By Brian Fitzgerald
Introduction
This is a worked example on how to Display Oracle Universal Server back to your Windows PC if you want to connect ssh through an additional server, such as a bastion. The destination operating system is AIX POWER in IBM Cloud. The tunnel host is Linux.
Pattern
The ssh tunnel connection follows this serverfault answer:
How to enable SSH X11 forwarding through additional server?
There are several ways to do this, the one I prefer is to forward the ssh port:
First, connect to machine B and forward [localPort] to C:22 through B
A$ ssh -L [localPort]:C:22 B
Next, connect to C from A through this newly-created tunnel using [localPort], forwarding X11
A$ ssh -X -p [localPort] localhost
Now we can run X11 programs on C and have them display on A
C$ xclock
[localPort] can be any port that you are not already listening to on A, I often use 2222 for simplicity.
Prerequisites
You should have a working ssh setup before beginning. In this example, the private ssh key is saved on Windows as file “ibm_rsa”. Likewise, you will need a working X server, such a Xming.
In Oracle Cloud, create an AIX Power VM. Create a Linux VM to use as the intermediate host.
Tunnel account setup
On the Linux host:
[root@dal-vm ~]# groupadd tunl [root@dal-vm ~]# useradd -g tunl tunl [root@dal-vm ~]# cp -pr ~/.ssh ~tunl/.ssh [root@dal-vm ~]# chown -R tunl:tunl ~tunl/.ssh
Oracle account setup
On the AIX POWER host, enable X11 forwarding,
******************************************************************************* * * * * * Welcome to AIX Version 7.1! * * * * * * Please see the README file in /usr/lpp/bos for information pertinent to * * this release of the AIX Operating System. * * * * * ******************************************************************************* # bash bash-4.3# ed /etc/ssh/sshd_config 3233 1,$s/#X11Forwarding no/X11Forwarding yes/g w 3207 q bash-4.3# stopsrc -s sshd 0513-044 The sshd Subsystem was requested to stop. bash-4.3# startsrc -s sshd 0513-059 The sshd Subsystem has been started. Subsystem PID is 13107376. bash-4.3#
Create the oracle account:
bash-4.3# mkgroup oinstall bash-4.3# mkgroup dba bash-4.3# useradd -g oinstall -G dba oracle bash-4.3# mkdir ~oracle bash-4.3# cp -pr ~/.ssh ~oracle/.ssh bash-4.3# chown -R oracle:oinstall ~oracle bash-4.3#
Create the tunnel
On Windows, connect to the Linux host with the needed tunneling arguments.
C:>ssh -i ibm_rsa -N -L 3333:52.117.58.66:22 tunl@169.61.227.202 The authenticity of host '169.61.227.202 (169.61.227.202)' can't be established. ECDSA key fingerprint is SHA256:gCHZnnBtodihB75yPqIZ21Cbdq/+IAWbsCr4zRe5MTw. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '169.61.227.202' (ECDSA) to the list of known hosts.
Note that this is not an interactive session. No Linux prompt appears.
Log on to the AIX POWER oracle account
In Windows, set the DISPLAY variable. Log on to AIX as oracle via the local tunnel port:
In AIX, set LC_ALL. Optionally, test xterm. Start Oracle Universal installer:
Conclusion
This has been a complete, worked example of starting Oracle Universal Installer, an X-Windows client, on an AIX POWER virtual machine in the IBM Cloud. The ssh session was established via a tunnel on a Linux virtual machine.