O'Reilly logo

Linux Server Hacks by Rob Flickenger

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Hack #70. X over ssh

Run remote X11 applications easily and securely with ssh

Surprisingly few people realize that ssh is perfectly capable of forwarding X11 traffic. If X11 forwarding is permitted by the ssh server that you're logging into, starting X applications is as simple as:

rob@florian:~$ ssh -X catlin
Last login: Thu Sep 5 22:59:25 2002 from florian.rob.nocat
Linux 2.4.18.

rob@catlin:~$ xeyes &
[1] 12478
rob@catlin:~$

As long as you're running X on your local machine, this will display xeyes on your desktop. This xeyes is actually running on catlin, the machine we're currently logged into. All X11 traffic is being encrypted and sent down the ssh connection that we're logged in under and is displayed locally.

The real work is done by ssh, which sets up a local X11 proxy server for you:

rob@catlin:~$ echo $DISPLAY
catlin:10.0

X11 forwarding is normally disabled by default in openssh. To enable it, add the following line to your sshd_config, and restart sshd:

X11Forwarding yes

While xeyes isn't the most useful example of why you would want to do this, here are a couple you might find more interesting:

ethereal

Does packet capturing and visual analysis on a server at your co/lo

vnc

Takes command of remote X desktops from your local terminal, as if you were sitting at the console

gkrellm

Shows a nice graphical system status for your server (or even several at a time)

To make X11 traffic forward over ssh automatically, try setting this in your ~/.ssh/config:

ForwardX11 yes

With this ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required