Using X11 Forwarding with SSH on Linux allows a remote user to log into a Linux server and then load X11 applications over a network. This is very useful to load graphical apps.
Here is an example. The -X parameter to the ssh utility is used to enable X11 Forwarding on the client.
┌──(john㉿DESKTOP-PF01IEE)-[/mnt/c/Users/Intel i5/Videos] └─$ ssh -X jason@192.168.1.2 jason@192.168.1.2's password: Warning: No xauth data; using fake authentication data for X11 forwarding. Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-107-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage Documentation and other resources pointers for Ubuntu Server Edition are provided at: http://www.ubuntu.com/server/doc 9 updates can be applied immediately. 5 of these updates are standard security updates. To see these additional updates run: apt list --upgradable Last login: Mon Apr 18 12:43:06 2022 from 192.168.1.5 |
This is my /etc/ssh/sshd_config file. The X11Forwarding yes option must be enabled on the server machine.
# Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # Allow client to pass locale environment variables AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server |
Once this has been set up on the server just SSH in using the -X parameter on the client and then load a graphical application as normal and it will appear on the client machine.
Check the DISPLAY variable to ensure it is configured properly.
jason@jason-Lenovo-H50-55:~$ echo $DISPLAY localhost:10.0 |
A file manager such as nautilus will work just fine.
jason@jason-Lenovo-H50-55:~$ nautilus --no-desktop |
Above is the Gnome System Monitor running over SSH. This is pretty fast over a modern Gigabit Ethernet network, but slower over the Internet. But you should really be using a VPN to access a remote machine and then logging into SSH once you are connected with a secure VPN tunnel. And use a different port for the VPN other than the default. Port 443 can work. It is mixed up with all other SSL traffic. A good way to bypass a restrictive proxy when you are at an educational institution and they block the default VPN port for OpenVPN.
Easy way to set up a working OpenVPN configuration on Ubuntu server on Amazon AWS.
https://securitronlinux.com/bejiitaswrath/easy-way-to-setup-a-working-openvpn-configuration-on-ubuntu-server-on-amazon-aws/.
This is a most useful tip for accessing the graphical environment over the network.
Thank you for support Ukraine!