While there is generally no need for a graphical user interface (GUI) user interface on a server, some system administrators have encountered cases where a GUI is needed. Most often, people use VNC the graphical user interface of the server, which, given a dangerous environment such as the Internet, brings several security risks with it. A more secure way to remotely access X11 applications is by using the X11 forwarding feature of SSH. This tutorial will show you how to enable it on a server running Debian Wheezy.
Note: X11 forwarding works with Windows and OS X hosts too, although that setup requires some additional work (especially with Windows). For this tutorial, we assume Linux.
First, you need X11 to be present on the server (gvim is just an application for testing purposes here; you can install and use every application you want):
apt-get install xorg vim-gtkOpen /etc/ssh/sshd_config With your favorite text editor, edit the following line:
X11Forwarding noAnd add the following lines:
Match User yourusername
X11Forwarding yesAnd restart the SSH daemon:
service sshd restartEnsure that your firewall is configured to allow SSH connections as well as connections to the loopback interface. A lot of problems with X11 forwarding stem from blocked connections to the loopback interface.
Now you can connect from your client as usual, only that you add the -X parameter to enable X11 forwarding:
ssh -X yourusername@yourserver.tldTo take gvim As an example, simply enter:
gviminto the shell. After a delay of about two seconds, a window will open. You are now securely accessing graphical applications over the Internet!