[Nottingham] SSH, port-forward and X-forwarding magic

Martin martin at ml1.co.uk
Thu May 10 10:49:58 UTC 2018


On 10/05/18 11:10, J via Nottingham wrote:
> I've had to head north to deal with an emergency (£13 smoke alarm, urgh)

Oh nooo... Not a... /flat battery/ ? :-(


> and am working remote via the magic of SSH port-forwarding which lets me
> have access to want I need (don't panic, the SSH server is
> certificate-only and has fail2ban cranked to "rabid" watching the logs).
> 
> To get RDP, I use something like this:
>     ssh -L 1234:remote-box:3389 -p proxy-port user at proxy-address
> And then:
>    rdp://user@localhost:1234
> 
> That works rather nicely, but trying to use a VM on the remote box is a
> bit....yuck as it needs full screen repaints. The VM is Linux, so I was
> trying to X-Forward with:
>     ssh -L 5678:remote-vm:22 -p proxy-port user at proxy-address
> Then:
>    ssh -X p- 5678 remote-user at localhost ~/some/program
> (I tried -Y too, no difference)
> 
> This /almost/ works. I get the windows title and basic controls running,
> but then actual window never seems to fully paint. Jury-rigged local
> tests seem fine in similar configuration.
> 
> Have I missed something or is X-Forwarding simply too heavyweight for
> this scenario?
> I might try forwarding VNC in that case.
> 
> J.

If you're getting strangled on the uplink timing out, then you could try
some compression to increase the bandwidth seen across the tunnel by
adding a "-C" to your ssh...

You should only need a -X or -Y if X complains about being denied
access/permission... Depends on your client/server configs.

Also take care whether you need to add a return route to the routing
table for your target... Otherwise your return data packets might be
instead be getting routed out to your respective internet gateway to be
lost...


Then again, myself... I try to keep clear of VPNs/tunnelling silliness
(dangerous laziness) to instead use native (secure) protocols... ;-)


Let us know how you fair. Good luck!

And from your good self from long ago:

http://nottingham.lug.org.uk/2016/03/resilient-ssh-with-autossh-andor-systemd/5148

Good excuse for an add-on? ;-) :-P


Enjoy the sunshine up there!

Cheers,
Martin



More information about the Nottingham mailing list