Hi all;
I'm trying to setup an ssh tunnel so I can run firefox on a remote laptop and have the display locally.
I have 2 laptops
local = CentOS 7
remote = mac OSX 10.15.7
I want to create an ssh tunnel on the local CentOS 7 laptop, then run firefox on the mac with the display showing up on the CentOS laptop.
Is this doable?
Thanks in advance
I do it all the time.
make sure you forward X11, on the ssh server side, and login with ssh -X me@myhost.whatever
start firefox with:
/usr/bin/firefox -no-remote if you don't want the remote pages ending up in your local browser
or if you don't care, just run firefox without -no-remote
or however you start firefox on a mac.
Ron
On 11/11/20 3:39 PM, S Bob wrote:
Hi all;
I'm trying to setup an ssh tunnel so I can run firefox on a remote laptop and have the display locally.
I have 2 laptops
local = CentOS 7
remote = mac OSX 10.15.7
I want to create an ssh tunnel on the local CentOS 7 laptop, then run firefox on the mac with the display showing up on the CentOS laptop.
Is this doable?
Thanks in advance
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
I can ssh -X myuser@theremote-mac
but I cannot run /usr/bin/firefox.
I can run "open -a Firefox" on the mac but then it just opens firefox on the mac
Thoughts?
On 11/11/20 3:45 PM, R C wrote:
I do it all the time.
make sure you forward X11, on the ssh server side, and login with ssh -X me@myhost.whatever
start firefox with:
/usr/bin/firefox -no-remote if you don't want the remote pages ending up in your local browser
or if you don't care, just run firefox without -no-remote
or however you start firefox on a mac.
Ron
On 11/11/20 3:39 PM, S Bob wrote:
Hi all;
I'm trying to setup an ssh tunnel so I can run firefox on a remote laptop and have the display locally.
I have 2 laptops
local = CentOS 7
remote = mac OSX 10.15.7
I want to create an ssh tunnel on the local CentOS 7 laptop, then run firefox on the mac with the display showing up on the CentOS laptop.
Is this doable?
Thanks in advance
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
you can't run it? or can't find it?
if it doesn't want to run, it probably is because you're not forwarding X11 in your server, in this case your mac. the ssh server nees to do/allow that
what about executing it remotely :
ssh -X myuser@theremote-mac "open -a Firefox" ?
if that doesn't work, it's probably your X11 forwarding
On 11/11/20 3:56 PM, S Bob wrote:
I can ssh -X myuser@theremote-mac
but I cannot run /usr/bin/firefox.
I can run "open -a Firefox" on the mac but then it just opens firefox on the mac
Thoughts?
On 11/11/20 3:45 PM, R C wrote:
I do it all the time.
make sure you forward X11, on the ssh server side, and login with ssh -X me@myhost.whatever
start firefox with:
/usr/bin/firefox -no-remote if you don't want the remote pages ending up in your local browser
or if you don't care, just run firefox without -no-remote
or however you start firefox on a mac.
Ron
On 11/11/20 3:39 PM, S Bob wrote:
Hi all;
I'm trying to setup an ssh tunnel so I can run firefox on a remote laptop and have the display locally.
I have 2 laptops
local = CentOS 7
remote = mac OSX 10.15.7
I want to create an ssh tunnel on the local CentOS 7 laptop, then run firefox on the mac with the display showing up on the CentOS laptop.
Is this doable?
Thanks in advance
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On Wed, 11 Nov 2020 at 17:45, R C cjvijf@gmail.com wrote:
I do it all the time.
make sure you forward X11, on the ssh server side, and login with ssh -X me@myhost.whatever
start firefox with:
/usr/bin/firefox -no-remote if you don't want the remote pages ending up in your local browser
or if you don't care, just run firefox without -no-remote
Don't you have to make sure that the Firefox on the MacOS-X system is using X11? It normally uses the native MacOS windowing system which is not X.
or however you start firefox on a mac.
Ron
On 11/11/20 3:39 PM, S Bob wrote:
Hi all;
I'm trying to setup an ssh tunnel so I can run firefox on a remote laptop and have the display locally.
I have 2 laptops
local = CentOS 7
remote = mac OSX 10.15.7
I want to create an ssh tunnel on the local CentOS 7 laptop, then run firefox on the mac with the display showing up on the CentOS laptop.
Is this doable?
