This is a reader-contributed article.
Technology has changed dramatically in the last decade. OpenSSH is one the best project. It allows you to control remote Linux / UNIX server using command line or GUI tools.
Do you miss GUI configuration server management tools such as Debian network-admin or Redhat/Cent os system-config-* tools/utilities while administrating a Linux server? Do you want to run GUI admin tools on a remote Linux server and get display on local desktop or laptop X server system?
I have been using OpenSSH X11 forwarding and it works very well with DSL / ADSL/ cable connections.
Sample setup
Our setup is as follows:
#1: Remote Redhat Enterprise / Debian Linux Server
IP address: 203.199.92.106
#2: My IBM laptop running Ubuntu Linux connected via hi speed ADSL connection.
IP address: Dynamic
Step #1: Server Setup
You must have OpenSSH server installed. Open SSHD configuration file /etc/ssh/sshd_config
$ sudo vi /etc/ssh/sshd_config
Turn on X11Forwarding by setting X11Forwarding parameter to yes:
X11Forwarding yes
Save and close the file. Restart OpenSSH server you so the changes will take place:
$ sudo /etc/init.d/ssh restart
If you are using RedHat server, use:
# /etc/init.d/sshd restart
Logout and close ssh connection.
Step # 2: Running a command remotely
Debian Linux has the Network Administration Tool. It allows you to specify the way your system connects to other computers and to internet. Let us run this tool from laptop and make some changes to remote server networking. Open X terminal and type the command:
$ ssh -X 203.199.92.106 /usr/bin/network-admin
Run RedHat Linux system-config-httpd tool (Apache sever configuration tool):
$ ssh -X 203.199.92.106 /usr/bin/system-config-httpd
[X11 Forwarding in action]
Within few seconds (depends upon your network speed) you should see a network-admin or system-config-httpd GUI locally. The client desktop/laptop does not need any extra configuration :)
Another option is to connect to the remote server and use X port forwarding:
$ ssh -X 203.199.92.106
Make sure you replace IP address 203.199.92.106 with actual hostname or IP address.
A note for apple OS X tiger users
Instead of –X option use –Y option:
$ ssh -Y 203.199.92.106
$ ssh -Y 203.199.92.106 system-config-network
Optional : Turn on Automatic X11 Forwarding
You can turn on automatic forwarding by adding following two lines to local OpenSSH client configuration file /etc/ssh/ssh_config or ~/.ssh/config:
$ sudo vi /etc/ssh/ssh_config
Set configuration parameter:
Host *
ForwardX11 yes
Save the changes. You can run almost any GUI program locally :)
Reference Links:
- Refer to OpenSSH man pages (man sshd, sshd_config, ssh_config)
- VNC - An alternative to X forwarding (VNC over SSH2 - A TightVNC Tutorial)
- OpenSSH project home page
About the author: Rocky Jr., is an engineer with VSNL - a leading ISP / global telecom company in India and a good friend of nixCraft.
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- 10 Greatest Open Source Software Of 2009
- My 10 UNIX Command Line Mistakes
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
- Email this to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: Apr/10/2007
{ 12 comments… read them below or add one }
Forget plain old X11 forwarding. Check out NoMachine’s(http://www.nomachine.com/download.php) NX software. It runs over SSH as well but the responsiveness of the NX protocol is unlike any other remote GUI. Don’t be mislead, you can get it all for free if you click the right links on their page =)
This technique can also be used to serve up Linux applications on a Windows desktop. Brilliant for me – I have the best (and worst) of both worlds.
You need to install an X-server on the windows machine – read: cygwin.
And use something like putty to connect up to the server and run your commands from there.
I’m still having a problem though – I’m still having to run xhost +[Server Address] on my desktop for some strange reason despite all the instructions being followed.
If you use -XC intead of just -X then the performance would be far better. C is for Compression.
@Nevyn: “xhost +ServerIP” is dangerous on potentially hostile networks since an IP can be forged. You’re probably having an authentication problem. Check the man page of “xauth”, basically you need to extract the authentication token on the X server (i.e. SSH client) and merge it into the XAuth database on the X client side (i.e. SSH server side).
“A note for apple OS X tiger users”
Say what I need to be able to make this work on iBook?
I got this error: /usr/share/system-config-network/netconfpkg/NC_functions.py:30: DeprecationWarning: rhpl.log is deprecated and will be removed; use python’s logging instead
import rhpl.log
TERM environment variable needs set.
But why not just use TightVNC?
You might also have to throw the “ForwardAgent yes” setting in /etc/ssh/ssh_config in order for this to work. I’ve run into that.
Good tip, though. I use X11 forwarding at work all the time, and it’s very handy. Way better than the old telnet/xhost way.
Could you do an article on installing X on a windows machine. That’s all my university has. Better yet, X on a disk-on-key, like Portable Apps, would be great.
Thanks.
It’s best not to enable X11Forwarding for all connections (i.e. don’t enable it in /etc/ssh/ssh_config)… it used to be the default and there’s a very good reason why it is no longer. It’s dangerous.
It turned out that a remote attacker could sniff your keyboard and mouse movements (or possibly even more horrible things) just because you ssh’d onto a box that they had cracked. In short, it turned into a great way of cracking the next host up the chain.
I generally define two connections in .ssh/config for any machine, say foo.example.com — one connection I call “foo” and the other “xfoo”. I then have X11Forwarding turned on for only one of them. And of course, by using the config file, I can automatically get all the other benefits it brings — I turn on compression and can specify an identity file for pubkey login too.
Very useful. Thank you!
Nice ! This is very usefull and simple !
I tried this method but was unsuccessfull in launching GUI applications on the local system. I checked and made sure that X11Forwarding is set as YES on the remote system. I connect to the remote system using ssh -X .
Now, when i type gedit on the terminal window, the gedit editor open in the remote terminal. Please advice as to what settings i am missing which will enable me to open the GUI on the local system.
Thanks,
vinay