Red Hat Enterprise Linux 5 Administration Unleashed

Connecting from the Client 365After enabling X11 forwarding, if a user is logged in to a remote system via ssh andexecutes a graphical program, the program is run on the remote system, but the graphicalinterface is displayed on the client system the user is logged in to. This has many benefitsincluding being able to run graphical system administration tools remotely.To allow X11 forwarding on server, the X11Forwarding option must be set to yes in the/etc/ssh/sshd_config file on the OpenSSH server. According to the sshd_config manpage, the default value for X11Forwarding is no. However, the default value in Red HatEnterprise Linux is set to yes. After modifying the configuration file, execute thecommand service sshd restart to enable the change.TIPTo learn about the other options in /etc/ssh/ssh_config on the client and/etc/ssh/sshd_config on the server, read their man pages with the manssh_config and man sshd_config commands.Port ForwardingIn addition to X11 forwarding, ssh can also be used to forward connections from oneport to another, otherwise known as port forwarding or tunneling. Port forwarding can beused to make an otherwise unencrypted connection secure by encrypting it via ssh. Itcan also be used to connect to a server behind a firewall.The basic syntax is as follows:ssh -L :: @When a connection is made to port on the local system, the connectiongoes over an encrypted tunnel to the and then is forwarded to port on the after successful authentication for username@otherhost.17For an example, refer to Figure 17.4. In this figure, an SSH tunnel is established betweenthe source host and the SSH server. The destination host can be any type of server configuredto accept connections on a static port such as a POP3 email server, a web server, oreven another SSH server.Internetencrypted tunnelsource hostSSH serverfirewalldestination hostFIGURE 17.4Establishing an SSH Tunnel