused from the raspberry pi usually means the port is closed or the incorrect credentials are being used to access the raspberry pi, because they've been changed by yourself or somebody else on the public internet if you had it accessible publicly without changing the default password.

    I have a raspberry pi setup on my network behind a SR-102 router without any problems in your configuration, without port forwarding and can ssh into it from Windows and iOS iPad tablet.

  • RELEVANCY SCORE 2.80

    DB:2.80:Vmware, Ssh And A Cross Over Problem 1s



    Here's a bit of an odd problem.

    Built 2 ESX 2.5 hosts and tried to test NICs before attaching on network.

    Connect laptop using a x-over cable and can ping host and access MUI, but not SSH or SCP (this is same for both hosts)

    Connect two hosts together with x-over and can SSH between them

    Connect laptop with x-over, and IP address from one host, and no SSH. Put the IP back on the host and connect it and SSH works again.

    From laptop, error is " connection refused " in PuTTy. Go back to desk, connect laptop and hosts to network and SSH works ok

    Odd.

    DB:2.80:Vmware, Ssh And A Cross Over Problem 1s


    That's interesting. The hosts wouldn't have had access to a DNS server as all connections were down. I'll follow that line of questioning though and see if I can replicate it within the data centre

  • RELEVANCY SCORE 2.80

    DB:2.80:X Forwarding Suddenly Failing Over Ssh j9


    Hi,

    I have an Ultra 20 running solaris 10, and recently started using the patch manager thingy to update my machine automatically. Well, one of those patches botched X11 forwarding over ssh, with the following error message delivered to the client:

    ==================
    Sun Microsystems Inc. SunOS 5.10 Generic January 2005
    connect /tmp/.X11-unix/X0: Not a directory
    X connection to localhost:10.0 broken (explicit kill or server shutdown).
    ==================

    Looking at this file, i see this:

    ==================
    pwd/tmp/.X11-unix
    ls -FCltotal 0
    srwxrwxrwx 1 root root 0 Oct 12 19:31 X0=
    ==================

    Which looks more or less correct for a socket. (doing just a plain "ls" returns "X0", and not "X0=").

    When run in debug mode, sshd gives this:

    ==================
    debug1: X11 connection requested.
    debug1: channel 3: new [X11 connection from ::1 port 33274]
    channel 3: open failed: administratively prohibited: open failed
    debug1: channel 3: free: X11 connection from ::1 port 33274, nchannels 4
    ==================

    This was working perfectly for a long time, and I don't even know which patch it was that caused the problem.

    Help! I can't stand developing with VI any more! Must run xemacs...

    Thanks,

    Ben

    DB:2.80:X Forwarding Suddenly Failing Over Ssh j9

    Hi,

    I have an Ultra 20 running solaris 10, and recently started using the patch manager thingy to update my machine automatically. Well, one of those patches botched X11 forwarding over ssh, with the following error message delivered to the client:

    ==================
    Sun Microsystems Inc. SunOS 5.10 Generic January 2005
    connect /tmp/.X11-unix/X0: Not a directory
    X connection to localhost:10.0 broken (explicit kill or server shutdown).
    ==================

    Looking at this file, i see this:

    ==================
    pwd/tmp/.X11-unix
    ls -FCltotal 0
    srwxrwxrwx 1 root root 0 Oct 12 19:31 X0=
    ==================

    Which looks more or less correct for a socket. (doing just a plain "ls" returns "X0", and not "X0=").

    When run in debug mode, sshd gives this:

    ==================
    debug1: X11 connection requested.
    debug1: channel 3: new [X11 connection from ::1 port 33274]
    channel 3: open failed: administratively prohibited: open failed
    debug1: channel 3: free: X11 connection from ::1 port 33274, nchannels 4
    ==================

    This was working perfectly for a long time, and I don't even know which patch it was that caused the problem.

    Help! I can't stand developing with VI any more! Must run xemacs...

    Thanks,

    Ben

  • RELEVANCY SCORE 2.79

    DB:2.79:Ssh X11 Server 38


    Hello

    We just received a audit finding on the solaris machine that states- the remote x11 server accepts connections from anywhere because various ports 6001, - 6009 were open. The suggested solution is to restrict access to this port by using the xhost command.

    We on the other hand have ssh configured by using X forwarding. Since the traffic is secure can we depend on ssh to secure traffic without restricting access to the local host ports?

    DB:2.79:Ssh X11 Server 38

    SSH with X-forwarding does not rely on xhost authentication methods. SSH is using xauth.

    When using SSH with X-forwarding you should also not set and DISPLAY environment variables because ssh -X takes care of it. Under ssh, the DISPLAY variable will be be forwarded, hence using localhost.

    All SSH related communication, including X-forwarding is going through port 22.

