Softpanorama (slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-)

X over ssh

X11 tunneling is important for access to servers in DMZ and other restricted segments where X11 might be blocked by firewall.

X uses port 6000+display number, so display :0 is port 6000, :1 is 6001, and so on. The beauty with SSH is that you don't have to open up any ports, since it forwards it over its own encrypted tunnel connection. SSH can transparently encrypt another application's data stream. This is called port forwarding.

One of SSH's major benefits is transparency. A terminal session secured by SSH behaves like an ordinary, insecure one (e.g., created by telnet or rsh) once it has been established. Behind the scenes, however, SSH keeps the session secure with strong authentication, encryption, and integrity checking.

SSH forwarding isn't completely transparent, since it occurs at the application level, not the network level. Applications must be configured to participate in forwarding, and a few protocols are problematic to forward (FTP data channels are a notable example). But in most common situations, once a secure tunnel is set up, the participating applications appear to the user to operate normally. For complete application-level transparency, you need a network-level technique, such as IPSEC or a Virtual Private Network (VPN) technology.

Forwarding is a type of interaction with another network application. SSH intercepts a service request from some other program on one side of an SSH connection, sends it across the encrypted connection, and delivers it to the intended recipient on the other side. This process is mostly transparent to both sides of the connection: each believes it is talking directly to its partner and has no knowledge that forwarding is taking place. Even more powerfully, SSH forwarding can achieve certain types of communication that are impossible without it.

Forwarding isn't a new concept. The basic operation of a terminal connection over a network (say, using telnet) is also a kind of forwarding. In a telnet connection, you sit on one end, your remote shell is on the other, and both sides operate as if directly connected by a serial cable.

There is also another type of SSH forwarding, agent forwarding.  This let us create SSH connections from one computer, through a second computer, and onto a third using public-key authentication, but without installing our private key on the second machine. To accomplish this, an SSH server pretended to be an SSH agent, while transparently forwarding data to and from a remote agent. This paradigm holds true for TCP port forwarding and X forwarding, as the SSH server transparently masquerades as another network application.

Configuring X over SSH

1. Make sure that the remote server sshd_config file has the line

   X11Forwarding yes

2. On you  local machine you need to enable X11 forwarding in the SSH client. It is turned off by default.

   security-wice make sure your local ~/.Xauthority file is mode 600

   Be sure that these entries are in your local /etc/ssh/ssh_config file and any ~/ ssh/ssh_config files on your system:

      Host *
      ForwardX11 yes
      ForwardAgent no

3. Type ssh -X username@server.ip.address into the X11 terminal (xterm) on your local machine.
    
4. After your connected to the server via SSH type name of your windows manager  into the xterm terminal.

Old News ;-)

Remote X over SSH

X server and SSH client for Windows(r)

Putty (SSH client)
X server
X server

• start xs.exe
• start Putty
• activate X11 forwarding in Putty
• activate SSH 2 protokoll
• configure SSH port, normally 22
• connect to server user@1.2.3.4
• enter password

On UNIX, BSD or Linux you can use any X server and SSH client you want.

$ ssh -CX user@1.2.3.4
user@1.2.3.4's password: 

Then check the variable $DISPLAY.

$ echo $DISPLAY
localhost:10.0

---

Starting the window manager

This will start the amiwm window manager in the background and display it on your X server window (xs.exe).
 

$ amiwm &

You can find amiwm here.

Recommended Links

X over SSH - A Tutorial by Van Emery - May, 2003

How to tunnel X over ssh

http://www.tldp.org/HOWTO/XDMCP-HOWTO/ssh.html

X over ssh and vnc | Peter's Blog

Problems forwarding X over SSH - O'Reilly Linux DevCenter Blog

Digg - Tutorial- Forwarding GNOME over SSH

X11 forwarding

Remote X over SSH

Etc

• Run X over SSH under Windows

Other types of forwarding

Random Bits- HOWTO- Tunneling HTTP over SSH with DD-WRT, DynDNS ...

Troubleshooting

SSH FAQ Section 7- Troubleshooting Secure Shell

SSH Configuration and Troubleshooting in Debian

Advanced Network Configuration and Troubleshooting (2.205.2)

Remote X Apps mini-HOWTO

Secure Shell FAQ Section 7- Troubleshooting Secure Shell

Trying to tunnel X over SSH - LinuxQuestions.org

Remote Access Troubleshooting

Troubleshooting

Additional reading via Safari (free trial available)

O'Reilly - Safari Books Online - 0596006403 - Linux Cookbook

From Linux in a Windows World by Roderick W. Smith

X Tunneling with SSH

Networking X Using the Secure Shell