Thanks in advance
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
yeah .. it would need to run X11
On 11/11/20 4:04 PM, Stephen John Smoogen wrote:
On Wed, 11 Nov 2020 at 17:45, R C cjvijf@gmail.com wrote:
I do it all the time.
make sure you forward X11, on the ssh server side, and login with ssh -X me@myhost.whatever
start firefox with:
/usr/bin/firefox -no-remote if you don't want the remote pages ending up in your local browser
or if you don't care, just run firefox without -no-remote
Don't you have to make sure that the Firefox on the MacOS-X system is using X11? It normally uses the native MacOS windowing system which is not X.
or however you start firefox on a mac.
Ron
On 11/11/20 3:39 PM, S Bob wrote:
Hi all;
I'm trying to setup an ssh tunnel so I can run firefox on a remote laptop and have the display locally.
I have 2 laptops
local = CentOS 7
remote = mac OSX 10.15.7
I want to create an ssh tunnel on the local CentOS 7 laptop, then run firefox on the mac with the display showing up on the CentOS laptop.
Is this doable?
Thanks in advance
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
If the point is to access a specific web site only the remote machine can get to, you can also do it with port forwarding: ssh -L 8000:ip_of_web_site_to_access_from_remote:443 remote_machine and then locally run any browser, and access https://localhost:443 (assuming it's https. If it's plain http, use "http" and 80). Note that you'll be breaking some aspects of https security such as man-in-the-middle protection and perhaps others, and you'll need to accept some security exceptions.
This will be useful if the point is to get to a web site only only the remote machine can connect to, but all the browser code/plugins will be the local ones.
Am 12.11.20 um 13:56 schrieb Bernstein, Noam CIV USN NRL (6393) Washington DC (USA) via CentOS:
If the point is to access a specific web site only the remote machine can get to, you can also do it with port forwarding: ssh -L 8000:ip_of_web_site_to_access_from_remote:443 remote_machine and then locally run any browser, and access https://localhost:443 (assuming it's https. If it's plain http, use "http" and 80). Note that you'll be breaking some aspects of https security such as man-in-the-middle protection and perhaps others, and you'll need to accept some security exceptions.
This will be useful if the point is to get to a web site only only the remote machine can connect to, but all the browser code/plugins will be the local ones. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
This would not allow having access to SNI hostings (without dns tricks).
Anyway, the original question was to forward a _native_ OSX output via X11 to the linux workstation. That is not possible but you can enable remotedesktop service on the osx machine and passing this through a ssh tunnel like "-L 5900:localhost:5900 -N" and accessing the osx machine via VNC.
A complete different option is: having a opensource port distribution installed (like macports.org) and installing firefox that runs under https://www.xquartz.org/.
Not quite centos related ...
-- Leon
On Thu, Nov 12, 2020 at 12:56:15PM +0000, Bernstein, Noam CIV USN NRL (6393) Washington DC (USA) via CentOS wrote:
If the point is to access a specific web site only the remote machine can get to, you can also do it with port forwarding: ssh -L 8000:ip_of_web_site_to_access_from_remote:443 remote_machine and then locally run any browser, and access https://localhost:443 (assuming it's https. If it's plain http, use "http" and 80). Note that you'll be breaking some aspects of https security such as man-in-the-middle protection and perhaps others, and you'll need to accept some security exceptions.
This will be useful if the point is to get to a web site only only the remote machine can connect to, but all the browser code/plugins will be the local ones.
If this is actually something you want to do with regularity, I suggest using the SSH SOCKS proxy (with the DynamicForward port), and configure Firefox to use the localhost:port as a SOCKS5 proxy. Then all traffic in firefox will be routed over the ssh connection. It won't break SNI and for the most part, everything will work in firefox as if you were connecting from the remote side of the connection.
It works with yum and dnf too, where you can use RemoteForward to set up a proxy port on the remote side, set the 'proxy' settings in the configuration, and all yum/dnf traffic will go over the established SSH connection. Why would you do this? Well, if you've got a system that's sitting inside a private, not NAT'd network and your workstation/jumphost has a VPN enabled but you don't have it enabled on the remote side, you can update a system without doing a lot of complicated network magic. Now imagine using Ansible to do this, which is already setting up SSH sessions...
On 11/12/20 7:50 AM, Jonathan Billings wrote:
On Thu, Nov 12, 2020 at 12:56:15PM +0000, Bernstein, Noam CIV USN NRL (6393) Washington DC (USA) via CentOS wrote:
If the point is to access a specific web site only the remote machine can get to, you can also do it with port forwarding: ssh -L 8000:ip_of_web_site_to_access_from_remote:443 remote_machine and then locally run any browser, and access https://localhost:443 (assuming it's https. If it's plain http, use "http" and 80). Note that you'll be breaking some aspects of https security such as man-in-the-middle protection and perhaps others, and you'll need to accept some security exceptions.
