OpenSSH: Graphical Window Forwarding

Introduction link

OpenSSH is capable of exporting X windows from another machine (creating an SSH tunnel). For example, you can connect to a server that has X and you only have SSH access to the remote machine.

In your SSH configuration file (/etc/ssh/sshd_config), set this to yes:

  X11Forwarding yes
  

Launching the Session link

Here’s an example session. Here we’ll export VNC which is running on the direct machine:

  /usr/bin/ssh -gL5901:127.0.0.1:5901 -C xxx@mycompany.com
  

This will export the remote port 5901 to the local machine’s port 5901.

If we need to go through an SSH gateway first:

  /usr/bin/ssh gateway_machine -L 5901:machine_on_my_network:5901
  

It’s also possible to automate an SSH tunnel by adding a line like this in the SSH configuration file (~/.ssh/config):

  LocalForward <local port> <target machine>:<target port>
  

Here’s an example:

  Host mycompany.com
    User username                       // To use a different username than the current one
    LocalForward 993 localhost:993      // To access my own IMAPS server
    LocalForward 119 news.free.fr:119   // To access the free news server
  

Connecting to the Remote Session link

Launch vncviewer and connect to “localhost:1”. You will then see the remote server screen.

Conclusion link

SSH is capable of forwarding any window and any port. For security reasons, it’s preferable to open as few ports as possible. Just open SSH to pass these types of services.

Resources link

• Documentation on Best Practices on SSH
• Principles and Usage of SSH