In this article, we will show how to do X11 Forwarding with SSH using two Linux machines. Our goal is to run an x11 application on a remote machine.
For this experiment, imagine that you want to use Firefox on a remote machine to access a website that is blocked on your machine.
In this case, we will use Firefox as an example of an X11 application that we will Forwarding.
The scenario below presents 2 machines and a website. On both machines, we have the client machine (MyPC) and the machine with the SSH server (External PC).
Suggested scenario using VirtualBox
In this scenario, we will initiate an SSH session from (MyPC) to (External PC). Once the SSH session has started, let’s run Firefox.
However, the Firefox that will be displayed on our screen is the Firefox that is running inside the machine (External PC).
This way, we will use FIrefox from (External PC) to access a page on the Internet.
Below we present a scenario that can be easily replicated using VirtualBox. In this case, we will raise two virtual machines in VirtualBox.
On the first virtual machine (VM1), we will install the Openssh-server server so that we can access it via SSH. On this first machine, we will use two VirtualBox interfaces.
The first interface, (VM1), will use NAT mode and consequently will be able to access the Internet through the real machine (host). The second interface, from (VM1), will be in internal network mode “Internal Network” and will be used to connect to the second virtual machine (VM2).
In the second virtual machine (VM2), we will only use one interface in “Internal Network” mode and it will be used to connect to the first virtual machine (VM1).
Configuring SSH Server to Allow X11 Forwarding
Initially we will enter the terminal of the machine that has the SSH server installed, the (External PC). Inside the terminal, let’s edit the SSH server configuration file. To do this, we will use the command below.
sudo nano /etc/ssh/sshd_config
Inside the “sshd_config” file, go to the end of the configuration file and uncomment the X11Forwarding line and change it to “X11Forwarding yes”.
X11Forwarding yes
This configuration change will allow X11 forwarding and consequently we will be able to open graphical applications from the remote computer on our machine.
Then we will save and exit the nano editor using the commands “Ctrl + x” and then “y” + ENTER.
Now, we need to restart the server. To do this, we can use the commands below.
sudo systemctl restart sshd
If you want, you can use another command below.
sudo service sshd restart
Configuring the ssh client to do X11 Forwarding
Now let’s configure the client (MyPC) so that it can make an SSH connection to the server (External PC).
To do this, we will execute the command line below using the “-X” option which tells SSH that we will have a session with X11 Forwarding.
ssh -X [email protected]
The above command indicates that we are making an SSH session with the characteristics below.
“-X” = establishing an SSH session with X11 Forwarding.
“redes11” = user we are using to connect to the SSH server machine (External PC).
“192.168.10.1” = IP of the SSH server machine (External PC).
After logging in, enter your user password and press ENTER.
Running an X11 application
Now that we are inside the remote machine with the SSH session we established above. Let’s run an application like Firefox.
To do this, let’s execute the command below.
firefox
We can see a message that says “X11 connection rejected because of wrong authentication” and also that there was an error that says “Error: cannot open display“.
How to resolve “X11 connection rejected because of wrong authentication“.
To resolve the error “X11 connection rejected because of wrong authentication” let’s configure an environment variable allowing us to run applications that are in the snap.
export XAUTHORITY=$HOME/.Xauthority
Next we will execute the command to open Firefox again.
firefox
Now we can open pages in this browser and the origin of the page request will be from the IP of the (External PC).
Opening a Game using X11 forwarding
Another possibility is to open a game that is only installed on the remote computer (External PC).
If you have not yet connected to (External PC) with the “-X” option, let’s connect to the remote PC using the command below.
ssh -X [email protected]
Next, in the terminal, we will execute the command to open the Pingus game.
pingus
And we will see the Pingus home screen. If you want, you can play, it’s worth it.
Considerations about X11 Forwarding in SSH
Below we will make some considerations about using X11 Forwarding in SSH to run applications.
Site blocking and proxy considerations
The first consideration we can make is related to the use of remote machines to access Internet content, such as a browser from an external machine being used to display pages on your machine.
Now, let’s assume if you have a proxy that blocks some websites and allows SSH traffic. In this case, users on your network could use SSH to do X11 forwarding from a VPS or remote machine to access pages using the remote machine’s browser. Imagine the problem it would be to detect this.
Note that the difficulty in detecting this behavior is directly linked to the encryption used in SSH.
In this way, data that is sent from the remote machine, such as browser exposure, would be encrypted between the remote machine and a user’s machine within the network.
Considerations for applications such as games
Now, let’s imagine that games are prohibited within your company. In this case, users at your company could use X11 Forwarding to play games that are installed on a remote machine or on a VPS and would not need to install the game on the company’s machine.
And it is worth remembering that data that is sent from the remote machine, such as game content, would be encrypted between the remote machine and a user’s machine within the network.
This makes it difficult to identify behavior on the network.
See more:
How to install Ubuntu Server on VirtualBox
Zabbix Appliance on VirtualBox
https://ubuntuforums.org/showthread.php?t=2485719
Juliana Mascarenhas
Data Scientist and Master in Computer Modeling by LNCC.
Computer Engineer
Build Your Own DNS Server: A Step-by-Step Guide using BIND9
In this step-by-step guide, we’ll walk you through the entire process of setting up and…
Tutorial for SSH Public Key Authentication
In this tutorial, we will teach you how to create and configure access to an…
Socket UDP Python Chat
Tutorial for creating a simple chat using UDP sockets in Python 3. The goal is…
Socket TCP Python make a chat
Tutorial for creating a simple chat using TCP sockets in Python 3. The goal is…
apt get behind proxy
Over time, I have often come across the need to configure apt get to work…
Best IDE for Python?
Finding the perfect IDE is a personal journey that depends on various factors such as…