This will be useful if the point is to get to a web site only only the remote machine can connect to, but all the browser code/plugins will be the local ones.
If this is actually something you want to do with regularity, I suggest using the SSH SOCKS proxy (with the DynamicForward port), and configure Firefox to use the localhost:port as a SOCKS5 proxy. Then all traffic in firefox will be routed over the ssh connection. It won't break SNI and for the most part, everything will work in firefox as if you were connecting from the remote side of the connection.
It works with yum and dnf too, where you can use RemoteForward to set up a proxy port on the remote side, set the 'proxy' settings in the configuration, and all yum/dnf traffic will go over the established SSH connection. Why would you do this? Well, if you've got a system that's sitting inside a private, not NAT'd network and your workstation/jumphost has a VPN enabled but you don't have it enabled on the remote side, you can update a system without doing a lot of complicated network magic. Now imagine using Ansible to do this, which is already setting up SSH sessions...
Sounds interesting, can you point me to any examples / how to's to set this up?
Thanks
On Thu, Nov 12, 2020 at 10:02:57AM -0700, S Bob wrote:
On 11/12/20 7:50 AM, Jonathan Billings wrote:
If this is actually something you want to do with regularity, I suggest using the SSH SOCKS proxy (with the DynamicForward port), and configure Firefox to use the localhost:port as a SOCKS5 proxy. Then all traffic in firefox will be routed over the ssh connection. It won't break SNI and for the most part, everything will work in firefox as if you were connecting from the remote side of the connection.
It works with yum and dnf too, where you can use RemoteForward to set up a proxy port on the remote side, set the 'proxy' settings in the configuration, and all yum/dnf traffic will go over the established SSH connection. Why would you do this? Well, if you've got a system that's sitting inside a private, not NAT'd network and your workstation/jumphost has a VPN enabled but you don't have it enabled on the remote side, you can update a system without doing a lot of complicated network magic. Now imagine using Ansible to do this, which is already setting up SSH sessions...
Sounds interesting, can you point me to any examples / how to's to set this up?
What part? For the first part, either define 'DynamicForward 8000' in a Host section in ~/.ssh/config, or run 'ssh -D 8000 hostname' to set it with command line options. Then just set your SOCKS5 proxy settings in Firefox to localhost:8000. (I'm just using port 8000 as an example here, it can be any unused port above 1024 for regular users.)
For the second, it's largely the same thing, except you'd use 'RemoteForward 8000' or 'ssh -R 8000 hostname' with the command line, and on the remote side, set 'proxy=socks5://localhost:8000' in the yum.conf or dnf.conf, or set it on the command line with:
yum --setopt='proxy=socks5://localhost:8000' update
(replace 'yum' with 'dnf' for c8) If you are curious if it is actually doing anything, add a -v to your ssh connection and it'll send debugging information to your terminal, and you'll see each proxied connection from yum/dnf.
For ansible to use it, you'd set 'ssh_connection' in your ansible.ini to have the extra -R option, and then deploy a yum/dnf config that uses the proxy. I've found this useful for managing some systems on our campus that are on a private LAN but are routed to campus only, so they can't reach 'the world' but my computer can. I would still recommend that people run their own private mirror if they are running their own private cluster but this is useful in a pinch.
On Thu, Nov 12, 2020 at 03:21:02PM -0500, Jonathan Billings wrote:
What part? For the first part, either define 'DynamicForward 8000' in a Host section in ~/.ssh/config, or run 'ssh -D 8000 hostname' to set it with command line options. Then just set your SOCKS5 proxy settings in Firefox to localhost:8000. (I'm just using port 8000 as an example here, it can be any unused port above 1024 for regular users.)
If you need a full tunnel (and not just HTTP) and don't have a VPN server, but you do have an SSH connection, I heartily recommend the tool 'sshuttle' (https://github.com/sshuttle/sshuttle, in EPEL). It requires root locally but not on the remote side.
Then you can just use firefox without messing with proxy settings or anything.
On Thu, Nov 12, 2020 at 03:21:02PM -0500, Jonathan Billings wrote:
yum --setopt='proxy=socks5://localhost:8000' update
It occurs to me that my private networks have working DNS, so if yours doesn't, you should use:
yum --setopt='proxy=socks5h://localhost:8000' update
(note the extra 'h' in the URI scheme)
This means that the DNS lookups happen on the other side of the proxy, so the yum command doesn't need to do any DNS lookups.
-
Bernstein, Noam CIV USN NRL (6393) Washington DC (USA) -
Jonathan Billings -
Leon Fauster -
R C -
S Bob -
Stephen John Smoogen