How to tunnel X over ssh
So I am sure this exists somewhere else on the web, but here is my two cents for what you need to do to get automatic X tunneling.
For instructive purposes, we will use a small scenario to explain what needs to be done. There are two machines names my_local_machine and far_away_machine. my_local_machine is the machine whose local X server that you want to display to and far_away_machine is the machine that you want to run a program on and have it displayed to my_local_machine.
Steps that you need to do:
- Make sure that the machine that you are connecting to, far_away_machine, has the following line in its sshd_config file. This file usually lives in either '/etc/' or '/etc/ssh'.
X11Forwarding yes (THIS IS THE LINE THAT YOU NEED)
If this is not there contact the owner/sysadmin for the far_away_machine and have this line added.
- If you are using Windows on my_local_machine:
Get a ssh agent which supports ssh tunneling. I use a nice free open source one which is an extension to Tera Term. It is called TTSSH. So go and get Tera Term and the TTSSH extension and install them. Now turn on the X tunneling. This is done by going into the Setup->SSH Forwarding menu and make sure that the Display remote X applications in local X server is checked. Now save Setup->Save Setup your configuration, use the default name, so that the next time that you run TTSSH you don't have to recheck that box. There is an equivalent check box for most other windows programs like FSecure, etc.
- If you are using UNIX/Linux on my_local_machine:
So for this to work you need to either pass a flag to ssh, notably the -X flag, or set up your systems global ssh_config file to contain:
ssh_config lives in either '/etc/' or '/etc/ssh' on most machines. Also this may not even be needed based on how your ssh client was compiled.
- Log into far_away_machine and type 'xterm &' or something like that and see the ssh tunneled window appear on my_local_machine's screen.
Frequently Asked Questions
- Q: Does this work through a firewall?
A: Yes, it should, or at least if ssh works through your firewall, tunneling X through it should work because ssh does a point-to-point encryption of all of your traffic thus when using X Windows over ssh, all of your data uses the same TCP connection that is used for the data that you type. Thus a firewall cannot determine the difference of X traffic and you just typing a lot.
- Q: If I am running Windows, do I need a local X server to remotely display X traffic to?
A: Yes, Windows does not currently ship with a local X Windows Server. I personally use Exceed because it is fast, but it is also relatively expensive. If you are looking for a cheaper solution, I know that Mircoimages sells a cheaper one for windows called MI/X for $25 with a free trial. Also, Cygwin has a free port of XFree86 for windows but cygwin might be difficult to install (I haven't installed Cygwin for years, but I have heard it is much easier to install now).
- Q: Do I need xauth installed on the far_away_machine?
A: Yes, I learned this the hard way when trying to follow my own directions and failing on a very minimal system. Once xauth is installed everything works.
If you like this page send me some e-mail at wentzlaf AT cag.lcs.mit.edu
You can also find more contact info for me on my homepage