    If you have anything listening on ports 6001 - 6009 that you don't need you can configure or modify your firewall to block these ports or use "sudo netstat -pa" to find out what is listening on these ports and disable the source.

  • RELEVANCY SCORE 2.79

    DB:2.79:Slow Performance Running Vmware Over X11 jz



    I have two Ubuntu installs on my host machine. My old Breezy install and a fresh new Dapper install. Both have exactly the same version of Workstation installed (5.5.1-19175).

    I connect to this host machine from another machine over ssh with X11-forwarding (ssh -X -C) in order to run VMware remotely. When I ssh into the old Breezy install and run VMware everything is snappy and super fast. When I ssh into the new Dapper install the VMware guests redraw very slowly, like it's running over VNC or something. It's practically unusable because large portions of the screen are slowly repainting every time I do something.

    I did notice that even when running VMware directly on the host machine it feels slower when repainting screen. It's not so slow to really be noticeable but it seems slower. I noticed this before I noticed the slow performance over X11.

    Any ideas what might cause this? Obviously this might have something to do with Ubuntu and not VMware but I have no idea where to start.

    Thanks!

    DB:2.79:Slow Performance Running Vmware Over X11 jz


    Is there no one from VMware able to answer the question of how rendering is being done in the guest VM screen area under X11? Is it painted through Gtk, directly into an X window, or some other method? Does the 3D rendering support affect this? I believe that may shed some light on where I need to look.

    I would be curious to know if anyone else has the same problem or no problem running with this setup. I'm not having much luck finding anyone running VMware over X11 though. This is absolutely essential for using VMware on "other" clients like PPC Apple or SPARC Solaris machines.

  • RELEVANCY SCORE 2.79

    DB:2.79:Port Forwarding ca



    I need to allow a vendor to get ssh access to a device on my inside network. Of course I want to limit where the ssh is coming from and going to. Do the lines below look sufficient?

    access-list acl_out permit tcp host outside.vendor.ip host my.outside.ip eq ssh

    static (inside,outside) tcp my.outside.ip ssh my.internal.ip ssh netmask 255.255.255.255 0 0

    DB:2.79:Port Forwarding ca


    Yes, unless "my.outside.ip" is the ip of your outside interface. In that case, replace "my.outside.ip" with the keywork "interface". Also apply the acl with "access-group acl_out in interface outside".

  • RELEVANCY SCORE 2.79

    DB:2.79:Site To Site Vpn Timeout 8d



    We have a vpn between an ASA 5505 and ASA5512X.  We mainly use this tunnel for remote work (ssh, X forwarding, etc) but 2 to 3 times daily all user ssh sessions will timeout.  All users connect to different hosts, and if they use the ssl vpn, the timeout never happens.

    our vpn tunnel is configured with IKE v2, AES256. keepalives are monitored with a confidence interval of 10sec and retry interval of 2 secs. 

    I'm not sure what causes this timeout, any idea's on where to start looking?

    DB:2.79:Site To Site Vpn Timeout 8d


    i assume, obviously, i do this on both routers?

  • RELEVANCY SCORE 2.78

    DB:2.78:Call Forwarding 9f



    How to deactivate/activate call forwarding on moto x

    DB:2.78:Call Forwarding 9f


    See: Set up call/voicemail forwarding.

  • RELEVANCY SCORE 2.78

    DB:2.78:Cant Tunnel Over Ssh: Firewall Policy Violation 1k



    Im unable to tunnel traffic over ssh using -D dynamic forwarding. I believe the relevant options are set in sshd_config (PermitTunnel/AllowTcpForwading), Ive restarted the daemon, and iptables is disabled, but Im still getting this message:
    channel 3: open failed: administratively prohibited: Firewall policy violation

    DB:2.78:Cant Tunnel Over Ssh: Firewall Policy Violation 1k


    Tried putty and cygwin.

    It looks like theres some magic on the gateway thats screwing with SSH, so I might have to go with something like polipo instead.

  • RELEVANCY SCORE 2.78

    DB:2.78:Client-Server Communication Problem By Using Ssh af



    Hi,
    we have problem with Mincom MIMS (running on Tuxedo 7.1) client to server communication.
    We are using TCP forwardig (SSH - Secure Shell) to get through Firewall. We observed
    first TCP channel opened by MIMS client (WSL) is closed without
    new TCP stream (WSH) from client to server established. We do not know, why first
    TCP communication (WSL) failed.
    Attached is complete dump of IP communication originated from MIMS client (IP
    158.234.172.151) to SSH forwarding host (158.234.172.98). SSH forwarding host
    provides forwarding of TCP port 1602 to MIMS server 10.1.4.101. You can see there
    are two TCP connection tried by MIMS client. Dump of communication was done using
    tcpdump -s 2000 -X host 158.234.172.151 on SSH forwarding host. Is anybody who
    understand initial communication and is able to help us find the problem please
    ?
    Is there any possibility to log, trace or debug such communication problem ?
    MIMS client - server communication is OK without using ssh...(requires special
    configuration on firewalls, CISCO routers etc..)
    We are using BEA Tuxedo 7.1, Compaq alpha GS 80 - Tru64 Unix v.5.1, Oracle 8.1.6,
    TCP/IP.
    Any other SW works fine by using ssh in our case (telnet,sqlplus connection to
    the server is fine, but MIMS client can't establish connection).
    Plase, don't hesitate to contact me on given email.(petr.bulant@logicacmg.com)
    Best regards.
    Petr

