How to run a GUI application over SSH with X11 forwarding

Running a GUI application on a remote server over SSH enables graphical tools to be used without physical access to the machine. X11 forwarding displays remote windows on the local desktop while keeping traffic encrypted, which is useful for administrative utilities, IDEs, and other graphical programs installed only on the remote system.

In an X11-forwarded session, the local machine provides the X server and the remote host runs the GUI program. The SSH client sets the DISPLAY variable on the remote side and uses xauth cookies so the remote application can open windows on the local display. The OpenSSH server must have X11Forwarding enabled and a working xauth installation to create these secure display sessions.

Reliable X11 forwarding depends on a running graphical environment and network performance between client and server. A local X server is required (for example the default Xorg on Linux, XQuartz on macOS, or a third-party X server on Windows), and some applications perform poorly over slow or high-latency links. Because X11 forwarding gives remote programs access to the local display, only trusted servers should be used and unneeded sessions should be closed promptly.

Steps to run GUI application via SSH:

Enable X11Forwarding in the SSH server configuration so remote graphical programs can connect to the local display.

Related: How to enable or disable X11 forwarding in an SSH server
The option lives in /etc/ssh/sshd_config and requires a service restart to take effect.
Restart the SSH service after enabling X11 forwarding so the new configuration is loaded.
```
$ sudo systemctl restart ssh
```
Restarting SSH with an invalid configuration can block new logins; keep an existing session open until successful restart is confirmed.
Install xauth on the SSH server to manage X11 authorization cookies.
```
$ sudo apt update && sudo apt install --assume-yes xauth
Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
##### snipped #####
```
On CentOS and other Red Hat based distributions, use sudo dnf install --assumeyes xorg-x11-xauth.
Ensure a local X server is running on the client system so forwarded windows can be displayed.

Most Linux desktops start an X server automatically; macOS typically uses XQuartz, and Windows clients often rely on an external X server such as VcXsrv or Xming.
Connect to the remote server with X11 forwarding enabled.
```
$ ssh -X user@remote-host.com
user@remote-host.com's password:
user@remote-host:~$
```
-X enables X11 forwarding for this connection; -Y enables trusted X11 forwarding when programs require fuller access to the local display.

Trusted X11 forwarding relaxes security restrictions and should only be used with fully trusted servers.
Confirm that the DISPLAY environment variable is set in the remote shell.
```
$ echo $DISPLAY
localhost:10.0
```
A non-empty value such as localhost:10.0 indicates that X11 forwarding is active for the session.
Start a test GUI application from the remote shell to verify forwarding.
```
$ xclock
```
All files and processes used by the application remain on the remote server while the window is drawn on the local display.

Optionally run a process listing on the remote host to confirm the GUI program is executing there rather than locally.

$ ps aux | grep xclock
user      2345  0.2  0.5  83528 10240 ?        S    10:12   0:00 xclock
user      2351  0.0  0.0   6432   736 pts/0    S+   10:12   0:00 grep xclock

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.