X11 Forwarding over SSH
One of the things I've been wanting to do but not made much of a priority is
11 Forwarding over ssh. For some reason getting this to work has been vexing
me for the past couple of weeks because most references I've found have you
messing with the xhost command, exporting your DISPLAY variable, and tunneling
the remote computers port 6000 to your workstation. Now, I got all that
working not using SSH but just couldn't get it
with ssh.
It turns out the solution is super simple. The steps were as follows:
- Make sure
X11Forwarding yes is somewhere in your sshd_config.
For Slackware all my global ssh config files are in /etc/ssh/.
- Restart sshd. On Slackware just run
/etc/rc.d/rc.sshd
restart.
- In ssh_config make sure there is a line
ForwardX11 yes
somewhere.
Once that's done just ssh into the target machine and run your X application
and it will appear on your screen. Can't get much easier than that.
I learned a couple of other cool things about ssh while I was messing around.
I have a couple of ports that I want to tunnel though ssh every time I connect
without having to do ssh -L
<
port>:<
address>:<
port>
every time I connect. It turns out you can put user specific settings in
$HOME/.ssh/config. So, if I wanted to tunnel port 80 and port 5900 through ssh
I'd add these two lines to my config file assuming that the machine I'm doing
the forward with on the remote network (the one sshd is running on) is
addressed 192.168.6.2.
LocalForward 80 192.168.6.2:80
LocalForward 5900 192.168.6.2:5900
LocalForward is the equivalent of -L on the ssh command line and RemoteForward
is the same as -R. The ssh man page explains it well.
While I was messing around I also put
PermitRootLogin no and
Protocol 2 in to deny all login attempt for the root account and
to only accept sshv2 connections just to make it a little more secure. I put
those in the global sshd_config file rather than my personal one.