Recipe 17.11. Tunneling X over SSH
17.11.1 Problem
You like running remote X sessions, but
you know that they are completely insecure, so you want to run X over
SSH.
17.11.2 Solution
Follow the previous recipes to get SSH configured and running, then
enable X forwarding on the SSH server, in
/etc/ssh/sshd_config. Then use the
-X flag when you start your SSH session.
Put this line in /etc/ssh/sshd_config
on the SSH server:
X11Forwarding yes
Then connect to the server with the -X flag:
$ ssh -X saturn.test.net
Run this command to test that X forwarding is working:
$ echo $DISPLAY
localhost:10.0
If it weren't, it would return a blank line. Now you
can run any X program installed on the server as though it were
local. Try this for a simple test:
$ xeyes
Or run glxgears, or any X
program that is installed on the server.
17.11.3 Discussion
Using SSH for remote X sessions is both simpler and more secure
than running a plain-vanilla X session without SSH, which is not
secure at all. However, it still carries some risks. Use this to
connect only to trusted hosts, because a snoopy admin can easily
capture your keystrokes or logins, or even connect to your local
desktop and snoop even more. Make sure your local
~/.Xauthority file is mode 600, to prevent
unprivileged users on the remote host from also joining in the
snooping.
Be sure that these entries are in your local
/etc/ssh/ssh_config file and any ~/
ssh/ssh_config files on your system:
Host *
ForwardX11 no
ForwardAgent no
It's important to ensure that X forwarding is turned
off, except when you absolutely need it.
Depending on your physical distance from the remote server and the
speed of your network connection, you may notice some lag in your
keystrokes or mouse movements, as the X protocol is a bit of a
network hog.
17.11.4 See Also
| 
