Although server hosts typically have no graphical desktop and only serve console-based clients, these machines still have the ability to serve a GUI display screen to a remote desktop if necessary.
The X11 protocol makes it possible to send the graphical display to a remote graphical desktop.
Beyond the ability to run GUI utilities on a console-based server, this can also be useful if remote applications running in “headless” mode need to be debugged. For example, if Selenium tests using a headless version of Chrome are failing, you may get hints by looking at the remote browser visually.
Overview
So that we are clear on terms, the “X client” is the remote server that is console-based and does not run a graphical desktop. The “X server” is the end-user device running a graphical desktop environment (Ubuntu desktop host, Windows, or Mac).
We are going to enable the sshd service of the “X client” to forward X11 communication. And from the graphical desktop we are then going to initiate an ssh connection to the “X client”, making sure that the X11 forwarding client setting is enabled (-X).
With the communication channel established via ssh, graphical applications run on the “X client” will be tunneled across and displayed on the “X server” GUI desktop.
X client, OS packages
Ensure the basic OS packages are installed along with a small vim GUI for testing later.
sudo apt install -y xauth x11-utils vim-gtk
X client, ssh settings
Configure the ssh daemon on the X client to forward X11, ensure “/etc/ssh/sshd_config” has the following values.
# use 'inet' instead of 'any' to allow X11UseLocalhost=yes AddressFamily inet X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes TCPKeepAlive yes
And then restart the sshd daemon:
sudo systemctl restart sshd sudo systemctl status sshd
X server, validate X11 forwarding for ssh connection
From the X server (the graphical desktop), we should be able to see the DISPLAY environment variable populated when making the ssh connection to the remote X client sever.
# '-X' flag enables X11 forwarding from client side $ ssh -X <user>@<Xclient> -p 22 'echo $DISPLAY' localhost:10.0 # OR if using ssh private key authentication instead of password ssh -X -i <privateKeyFile> <user>@<Xclient> -p 22 'echo $DISPLAY'
If this connection is successful, then you can skip to the next section.
If the ‘-X’ flag does not work, try using trusted X11 forwarding with the ‘-Y’ flag.
Troubleshooting undefined DISPLAY variable
If the DISPLAY variable refuses to populate, then check the xauth by ssh’ing into the remote host and running the following commands.
# display list of valid clients, you should see MIT-MAGIC-COOKIE for remote host $ xauth list # should return 'SI:localuser:<user>' as authorized client $ xhost access control enabled, only authorized clients can connect SI:localuser:myuserid
If the remote host does not show up under ‘xauth list’ or ‘xhost’ does have an “SI:localuser” entry, then add authentication to localhost. Then logout and try the connection again.
DISPLAY=localhost:10.0 xhost +localhost exit
When you ssh back to the X client, you should also be able to see the X11 forwarding listener on port 6010.
$ echo $DISPLAY localhost:10.0 $ netstat -tulnp | grep 6010 tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN - # should now return MIT-MAGIC-COOKIE value $ xauth list # should now return "SI:localuser:<user>" entry $ xhost
X server, Test remote app from Ubuntu graphical desktop
If you are running from an Ubuntu graphical desktop then you already have an X server running locally so no further installation is necessary. Using the ssh connection from the previous section, invoke the ‘gvim’ application located on the remote X client server.
echo $DISPLAY echo "This should be displayed in gvim!" > test.txt gvim test.txt
This should bring up the graphical vim editor on your local graphical desktop, using the ssh connection to tunnel the X11 traffic.
Test from Windows
To test from Windows, we need to install an ssh client capable of X11 forwarding like PuTTY, and an X Server implementation such as VcXsrv. Download and install both applications with all defaults.
Open PuTTY and establish an ssh connection from Windows to the remote X client, making sure you enable X11 forwarding in Connection>SSH>X11. As shown below, check the X11 forwarding box, put in “localhost:10.0” for the display location and select the “MIT-Magic-Cookie” setting.
The DISPLAY variable is set to ‘localhost’ because the ssh connection is tunneling the X11 protocol locally.
Once you have started the remote ssh connection, run gvim from the console.
echo $DISPLAY localhost:10.0 echo "This should be displayed in gvim!" > test.txt gvim test.txt
And it should be displayed on your Windows desktop like below.
Firefox example
For a more complex example, you can always install something like Firefox. From the X client machine:
sudo apt install -y firefox firefox --version Mozilla Firefox 62.0.3
And then from the Windows or Ubuntu desktop, create the ssh connection, and run:
firefox
REFERENCES
diagram for this article (app.diagrams.net)
https://gist.github.com/vietlq/8b20d09fdfe5f02f8b511c7847df39ee (example using gvim)
https://www.uxora.com/unix/45-xdisplay-over-ssh-with-putty-xming-vcxsrv (putty settings)
https://www.techotopia.com/index.php/Displaying_Ubuntu_Linux_Applications_Remotely_(X11_Forwarding) (for Ubuntu using ssh -X)
https://comphelp.chem.wisc.edu/content/installing-vcxsrv-and-putty
https://sourceforge.net/projects/vcxsrv/ (download VcXsrv)
http://www.geo.mtu.edu/geoschem/docs/putty_install.html (putty and xming)
https://serverfault.com/questions/273847/what-does-warning-untrusted-x11-forwarding-setup-failed-xauth-key-data-not-ge (troubleshooting DISPLAY, xauth)
http://users.stat.umn.edu/~geyer/secure.html (do not use xhost anymore, if using ssh then xauth should work)
man page for xhost, explains that SI stands for “Server Interpreted”
dbadump blogspot, remove all xauth entries
goteleport.com, good examples and diagrams of x11 forwarding remotely and tunneled