While there is generally no need for a graphical user interface (GUI) on a server, some system administrators have encountered cases where a GUI is needed. Most often, people use VNC to access the graphical user interface of the server which, given a dangerous environment such as the Internet, brings several security risks with it. A more secure way to remotely access X11 applications is by using the “X11 forwarding” feature of SSH. This tutorial will show you how to enable it on a server running Debian Wheezy.
Note: X11 forwarding works with Windows and OS X hosts too, although that setup requires some additional work (especially with Windows). For this tutorial, we assume Linux.
First, you need X11 to be present on the server (gvim
is just an application for testing purposes here, you can basically install and use every application you want):
apt-get install xorg vim-gtk
Open /etc/ssh/sshd_config
with your favorite text editor and edit the following line:
X11Forwarding no
And add the following lines:
Match User yourusername
X11Forwarding yes
And restart the SSH daemon:
service sshd restart
Ensure that your firewall is configured to allow SSH-connections as well as connections to the loopback-interface. A lot of problems with X11 forwarding stem from blocked connections to the loopback-interface.
Now you can connect from your client as usual, only that now you add the -X parameter to enable X11 forwarding:
ssh -X yourusername@yourserver.tld
To take gvim
as example, simply enter:
gvim
into the shell. After a delay of about two seconds, a window will open. You are now securely accessing graphical applications over the Internet!