Peter's Blog

Redefining the Impossible

X over ssh and vnc

X over ssh and vnc

Submitted by Peter on Wed Feb 08 2006 13:49 over 4 years ago

Just got X going over ssh again, so a reminder to self on how I did it:

  • make sure 
    X11Forwarding yes
    is in /etc/ssh/sshd_config at the server end
  • then, in client: 
    ssh -X -2 user@server
    • -X means X forwarding
    • -2 forces v 2 ssh protocol
  • this should give you a remote terminal. In it start whatever application, e.g. 
    xclock &
    this will be running on the remote system but will display locally.
  • if you get the error "cannot connect to X server localhost:10.0" then you need to do 
    xhost +
    in a local terminal: the error means the remote app cannot open an X window on your local system, xhost + releases this.

Filed under: linux ssh x

3 Comments

Anonymous Says:

Tue Feb 21 2006 21:33 over 4 years ago

"xhost +" is bad, mmmkay?

It allows ANYONE to connect to your X server. Hopefully, it's a moot point because you're behind some good firewalls, but it's bad practice. You should explicitly allow only the specific clients you're using.

dumb rules that don't protect abuse.xfree86.org/current/xhost.1.html

Nice Python struct post (node/1112) btw.

Peter Says:

Wed Feb 22 2006 12:44 over 4 years ago

I am behind a firewall so I am not too worried (Microsoft ISA server: wouldn't call it good though).

Peter

Dustin Boswell Says:

Thu Oct 02 2008 07:07 about 1 year ago

Yeah, I also agree about "xhost +" being a dangerous thing to do in general. If a hacker manages to ssh into your local machine, they can snoop all your X events (keystrokes, etc...)

I have a pretty good write-up about How X over SSH really works if you're curious.

Sorry but comments on this post are now closed.