I have a question regarding ssh tunneling. I've read this article
I would like to make X forwarding work and run some X applications at home and have them displayed on a remote system:
ssh -X -R 5555:localhost:22 [email protected] -N
On remote:
ssh -X -p 5555 [email protected]
Then on home:
//configure sshd to listen on 5555
ssh [email protected]
//here run some app
Should it work?
The machine, where the ssh tunnel command is typed is called »your host«.
local: -L Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.
ssh -L sourcePort:forwardToHost:onPort connectToHost means: connect with ssh to connectToHost, and forward all connection attempts to the local sourcePort to port onPort on the machine called forwardToHost, which can be reached from the connectToHost machine.
remote: -R Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side.
ssh -R sourcePort:forwardToHost:onPort connectToHost means: connect with ssh to connectToHost, and forward all connection attempts to the remote sourcePort to port onPort on the machine called forwardToHost, which can be reached from your local machine.
Well, if you only would like to make X forwarding work, i.e. run some X applications on the computer at home and have them displayed on a remote system (let’s call it work computer, because it might be at your workplace), then you possibly don’t need an ssh tunnel at all.
Can you simply ssh from the work computer to your home computer? If so, when you are sitting on the work computer and want to start an X application which runs on your home computer but displayes on your work computer, you have to type (on the work computer):
ssh -X homeuser@homecomputer firefox
This will start firefox on your home computer and display it on the machine where you typed this command, e.g. your work computer.
This is image number 3 of my sketches. Many times the home computer is not reachable directly from the internet, because it is behind a firewall or hidden through NAT (from a router). Then you can use a tunnel.
At your blue home computer (yourhost) you type:
ssh -R 5555:localhost:22 remoteuser@remotehost
where 5555 is the green port and 22 ist the pink port in the image.
If you are now at work, at the remotehost, and connect to the green port 5555, your connection is tunneled/forwarded to the pink port of your home computer’s localhost (i.e. your blue home computer itself). Now you have to type on your work computer:
ssh -X -p 5555 homeuser@localhost firefox
which will start firefox on your home computer (yourhost) and display it on the machine where you typed this command, e.g. your work computer (remotehost).
You need to specify the remote display that you want to forward. On remote:
DISPLAY=:0 ssh -X -p 5555 user@localhost # not sure why you used 192.168.1.2
To forward the :0 display.
Then in that shell (now running on your home machine), run:
echo "$DISPLAY"
to find out what is the forwarded display. That will be something like localhost:10, which means you need to do a TCP connection on port 6010 to connect to the display :0 on the remote machine (:0 meaning to connect to some Unix domain socket in something like /tmp/.X11-unix)
Then for an application on your machine to display on the remote server's display, it's just a matter to tell them to use localhost:10:
DISPLAY=localhost:10 xlogo
for instance.
Note that, that's a tunnel over a tunnel.
