English / Deutsch | Print version

SSH X11Forwarding

SSH X11 forwarding is a solution to use graphical programs through the SSH session on your local machine. For example, you connect through SSH with the server machine and start a graphical browser (Vivaldi, Firefox, ...) from the command line on the server machine. The graphical user interface is rendered on your local machine.

Note, this is not a VNC connection and it is not needed that the X server is running on the server machine.

Setup

Server Side

Edit the file '/etc/ssh/sshd_config'. Be sure that you use 'sshd_config' and not 'ssh_config'.

You have to remove the # and change the values.

Change

#X11Forwarding no
#X11UseLocalhost yes

to

X11Forwarding yes
X11UseLocalhost no

As in Plop Linux, the 'xauth' program (which is required to enable this feature) is not installed under '/usr/bin', you have to add an additional configuration to the sshd_config file.

Add

XAuthLocation /opt/bin/xauth

Reload the configuration with the command: killall -HUP sshd

Client Side

As in Plop Linux, the 'xauth' program (which is required to enable this feature) is not installed under '/usr/bin', you have to add an additional configuration on the client side.

You can do this system wide or per user.

• Client Side - System wide configuration

Edit the file '/etc/ssh/ssh_config'. Be sure that you use 'ssh_config' and not 'sshd_config'.

Add

XAuthLocation /opt/bin/xauth

• Client Side - User based configuration

In the user directory, edit/create the file '~/.ssh/config' and add the line

XAuthLocation /opt/bin/xauth

Connect with X11Forwarding

To enable X11Forwarding with a parameter, you use either '-X' or '-Y'.

Example: ssh -Y hostname

To test a program run 'xclock' or a browser with 'netsurf'.

Note: '-Y' gives the user interface more permissions than '-X'. '-X' needs also additional configurations.

Errors

A usual error is: X11 forwarding request failed on channel 0

At first check if you enabled on the server side 'X11Forwarding yes' and 'X11UseLocalhost no' in the '/etc/ssh/sshd_config' file and you restarted the SSH daemon or the configuration has been loaded.

If this does not help, then you can add '-v' as parameter to get debug information. '-vvv' gives a lot of more infos but '-v' should be enough.

When you see 'debug1: No xauth program.' then you have to install 'xauth' or you have set the correct path to 'xauth'. See the 'Setup' above. Check the server and the client!

© 2024 by Elmar Hanlhofer