X11 forwarding
You can encrypt X sessions over SSH. Not only is the traffic encrypted, but the DISPLAY environment variable on the remote system is set properly. So, if you are running X on your local computer, your remote X applications magically appear on your local screen.
You can enable X11 forwarding with ssh -X host.
Compressing data
SSH can use gzip compression on any connection. The default compression level is equivalent to approximately 4x compression for text. Compression is a great idea if you are forwarding X sessions on a dial-up or slow network. Turn on compression with ssh -C.
Roaming behind the firewall.
Suppose you have to connect to machines, that are located in some remote place behind a firewall. The gateway "G" is a remote server that has the authority to connect to those machines.
What we would like to do is to use any kind of X11 UI on workstation A, for instance. We need two ssh tunnels to connect to the workstations. With the first tunnel we will remap the local port using -L option. The general syntax will be:
ssh -L{local_port}:{workstation}:{remote_port} {user}@{hostname}
After this the gateway will become transparent for us. The second tunnel created for localhost will actually go forward to the gateway and connect to {workstation}.
ssh -X -o "HostKeyAlias {workstation}" {user}@localhost
Given the example above, let's try to connect user "ant" to the workstation "corona" via "aragorn" gateway. Note that we want to use X11 forwarding to be able to work with graphical environment. There are several ways to do this. I'll describe two possible solutions here (assuming that you have M$ Windows running on your PC).
Cygwin
With Cygwin environment one may get the connection to the workstation using following steps.
- Start cygwing environment
- Start X11 environment, type strartx
- Ensure you have at least two xterm windows. Type xterm & to start another xterm
- Create first SSH tunnel: ssh -L2222:corona:22 ant@aragorn
- In another xterm window create the second SSH tunnel: ssh -X -C -o "HostKeyAlias corona" -p 2222 ant@localhost
To verify is the X forwarding works fine, just type any app. name to the remote xterm, like xclock - and the xclock application should open on your machine while actually running on the remote host.
WinAxe + Putty
If you don't have cygwin environment installed and you're unwilling to install it, then we have another solution here. WinAxe and putty can be used to create the same SSH tunnels as with cygwin. Follow the steps:
- Install WinAxe, and run XSession
- Start putty, specify the connection parameters and create a tunnel as shown on the pictures below.
- Start another putty window and create new tunnel against localhost with X-forwarding enabled.
After putty sessions are started you can do the same trick again as with cygwin, start a remote application so that it looks like running on your machine.