While there is generally no need for a graphical user interface (GUI) on a server, some system administrators have encountered cases where a GUI is needed. Most often, people use VNC to access the graphical user interface of the server which, given a dangerous environment such as the Internet, brings several security risks with it. A more secure way to remotely access X11 applications is by using the "X11 forwarding" feature of SSH. This tutorial will show you how to enable it on a server running Debian Wheezy.
Note: X11 forwarding works with Windows and OS X hosts too, although that setup requires some additional work (especially with Windows). For this tutorial, we assume Linux.
First, you need X11 to be present on the server (
gvim is just an application for testing purposes here, you can basically install and use every application you want):
apt-get install xorg vim-gtk
/etc/ssh/sshd_config with your favorite text editor and edit the following line:
And add the following lines:
Match User yourusername X11Forwarding yes
And restart the SSH daemon:
service sshd restart
Ensure that your firewall is configured to allow SSH-connections as well as connections to the loopback-interface. A lot of problems with X11 forwarding stem from blocked connections to the loopback-interface.
Now you can connect from your client as usual, only that now you add the -X parameter to enable X11 forwarding:
ssh -X email@example.com
gvim as example, simply enter:
into the shell. After a delay of about two seconds, a window will open. You are now securely accessing graphical applications over the Internet!