    [mims_comm.txt]

    DB:2.78:Client-Server Communication Problem By Using Ssh af

    Petr,

    A WS client initially connects to a WSL. The WSL chooses a WSH and sends back
    another address for the client to use to connect directly to the WSH.

    There are two facilities we provide to deal with two firewall issues. The first,
    as Wayne noted, is to restrict the port range that the WSH will choose, so that a
    firewall can restrict which ports are open.

    The other is to deal with network address translators, which present a different
    address to users outside the firewall from users within the local network. The WSL
    has a -H option to map the internal address to the external one.

    See if one of these options helps you resolve the problem. Otherwise, contact
    Support, and they can have someone look at that trace and see what might be happening.

    Scott Orshan

    Petr wrote:
    Hi,
    we have problem with Mincom MIMS (running on Tuxedo 7.1) client to server communication.
    We are using TCP forwardig (SSH - Secure Shell) to get through Firewall. We observed
    first TCP channel opened by MIMS client (WSL) is closed without
    new TCP stream (WSH) from client to server established. We do not know, why first
    TCP communication (WSL) failed.
    Attached is complete dump of IP communication originated from MIMS client (IP
    158.234.172.151) to SSH forwarding host (158.234.172.98). SSH forwarding host
    provides forwarding of TCP port 1602 to MIMS server 10.1.4.101. You can see there
    are two TCP connection tried by MIMS client. Dump of communication was done using
    tcpdump -s 2000 -X host 158.234.172.151 on SSH forwarding host. Is anybody who
    understand initial communication and is able to help us find the problem please
    ?
    Is there any possibility to log, trace or debug such communication problem ?
    MIMS client - server communication is OK without using ssh...(requires special
    configuration on firewalls, CISCO routers etc..)
    We are using BEA Tuxedo 7.1, Compaq alpha GS 80 - Tru64 Unix v.5.1, Oracle 8.1.6,
    TCP/IP.
    Any other SW works fine by using ssh in our case (telnet,sqlplus connection to
    the server is fine, but MIMS client can't establish connection).
    Plase, don't hesitate to contact me on given email.(petr.bulant@logicacmg.com)
    Best regards.
    Petr

  • RELEVANCY SCORE 2.78

    DB:2.78:Ssh X11 Forwarding "Times Out" 7m


    Hi,
    I searched for an answer, came up empty.
    Here is my small problem. I use xterm to ssh to UNIX or LINUX machines and X connections are automatically forwarded properly. The DISPLAY environment is set. After some 10 min or so, if not used, this forwarding expires. The message when starting for instance a new xemacs application:
    Xlib: connection to "localhost:11.0" refused by server
    Xlib: Invalid MIT-MAGIC-COOKIE-1 key
    X server not responding
    : "localhost:11.0"
    My solution is to exit, reconnect and start the X application immediately. But, there might be a way to change that time out. I looked in ssh_config, could not see it.

    I hope there is a "simple" way to extent the "expiration" time.
    Thanks for any hints

    Gerfried

    iMac 800 MHz / PowerBook G4 Mac OS X (10.4.8)

    DB:2.78:Ssh X11 Forwarding "Times Out" 7m

    Hi and thanks to all who tried to help.
    Let me answer my own questions.
    Lesson 1: It allways pays to keep digging.
    Lesson 2: the time out (1200 sec) is built in and used by the xauth file generating the cookie at connection time , if and only if ForwardX11Trusted is no (the default). I learned that by running ssh -vv ( in debugging mode).
    So, either set ForwardX11Trusted to yes or what is equivalent start
    ssh -Y ....
    Here is the relevant sequence of the debugging information:
    debug2: x11getproto: /usr/X11R6/bin/xauth -f /tmp/ssh-NqsVtPNYzM/xauthfile generate .0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2/dev/null
    debug2: x11getproto: /usr/X11R6/bin/xauth -f /tmp/ssh-NqsVtPNYzM/xauthfile list .0 . 2/dev/null
    Look at the untrusted timeout 1200!

    Playing around, I'm pretty sure running -vv also nullifies the timeout !

