SSH is normally used for remote access and administration where tasks are done from the CLI (Command Line Interface), using tools available for the command line .

SSH also has the ability to forward the display or GUI from the SSH server which would enable running X11/X or graphical application within an SSH session.

You can run graphical application via SSH by configuring X11Forwarding directive and installing xauth on the server and enabling the X11 forwarding option on the client when connecting. You also need to run a graphical desktop yourself such as GNOME or KDE, though it's not necessarily the same desktop environment as in the remote server.

Steps to run graphical software on remote server and PC via SSH:

  1. Enable X11Forwarding in the SSH server.
  2. Make sure xauth is installed on the SSH server.
    $ sudo apt update && sudp apt install --assume-yes xauth #Ubuntu and other Debian-based distribution
    $ sudo dnf install --assumeyes xorg-x11-xauth #CentOS and other Red Hat based distributions
  3. Connect SSH client to SSH server with X11 forwarding option enabled.
    $ ssh -X remote-host.com
    [email protected]'s password: 
    [email protected]:~$ 

    -X is the option to enable X11 forwarding from the client. You can also use -Y option to enable trusted X11 forwarding.

    -X
    Enables X11 forwarding. This can also be specified on a per host basis in a configuration file. X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring. For this reason, X11 forwarding is subjected to X11 SECURITY extension restrictions by default. Please refer to the ssh -Y option and the ForwardX11Trusted directive in ssh_config(5) for more information. (Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension restrictions by default, because too many programs currently crash in this mode. Set the ForwardX11Trusted option to “no” to restore the upstream behaviour. This may change in future depending on client-side improvements.)

    -Y
    Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls. (Debian-specific: In the default configuration, this option is equivalent to -X, since ForwardX11Trusted defaults to “yes” as described above. Set the ForwardX11Trusted option to “no” to restore the upstream behaviour. This may change in future depending on client-side improvements.)

  4. Run X11 or GUI application from command line.
    $ xclock

    All the resources that you interact with during the session such as opening files will be those on the remote server.

Support us on Patreon if this guide has helped you. Thanks!!!

Discuss the article:

Comment anonymously. Login not required.

Share!