Running X application through SSH tunnel with Xstart

Xstart uses the X11 forwarding of the SSH protocol which transfers the X11 packets via secure SSH connection and provides cookie-based user authorization to start X client. 

The SSH protocol not only secures the X11 connection but also makes it easy to connect to X applications beyond the NAT gateway, so a user from a private IP network can connect to a x client in public IP network without port forwarding.

First make sure that the X11 forwarding feature is enabled in server side and then run an X application.


Steps

To enable X11 forwarding service in the SSH server:

Setup the configuration file in the following table.


SSH serverConfig fileSetup
OpenSSH/etc/ssh/sshd_configX11Forwarding yes
SSH.COM/etc/ssh2/sshd2_configAllowX11Forwarding yes


To run X11 applications, go through the following steps:

  1. Run Xstart in the Xmanager folder.
  2. Click New. RESULT: A New Session dialog box appears.
  3. Enter a new session name, and click OK.
  4. In the Host box, enter the hostname or IP address of the remote Linux/Unix host.
  5. In the Protocol box, In the Protocol box, whatever protocol available on the remote host can be selecteds. But select SSH protocol at this time.
  6. To set up protocol-specific options such as port and time-out, click Setup.
  7. In the Username box, enter the user account on the host.
  8. Select an Authentication type from the Authentication list.
  9. To set up Authentication-specific options such as password and public key, click Setup.
  10. In the Execution Command box, enter a command that will be executed on the host. We are going to run xterm, so enter one of the following:
    /usr/bin/X11/xterm -ls
    /usr/bin/gnome-session
    /usr/bin/startkde

    Note

    The full path to the execution command may be different depending on the remote host. To get the path of each host, please refer to the following FAQ: 

  11. Press the Run button.

If you have any connecting problems, see the Troubleshooting section below.

Troubleshooting

Failed to connect to the remote host.

  • Make sure that SSH server program is installed and running on the remote system.
  • Check the TCP port number (by default, 22) that the SSH server is listening. Change the port number in the 'Port Number' box of the 'SSH Protocol Setup' dialog to the corresponding port number.

Server does not support password authentication.

  • The SSH server demands public key user authentication and the user should create a public key pair and download its private key to login. Please refer to Xmanager Help to find out how to import/export user keys. You can choose to use public key by selecting 'public key' option from the 'User Authentication' section of the 'SSH Protocol Setup' dialog.

Xmanager shows a security warning for the connection originated from 127.0.0.1 (local host).

  • When the SSH protocol is used, Xstart (Xssh.exe) works as the X11 proxy, so that the X11 connection comes from localhost (127.0.0.1) and it is totally safe.
  • If you want to avoid this warning message, then add 127.0.0.1 into the Trusted hosts (Click Configure... in the Security tab of the Xconfig program).