X11 forwarding over SSH

I recently got my old computer up and running with Gentoo Linux with extensive help from one of my coworkers, who is an avid Gentoo fan. Now that it is back in my basement I am starting to play with it remotely.

One of the cool things about the windowing system on Linux (called X11 or just X) is that it is a server and considers the program windows you have opened as clients. There is nothing saying that the server your client program window is getting its information from has to be the local computer you are sitting in front of.

Of course, no proper Linux aficionado would send this kind of thing across the internet without encryption, so the X windows are sent through an SSH tunnel. The settings (on Gentoo at least) were pretty simple. In the /etc/ssh/ssh_config file change this:

# Host *

# ForwardAgent no

# ForwardX11 no

To this:

Host *

# ForwardAgent no

ForwardX11 yes

And then in the /etc/ssh/sshd_config file change:

# X11Forwarding no


X11Forwarding yes

Once you have done that restart the sshd service with the command:

sleepycat ~ # /etc/init.d/sshd restart

* Stopping sshd … [ ok ]

* Starting sshd … [ ok ]

Now you are ready to ssh to the box. Use the –X flag to enable X11 forwarding and the –l option to specify the username you are connecting with:

sleepycat ~ # ssh –X –l mike

When you are connected you can issue a command like “firefox &” and marvel as firefox opens with your search history and bookmarks from the remote computer.

When I showed this off at work I was asked “cool, but what are you going to use it for?”

I guess if I ever wanted an undetectable way to surf porn at the office I could use it for that…

5 thoughts on “X11 forwarding over SSH”

  1. Mike, this is incredibly cool and nerdy. This actually sounds like something I kind of want to do for myself, except beyond having a way to tunnel into a home linux machine, have that machine serve my iTunes library.

    I believe iTunes has autodiscovery of available music libraries – and I know there are packages available to drop into a linux distro so that it fools macs (and PCs? not sure) into thinking it’s a for-real iTunes setup.

    Aside from surfing porn, you could then also theoretically have access to your entire music collection from anywhere with a net connection. Cool.

  2. You’ve actually fixed a problem for me, namely, how to restart a printer on a mangled CUPS install where it would only accept connections from localhost.

  3. Thx for a nice,short,well aimed article.

    I had to do /etc/init.d/sshd reload for it to work on my gentoo box over to debian.

  4. This is pretty useful for remote router config, if the config page is a) only accessible from the local network and b) needs javascript (which needs an X server)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s