Secure XWindows sessions through SSH

From Wikipractice

Introduction

There are presently many graphical tools for managing Linux systems very easily. All these tools are easy to use locally, but I wanted to also use them on my remote machines.

As the configuration are not made by default, I spent a bit time in finding how to do it and decided to share this small experience.

This document is presently Debian oriented.

XWindows concepts

First of all, It seems to be usefull to remind some basic XWindows concept for those who are not familiar with them.

XWindows uses a client server model. The server is the machine which display the information to the user and the client, like the windows, mouse pointer, etc. and the client is the process which needs to display data.

It is necessary to tell the client where to display information. It is usually done in filling the DISPLAY variable as following:

export DISPLAY="remote host":0.0

where remote host is the name or the IP address of the XWindows server.

However, on my default Debian config, this didn't work. The reason for this is that XWindows protocol is a potential security problem on computers.

However, the way to configure a system to use XWindows on an ssh conenction is very easy, when one know how to do it.

Configuring sshd

Before starting to configure, make sure that ssh is installed on both hosts, then edit the file /etc/ssh/sshd_config of the XWindows client, and make sure that the following line is present and uncommented:

X11Forwarding yes

Then restart the sshd daemon.

Now, from the XWindows server, type the following command:

ssh -Y user@remotehost

Where remotehost is the XWindows client machine. Fill in the password. You should now be able to start an X11 application and the result will be displayed on the host where you issued the ssh connexion.

If you type

ssh -Y remotehost

ssh will use the current username.