William Gallafent wrote:
On Tuesday 10 May 2005 11:39, Dave Howorth wrote:
I have [SuSE] machines at home and at work. I'd like to be able to connect to my machine at work from home and use X-based applications, copy files etc. But from home I have to login to a gateway machine at work and from there I can connect to my own machine. This is done by our administrators for security reasons. The login to the gateway is via ssh.
You can make ssh do this for you by using an ssh-agent (there's already one running for you in SuSE 9.2's KDE environment) (ssh-add your key to the agent before starting to ssh to remote machines). Then call ssh with -A -Y. From the manual page:
-A Enables forwarding of the authentication agent connection. This can also be specified on a per-host basis in a configuration file.
Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent's Unix-domain socket) can access the local agent through the forwarded connec~ tion. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent.
-Y Enables trusted X11 forwarding.
This seems to work for me, allowing me to ssh from machine A to machine B, then againfrom machine B to machine C using the same keys (as held by my ssh-agent) to authenticate each connection.
HTH,
My problem is that I can log in from A to B and then from B to C but I can't then start an X application on C and view the resulting window on A. Admittedly I'm using passwords rather than agent forwarding but would that make any difference? Machine B is an OSF1 box and ssh -V gives ssh: SSH Secure Shell Tru64 UNIX 3.2.0 I don't know whether that affects things. It has different syntax for the options for one thing (+x and -x) instead of (-X and -x) and no notion of -Y that I can see. Cheers, Dave