Whilst away from my office yesterday I needed to launch a graphical (X11) application over SSH. However my OpenVPN configuration would not allow direct access to the box where I needed to run it*. I could get there indirectly via an intermediate host but the X forwarding didn't work straight away. I tried:
(local) $ ssh -X user1@intermediate_host (inter) $ ssh -X user2@target_host (target)$ some_x11_app Error: Can't open display
The solution that I came up with was to tunnel the target host's SSH port through the intermediate host:
(local) $ ssh -NL 2222:target_host:22 user@intermediate_host & (local) $ ssh -X -p 2222 localhost (target) $ some_x11_app
2222 is what I chose but it can be any unused port on
localhost. What this does is forward connetions to
localhost:2222 through the intermediate host on to
target_host:22 (port 22 being the standard ssh port).
-N because I don't need to execute a remote command on
intermediate_host, instead forwarding (
-L) a local port (2022) to another port (22) on a remote host (
-X in the second command enables X11 forwarding.
* actually my openVPN configuration did allow it but my network lacked a route back to the VPN. Adding this route to the network's default gateway enabled connect direct connection to
target_host, removing the requirement for the above work-around.
I added a route to the default gateway, an ADSL router, like this:
=> ip rtadd dst=172.16.0.0 dstmsk=255.255.0.0 gateway 10.0.200.11 => saveall
(here, the VPN network is
172.16.0.0/16 and the default gateway is