Home » Support » Access » SSH X11 Forwarding

SSH X11 Forwarding

SSH X11 Forwarding

 


Software
 

Compiling

Batch systems
 In order to enable this, you must login with
ssh -X <username>@<host>

SSH supports tunneling of X11 (X-Windows). This is also very useful if you want to open graphical displays from the remote machine on your local computer. To achieve this, an X11 server must be running on your local machine. 
The X11 connections are then tunneled and automatically encrypted by your SSH client.

Installing an X11 Server


In order to use X11, you need to have an X11 server running on your local machine. There are both free and commercial X11 servers available for the various operating systems.

Linux/Unix/Solaris etc.

  • If you are logged in to a graphical environment (like X), an X11 server is already running.
Microsoft Windows

There are several X11 servers available, here are two that are free.
  • Xming - available for all versions of Windows. May sometimes hang and need restarting.  
  • Cygwin - available for all versions of Windows. Download setup.exe and make sure you select the following packages (from the 'Select Package' screen - should be available after the initial file downloads):
Go to “xorg-X11-base” and click on it to open it and select these files (or just change "skip" to "install"):

X-startup-scripts
XFree86-lib-compat
xorg-*
xterm
xwinwm
lib-glitz-glx1
Under the Graphics group, also select opengl, if you want OpenGL support.

Then when the Cygwin X server is installed, start an xterm and type XWin -multiwindow in it and then enter. You can now run your SSH client.

Mac OS X
  • X11 is available as an optional install on the Mac OS X v10.3 Panther and x10.4 Tiger install disks. Run the installer, select the X11 option, and follow the instructions.
Enabling X11 Forwarding in your SSH Client

Once you are running an X11 server, you will need to enable X11 forwarding/tunneling in your SSH client

The descriptions will be for a few select - but common - ones.
  • "ssh": X11 tunneling should be enabled by default. To be certain it is enabled, you may use ssh -X.
  • PuTTY: Prior to connection, in your connection's options, under "Tunnels", check "Enable X11 forwarding", and save your connection.
  • Secure CRT: Right-click a saved connection, and select "Properties". Expand the "Connection" settings, then go to "Port Forwarding" -> "Remote/X11". Check "Forward X11 packets" and click "OK".

SSH will set the remote environment variable $DISPLAY to "localhost:XX.YY" when this is working correctly. If you had previously set your $DISPLAY environment variable to your local IP or hostname, you must remove any set/export/setenv of this variable from your login scripts. The environment variable $DISPLAY must be left as SSH sets it, which is to a random local port address. Setting $DISPLAY to an IP or hostname will not work.

Note: If you are logging in with GSSAPI, you must forward your credentials (Kerberos ticket) in order to be able to login. There is a little about logging in with GSSAPI here.