|/
|\ISS

News
Blog

Wiki

Install KISS
FAQ

Package System
Package Manager
Software

Guidestones

Testimonials
Screenshots
Team

Contact



Git (mirror)


wiki / xorg / x11-forwarding                                      

Edited () at 2020-06-10 by Michael Czigler


X11-FORWARDING [0]
________________________________________________________________________________

X11-Forwarding is a secure shell feature, which allows one to forward/tunnel
X11 connections through an existing SSH session. This is used to run X11
programs on a server while the ssh-client displays the graphical window through
the user's X11-server.


Dependencies
________________________________________________________________________________

In most cases, you will already have the required dependencies. At minimum, 
ensure that you have the following installed:

+------------------------------------------------------------------------------+
|                                                                              |
|   $ kiss b xorg-server && kiss i xorg-server                                 |
|   $ kiss b xauth && kiss i xauth                                             |
|                                                                              |
+------------------------------------------------------------------------------+


Remote Server Configuration
________________________________________________________________________________

Configuring X11-Forwarding for a remote server is straightfoward and, once
completed, a viable alternative to most opensource VNC and RDP server options.
All that is required are a few modifications to configuration files that exist
on your remote X server:

+------------------------------------------------------------------------------+
|                                                                              |
|   $ echo "XauthLocation /usr/bin/xauth" >> /etc/ssh/sshd_config              |
|   $ echo "X11Fordwarding yes" >> /etc/ssh/sshd_config                        |
|                                                                              |
+------------------------------------------------------------------------------+

At this point you are ready to test your server!


Client Configuration
________________________________________________________________________________

In order to connect to your remote server, you will need an SSH client that
supports X11-Forwarding, as well as an X server running on the same client. Some
popular cross-platform options include the following:

* vcxsrv (recommended, server only) [1]
* MobaXterm (both SSH client and X server, for Windows only) [2]
* Xming (server only) [3]
* X410 (server only) [4]

From the client side, connect to the server via SSH through your favorite
terminal application while passing the "-X" switch. Pay attention to any
errors that may occur on connection. More verbose output can be achieved by
passing the "-v" switch:

+------------------------------------------------------------------------------+
|                                                                              |
|   $ ssh -X -v user@localhost                                                 |
|                                                                              |
+------------------------------------------------------------------------------+

You can now start any X program on the remote server, the output will be
forwarded to your local session:

+------------------------------------------------------------------------------+
|                                                                              |
|   $ xclock                                                                   |
|                                                                              |
+------------------------------------------------------------------------------+

This should create a new window with the xclock application on your client side
X server.

Use an "&" at the end of the command to prevent tying up the terminal in
question:

+------------------------------------------------------------------------------+
|                                                                              |
|   $ xclock &                                                                 |
|                                                                              |
+------------------------------------------------------------------------------+


Tips and Tricks
________________________________________________________________________________

* If your connection is slow, try enabling SSH compression by passing the "-C"
  switch.

  +----------------------------------------------------------------------------+
  |                                                                            |
  |   $ ssh -X -C user@localhost                                               |
  |                                                                            |
  +----------------------------------------------------------------------------+

* You can further improve your connection speed by using a cypher to connect to
  the remove server. This can be passed as an argument using the "-c" switch
  at the initialization of a new SSH connection. [5]
  
  +----------------------------------------------------------------------------+
  |                                                                            |
  |   $ ssh -X -C -c aes256-ctr user@localhost                                 |
  |                                                                            |
  +----------------------------------------------------------------------------+
  
* Your remote system most likely has many cypher options already available for
  you to choose from (es128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128,
  aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc,
  arcfour, etc.) and each will vary in performance and security. Check out
  websites that benchmark the various security cyphers and choose the one that
  works best for you. [6]

* Can you forward an entire desktop session?  Why yes, you can! Instructions for
  doing so vary per client, server configuration, and platform [7]. If you chose
  vcxsrv as your client on a Windows host, then I would recommend checking out
  the following youtube video:

  "Linux and Windows | X11 Forwarding with SSH | VNC Alternative" by knary
  


References
________________________________________________________________________________

[0] https://wiki.archlinux.org/index.php/OpenSSH#X11_forwarding
[1] https://sourceforge.net/projects/vcxsrv/
[2] https://mobaxterm.mobatek.net/
[3] http://straightrunning.com/XmingNotes/
[4] https://x410.dev
[5] 
[6] https://blog.famzah.net/2010/06/11/openssh-ciphers-performance-benchmark/
[7] https://blog.warbel.net/index.php/2018/02/21/using-xnest-or-putty-vcxsrv-to-start-a-full-remote-session/


________________________________________________________________________________

Dylan Araps (C) 2019-2020

Linux(R) is the registered trademark of Linus Torvalds in the U.S. and
other countries.