Linux Remote Access | SSH and X11 Forwarding

9:57 That feeling when you boot up Linux again after using Windows.

IDK but I felt kinda relieved at that moment of the video.

theodoros_

ssh is great, I once used it to transfer like 13 GB of data (I was transferring my /home folder to another computer), and it worked like a charm.

randint

Thank you, Chris. I remember the first time I used X11 Forwarding about a decade ago and was utterly amazed.

AnzanHoshinRoshi

If all you're using SSH X Forwarding for is to run a file manager, then you can instead just use SFTP or SSHFS instead and use a local file manager application to manage your remote files. This has the benefit that you can copy paste or drag'n'drop files to upload/download files between your local and remote machine and there's no graphic/input latency as the application will be running locally. Also, there are a number of Security issues with doing X11 forwarding if you don't fully trust the server which using SSHFS/SFTP would avoid.

yvrelna

You can run libGL apps if you use swrast mesa using llvmpipe. Might not work super fast, but it will allow apps to actually run. Not sure the state of Xming and if it even has the GLX and Composite extentions. Cygwin does.

paherbst

You should check out Xpra. TLDR: remote programs will not hang when connection breaks.
Here is "about" section from their home page:
" Xpra is an open-source multi-platform persistent remote display server and client for forwarding applications and desktop screens.

It gives you remote access to individual applications or full desktops.
On X11, it is also known as screen for X11: it allows you to run programs, usually on a remote host, direct their display to your local machine, and then to disconnect from these programs and reconnect from the same or another machine, without losing any state.
It can also be used to forward full desktops, from X11 servers, MS Windows, or Mac OS X.

Xpra also allows forwarding of sound, clipboard and printing services.
Sessions can be accessed over SSH, or password protected over plain TCP sockets with or without SSL.
Xpra is usable over reasonably slow links and does its best to adapt to changing network bandwidth constraints."
You'll probably be able to run browser or LibreOffice remotely with Xpra.

yaajfcomments

Wow, I just realized I haven't done X11 forwarding in over a decade. At one of the places I used to work at, their monitoring software was configured to SSH into Linux, AIX, and Solaris boxes and bring up status windows on a Windows PC for monitoring what was happening in each of their environments. X11 forwarding is a powerful tool when used correctly, but a lot of its previous uses has been replaced by web interfaces and the results have been a mixed bag.

That said, just seeing it again has inspired me to take another look at it and see what I can cook up now. Web interfaces for everything built on HTML5 just doesn't do everything efficiently or as well as running an app on a remote host so there's still a good need for it. Thanks Chris, ideas are floating into my head for some of my tasks at work now. :)

gwgux

Chris, I love your videos! I've just switched from Windows to Manjaro Cinnamon - and I'm running everything out of Linux except for Quicken. I've created a KVM Windows virtual machine for sole purpose of running Quicken. I'd like to suggest some video topics that would be especially helpful for me: 1. A whole SERIES on sharing and permissions, 2. A mini-series on creating KVM virtual machines (including raw vs qcow2, BIOS vs OVMF, virtual disk caching, VNC vs Spice, NAT networking vs. bridged networking, integrating NoMachine into the mix, sharing and using mounted drives - in other words, a VERY detailed series of instructional videos), and 3. If you get through the first two and still want more, I'll be happy to add to the list!!


Thanks for your assistance so far. I followed your instructions regarding creating a Conky and now have a very useful display on the right side of my display!

johnsnyder

I privately manage a few Linux machines via ssh, two remotely from UK to US. All connections are via ssh, sometimes using a tunnel for VNC and proxy browsing or using sftp to display remote file system. On the default Ubuntu file manager (files I think it is called) there is an option to connect using sftp then it shows up in your file manager locations same as local files. This would then make all remote files easily available for editing with any local application. Personally I've never found X11 forwarding very successful. Great videos by the way.

sendgl

SSH Episide 2: sshkeys. Episode 3: sshfs. Episode 4: Tunnels - x11vnc piped over ssh, local desktop access behind safe, key only, ssh authentication.

contournut

Holy moly! I remember asking for this video tutorial a couple of months ago. Finally you delivered it. Thank you!!

aaronryder

Chris Titus Tech well. Yes and no. If you trust your local network and the network you connect to than tunnelling X11 is as safe as tunnelling any other application. How ever the X11 protocols themselves are not considered “safe for internetwork use”. There are a whole heap of security holes in the X11 protocol and it’s why most admins disable it outright in favour of a vnc / OpenVPN setup for tunnelling the main desktop to a remote location (desktop :0 or :1 ). This has less of the issues of X11 but still has some.

For any externally accessible ssh service you should employ at least
- fail2ban or other logscanner and banner
- key only login. Passwords are to easy to brute force / obtain via other means.
- a proper firewall (I personally prefer CSF but that quite strict UFW if configured will also work)

The reason google-chrome failed is that your X11 was not elevated. So it could not access the cryptographic random function if your remote box. (Something you should not want through X11).

Also remember that access to a box is also access to your network. It is often easier to break into a mother box from the inside.

I personally use ssh daily and keep on learning more about it (wishing I knew about it when I started working on windows 98 Remote Desktop... it would have saved me a ton of headache).

sysosmaster

I typically ssh-keygen then ssh-copy-id to all my endpoints then create a whiptail script to have a quick menu where I can select a system and on select.... instant ssh connection without entering password. Very helpful when you have a too many raspberries ;-)

brianjune

Your enthusiasm is infectious. Could you do a tutorial on setting up a FTP Server using vsftpd?

drumpfall

*Chris the best example you should have shown the usage of X11 & SSH would have been on cloud platforms like SSH into a server on AWS or AZURE. ..☺👍*

terry.chootiyaa

i cant pull up gedit at the 4:50 mark as it states " 'gedit' is not recognized as an internal or external command,
operable program or batch file." how can i fix this i have downloaded and installed it on my windows machine as well as my alpine VM?

timgoppelsroeder

What do you do on the Linux side to enable X11?

wfv

For windows i recommend MobaXterm, has X11 forwarding support perfectly working out of the box nothing else needed!
For Linux the linux side there is another really neat application called X11Clone which allows you to view your desktop session over ssh. Its basically a secure VNC alternative that does not need open ports other than SSH.

Henk

What about ufw the iptables frontend for beginners?

hewfrebie

Nice video which, unfortunately, showcases the shortcomings of X11 forwarding. Although it's more work to setup, something like XRDP or FreeNX provides a much better experience! Also, since you are covering SSH, SCP is another one that's so very useful!!

dennisjoslin