You can run a GUI application on a remote server and display it on your local machine using SSH. This process, known as X11 forwarding, allows you to use graphical interfaces over a secure SSH connection. It's especially useful when you need to access Linux remote servers with a graphical interface.

To run a graphical application over SSH, you must configure both the client and server. The server should have X11Forwarding enabled and xauth installed. The client needs to connect with the X11 forwarding option enabled. Both systems must also be running a graphical environment, such as GNOME or KDE.

This method is helpful when the application you need is not available on your local system. You can interact with the remote GUI application as if it were running locally, making it a practical solution for remote work.

Steps to run GUI application via SSH:

  1. Enable X11Forwarding on the SSH server.
  2. Install xauth on the SSH server.
    $ sudo apt update && sudo apt install --assume-yes xauth # Ubuntu and other Debian-based distribution
    $ sudo dnf install --assumeyes xorg-x11-xauth # CentOS and other Red Hat based distributions
  3. Connect to the SSH server from the client with X11 forwarding enabled.
    $ ssh -X remote-host.com
    user@remote-host.com's password: 
    user@remote-host:~$ 

    -X is the option to enable X11 forwarding from the client. You can also use -Y option to enable trusted X11 forwarding.

    -X
    Enables X11 forwarding. This can also be specified on a per host basis in a configuration file. X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring. For this reason, X11 forwarding is subjected to X11 SECURITY extension restrictions by default. Please refer to the ssh -Y option and the ForwardX11Trusted directive in ssh_config(5) for more information. (Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension restrictions by default, because too many programs currently crash in this mode. Set the ForwardX11Trusted option to “no” to restore the upstream behavior. This may change in future depending on client-side improvements.)

    -Y
    Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls. (Debian-specific: In the default configuration, this option is equivalent to -X, since ForwardX11Trusted defaults to “yes” as described above. Set the ForwardX11Trusted option to “no” to restore the upstream behavior. This may change in future depending on client-side improvements.)

  4. Run the GUI application from the command line.
    $ xclock

    All the resources that you interact with during the session, such as opening files, will be those on the remote server.

Discuss the article:

Comment anonymously. Login not required.