Setup X11 Forwarding over SSH on Debian Wheezy

While there is generally no need for a graphical user interface (GUI) on a server, some system administrators have encountered cases where a GUI is needed. Most often, people use VNC to access the graphical user interface of the server which, given a dangerous environment such as the Internet, brings several security risks with it. A more secure way to remotely access X11 applications is by using the “X11 forwarding” feature of SSH. This tutorial will show you how to enable it on a server running Debian Wheezy.

Note: X11 forwarding works with Windows and OS X hosts too, although that setup requires some additional work (especially with Windows). For this tutorial, we assume Linux.

First, you need X11 to be present on the server (gvim is just an application for testing purposes here, you can basically install and use every application you want):

apt-get install xorg vim-gtk

Open /etc/ssh/sshd_config with your favorite text editor and edit the following line:

X11Forwarding no

And add the following lines:

Match User yourusername    X11Forwarding yes

And restart the SSH daemon:

service sshd restart

Ensure that your firewall is configured to allow SSH-connections as well as connections to the loopback-interface. A lot of problems with X11 forwarding stem from blocked connections to the loopback-interface.

Now you can connect from your client as usual, only that now you add the -X parameter to enable X11 forwarding:

ssh -X yourusername@yourserver.tld

To take gvim as example, simply enter:


into the shell. After a delay of about two seconds, a window will open. You are now securely accessing graphical applications over the Internet!

Want to contribute?

You could earn up to $300 by adding new articles

Submit your article
Suggest an update
Request an article

No comments

Powered by Blogger.