Setup X11 Forwarding over SSH on Debian Wheezy

Updated on November 13, 2014
Setup X11 Forwarding over SSH on Debian Wheezy header image

While there is generally no need for a graphical user interface (GUI) on a server, some system administrators have encountered cases where a GUI is needed. Most often, people use VNC to access the graphical user interface of the server which, given a dangerous environment such as the Internet, brings several security risks with it. A more secure way to remotely access X11 applications is by using the "X11 forwarding" feature of SSH. This tutorial will show you how to enable it on a server running Debian Wheezy.

Note: X11 forwarding works with Windows and OS X hosts too, although that setup requires some additional work (especially with Windows). For this tutorial, we assume Linux.

First, you need X11 to be present on the server (gvim is just an application for testing purposes here, you can basically install and use every application you want):

apt-get install xorg vim-gtk

Open /etc/ssh/sshd_config with your favorite text editor and edit the following line:

X11Forwarding no

And add the following lines:

Match User yourusername
    X11Forwarding yes

And restart the SSH daemon:

service sshd restart

Ensure that your firewall is configured to allow SSH-connections as well as connections to the loopback-interface. A lot of problems with X11 forwarding stem from blocked connections to the loopback-interface.

Now you can connect from your client as usual, only that now you add the -X parameter to enable X11 forwarding:

ssh -X yourusername@yourserver.tld

To take gvim as example, simply enter:

gvim

into the shell. After a delay of about two seconds, a window will open. You are now securely accessing graphical applications over the Internet!