    Thanks again
    Gerfried

    iMac 800 MHz / PowerBook G4 Mac OS X (10.4.8)

  • RELEVANCY SCORE 2.78

    DB:2.78:Rdp Over Ssh Tunnel Freezes jz



    I have PC1 and PC2 behind firewalls. I have PC3 running linux with open SSH port. what i do is simple:

    Connect from PC1--PC3 and map PC1:33389 -- PC3:1234
    Connect from PC2--PC3 and map PC3:1234 -- PC2:3389

    Then i connect with rdp to PC1:33389 i get login prompt (forwarding actually works).
    After login PC2 hangs and PC1 get timeout.

    Any ideas?

    DB:2.78:Rdp Over Ssh Tunnel Freezes jz

    .NET Does not suppport SSH at this time.Please try the native networking forums like VISTA networking forumhttp://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=115SiteID=1

  • RELEVANCY SCORE 2.78

    DB:2.78:Mozilla Firefox Over Ssh Tunneling X11 Connections sm



    Is there anyone having luck run firefox remotely displaying on a local X server?

    I am sshed to a machine with X11 forwarding. Various apps like xeyes, xcalc, etc will run on the remote machine, and display on the local machine. For some reason when I run firefox, it doesnt display on the local X server.

    Any ideas?

    DB:2.78:Mozilla Firefox Over Ssh Tunneling X11 Connections sm


    I think the newer builds of firefox allow multiple instances.

    If you have bandwidth problems, use a light browser like dillo and you willl not even notice the connection speed.

  • RELEVANCY SCORE 2.78

    DB:2.78:X Forwarding Using Xming And Putty xf


    Hi,

    I am trying to run xclock as a test through an SSH tunnel I have set up ( in preparation for running OUI the same way ).

    1. My Putty SSH terminal connection has been successful and I have logged on as root
    For this connection I have ticked the X Forwarding box under the SSH - X11 section of Putty and I also set the X Display location as localhost:1.0
    I have checked that localhost is defined as 127.0.0.1 in the hosts files of my desktop and the bacjen unix server

    2. From this SSH session on the unix server, I set my DISPLAY to localhost:1.0 and export ( the same setting I have Xming Server running on my desktop as )

    3. I then launch xclock fro the SSH session. However it just sits doing nothing. Xming shows no X Clients running

    4. I check the event log of Putty and it shows

    Requesting X11 Forwarding
    X11 Forwarding Refused

    Any ideas of what's going wrong ?
    Jim

    DB:2.78:X Forwarding Using Xming And Putty xf

    Jimbo wrote:
    Thanks Ed, yes I was able to launch without setting DISPLAY at all from the AIX side - good side benefit !

    Ed do you know if it is possible to run other protocols through the SSH tunnel ? ( I have heard it is and hence that is why network administrators are not overly keen on SSH as it can be used to get round specific protocol denials they have placed directly on the firewall ).

    I know SSH is an intended replacement for all the r* remote commands such rsh, rexec etc - however I thought I remember a note about someone launching Firefox from the server side through the SSH tunnel ? ( I could be dreaming ! )

    Also is it possible to configure your desktop side web browser to use the tunnel. I am trying to see if OEM ( in particular dbconsole rather then grid control ) can use the tunnel.

    thanks,
    JimI really can't answer any of those questions with any authority, as I'm really not a network guy. I really don't understand 'tunneling', thought I never thought of the ssh protocol itself as 'tunneling', but merely introducing a level of encrypting, whereas telnet was/is completely open text. DBconsole uses https, so I don't know how ssh may or may not fit into that.

  • RELEVANCY SCORE 2.78

    DB:2.78:Help Me Fix X11 Forwarding Over Ssh 18



    Right, bit of a long topic so ill state the problem at the top. Despite all indications of a correctly configured pair of SSH servers, and a working X server, X clients do not display on the remote server, they simply sit there and do nothing, as if they were displaying but without the actual displaying

    Now for more in depth, first here are quotes from the configs:
    sshd_config on remote client wrote:
    #AllowTcpForwarding yes#GatewayPorts noX11Forwarding yes#X11DisplayOffset 10#X11UseLocalhost yes

    DB:2.78:Help Me Fix X11 Forwarding Over Ssh 18


    Thats because /etc/ssh/ssh_config is the global SSH client config, what you are proposing will automatically forward X across all SSH connections, which may not be what you want to do.

  • RELEVANCY SCORE 2.78

    DB:2.78:View File On Ssh Server In Local Program? 7z



    Im running some software on a remote server that produces a PDF file for me once in a while. At the moment, Im running a PDF reader on that server to view it locally however this is quite slow over X forwarding. Is there a way to use a local PDF reader to read the file remotely? I could FTP in and download the file and view it, but I was hoping for a more direct method.

    DB:2.78:View File On Ssh Server In Local Program? 7z


    you can mount filesystems of ssh using sshfs. Thats what I would do