Display remote applications on my local X server in Linux

By default Linux disallows TCP connections from remote hosts. It prevents applications from running on a remote host and being able to be displayed on the local x server.

To enable the X server to display remote applications open /usr/share/gdm/defaults.conf file. Set DisallowTCP=true to false

# vi /usr/share/gdm/defaults.conf
Set DisallowTCP=true to false

Setting DisallowTCP to false will allow remote clients to connect.

If you don’t know exact location of GDM defaults.conf conf file use find command
find / -name “defaults.conf”

Now restart GNOME aka GDM.
# reboot
# init 3
# init 5

How do I test new setup?

Type any one of the following command on the client
xhost remote-ip
xhost remotehost
xhost remote.server.com

Now SSH into the remote client and type any one of the command:
xeyes -display remote-ip:0
xeyes -display remotehost:0
xeyes -display remoteserver.com:0

xeyes should popup on client system. Enjoy!

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 9 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
9 comments… add one
  • Thrift Dec 19, 2006 @ 22:52

    You may already be aware of this, but a much simpler and more secure way is to just ssh in with the -X (-Y on some Linux distros) flag which will set up an ssh tunnel to allow the same functionally to occur as well as automagically set the DISPLAY variable correctly, so that you don’t have to add -display as a flag to the applications you launch or edit the GDM settings.

    This method doesn’t require you to allow the xserver to listen on your ethernet interfaces and doesn’t rely on IP based security.

    The only time where I would really think that the way you have mentioned would be a better solution is if you don’t have SSH available, such as for compatibility with VMS or something like that. At which point you’d just use telnet instead of SSH and do everything else just as you have mentioned. You could manually set the DISPLAY variable as opposed to using -display as a flag though, which can be convenient.

  • 🐧 nixCraft Dec 19, 2006 @ 23:00


    In this specific case GDM was disabled for disallows TCP connections from remote hosts. So I had to edit the file and reload the config. BTW it was RHEL 5.0 beta that developer testing for software compatibility.

    Appreciate your post.

  • Thrift Dec 21, 2006 @ 1:11

    Try to disallow TCP connections from within the GDM config and then ssh -X, it should work without having X listen for TCP connections.

  • drewp Jan 15, 2007 @ 3:51

    Just to elaborate on the last comment (for newbies and search engines):

    Check if your X server isn’t even listening like this:
    % ps ax | grep X
    6081 tty7 SLs+ 204:24 /usr/bin/X :0 -br -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten tcp vt7

    To get the -nolisten out of there, edit the file /etc/gdm/gdm.conf which (on ubuntu) ships with line 230 like this:

    Set that to ‘true’ and restart X.

  • 🐧 nixCraft Jan 15, 2007 @ 11:54


    Thanks for posting ubuntu hints 🙂

  • rajeesh Feb 27, 2007 @ 13:19

    really a great help yaar.. thanks a lot..

  • B!n@ry Mar 23, 2007 @ 8:40


    y don’t we just stick with the -X option that is passed to ssh while connecting to a host ?

    What is the different between both ?

  • .yankee Aug 4, 2009 @ 3:30

    The difference, as Thrift already pointed out, is security – from the user’s viewpoint. If you modify the configuration file, as dectibed in this howto, you end up with an X server open to the network, meaning anyone can run an X aplication on it (hack your box even). That’s because there’s no need of authentication.
    When using ssh, you both require authentication and make all the client-server communication encrypted, preventing a potential curious person sniffing your traffic.

  • Benny Boy Sep 19, 2011 @ 15:49

    In natty, it’s /usr/share/gdm/gdm.schemas

    I know this is an old post, but I found it searching around for why I could redirect windows back to me, and it was still in the top ten results. Thanks for the post, it put me in the right area, and a quick “find /usr/share/gdm -type f -exec grep -il disallowtcp {} ;” go the updated file name for me.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum