SSH is normally used for remote access and administration where tasks are done from the CLI (Command Line Interface), using command line tools.
SSH can forward the display or GUI from the SSH server to the client, enabling running X11/X or graphical apps from within an SSH session.
You can run graphical applications via SSH by configuring X11Forwarding directive and installing xauth on the server, and then enable the X11 forwarding option on the client when connecting. You will also need to be running a graphical desktop such as GNOME or KDE yourself, though it does not need to be the same desktop environment as in the remote server.
$ sudo apt update && sudp apt install --assume-yes xauth #Ubuntu and other Debian-based distribution $ sudo dnf install --assumeyes xorg-x11-xauth #CentOS and other Red Hat based distributions
$ ssh -X remote-host.com email@example.com's password: user@remote-host:~$
-X is the option to enable X11 forwarding from the client. You can also use -Y option to enable trusted X11 forwarding.
Enables X11 forwarding. This can also be specified on a per host basis in a configuration file. X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring. For this reason, X11 forwarding is subjected to X11 SECURITY extension restrictions by default. Please refer to the ssh -Y option and the ForwardX11Trusted directive in ssh_config(5) for more information. (Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension restrictions by default, because too many programs currently crash in this mode. Set the ForwardX11Trusted option to “no” to restore the upstream behavior. This may change in future depending on client-side improvements.)
Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls. (Debian-specific: In the default configuration, this option is equivalent to -X, since ForwardX11Trusted defaults to “yes” as described above. Set the ForwardX11Trusted option to “no” to restore the upstream behavior. This may change in future depending on client-side improvements.)
All the resources that you interact with during the session, such as opening files, will be those on the remote server.
Comment anonymously. Login not required.