Using reverse SSH tunneling in one step instead of two steps (with -X)

Question

Suppose we have three hosts:

• miki - my computer behind a NAT
• vps0 - my VPS
• mum - computer of my mother, behind a different NAT.

The task is to connect from my computer to my mum and keep X11 forwarding. Until now I used reverse tunneling like below:

# on mum's computer (at crontab on reboot):
autossh -fN -M 3986 -R 1993:localhost:22 login@vps0

# when I want to connect to mum's computer
miki$ ssh login@vps0
vps0$ ssh localhost -p 1993

Presented above approach, has a disadvantage that I can't use X11 forwarding (-X parameter) - I can't open windows remotely.

I am wondering if is it possible to connect directly to my mum's computer and keep X11 forwarding.

PS. I sow answers in topic: SSH tunnel through middleman server - how to connect in one step (using key pair)?. Unfortunately using that solutions causes that X11 forwarding doesn't work.

Answer 1

Why doesn't that solution with ProxyCommand work for X11 forwarding? I think you can directly reach mum's computer with X11 forwarding using the following configuration.

Host mum
ProxyCommand ssh -q -W localhost:1993 login@vps0
ForwardX11 yes

Answer 2

If you understand what is going on in X11 forwarding, you will know that it is not so simple as described in the answer from @yaegashi. X11 forwarding is creating another layer under the ssh and it can't be chained as normal terminal data streams. But you are able to do it using port forwarding:

Based on this blog post, which does it as hardcoding in shell script. I was trying to do the same using ssh_config, but without any success. You just need to add complexity of the reverse tunnel the the original script

sshx () {
    # create the tunnel from vps0 to your host
    sudo ssh -Nn vps0 -L 3991:vps0:1993 &
    sleep 1s
    PID=$!
    # connect to localhost on forwrded port
    ssh localhost -XYC -p3991
    sudo kill $PID
}

I hope it will work for you