kisscommunity

kisscommunity.bvnf.space site sources
git clone git://bvnf.space/home/kiss/kisscommunity.git
Log | Files | Refs | Submodules | README

index.txt (6793B)


      1
      2
      3
      4
      5
      6
      7
      8
      9
     10
     11
     12
     13
     14
     15
     16
     17
     18
     19
     20
     21
     22
     23
     24
     25
     26
     27
     28
     29
     30
     31
     32
     33
     34
     35
     36
     37
     38
     39
     40
     41
     42
     43
     44
     45
     46
     47
     48
     49
     50
     51
     52
     53
     54
     55
     56
     57
     58
     59
     60
     61
     62
     63
     64
     65
     66
     67
     68
     69
     70
     71
     72
     73
     74
     75
     76
     77
     78
     79
     80
     81
     82
     83
     84
     85
     86
     87
     88
     89
     90
     91
     92
     93
     94
     95
     96
     97
     98
     99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112
    113
    114
    115
    116
    117
    118
    119
    120
    121
    122
    123
    124
    125
    126
    127
    128
    129
    130
    131
    132
    133
    134
    135
X11-FORWARDING [0]
________________________________________________________________________________

X11-Forwarding is a secure shell feature, which allows one to forward/tunnel
X11 connections through an existing SSH session. This is used to run X11
programs on a server while the ssh-client displays the graphical window through
the user's X11-server.


Dependencies
________________________________________________________________________________

In most cases, you will already have the required dependencies. At minimum, 
ensure that you have the following installed:

+------------------------------------------------------------------------------+
|                                                                              |
|   $ kiss b xorg-server && kiss i xorg-server                                 |
|   $ kiss b xauth && kiss i xauth                                             |
|                                                                              |
+------------------------------------------------------------------------------+


Remote Server Configuration
________________________________________________________________________________

Configuring X11-Forwarding for a remote server is straightfoward and, once
completed, a viable alternative to most opensource VNC and RDP server options.
All that is required are a few modifications to configuration files that exist
on your remote X server:

+------------------------------------------------------------------------------+
|                                                                              |
|   $ echo "XauthLocation /usr/bin/xauth" >> /etc/ssh/sshd_config              |
|   $ echo "X11Fordwarding yes" >> /etc/ssh/sshd_config                        |
|                                                                              |
+------------------------------------------------------------------------------+

At this point you are ready to test your server!


Client Configuration
________________________________________________________________________________

In order to connect to your remote server, you will need an SSH client that
supports X11-Forwarding, as well as an X server running on the same client. Some
popular cross-platform options include the following:

* vcxsrv (recommended, server only) [1]
* MobaXterm (both SSH client and X server, for Windows only) [2]
* Xming (server only) [3]
* X410 (server only) [4]

From the client side, connect to the server via SSH through your favorite
terminal application while passing the "-X" switch. Pay attention to any
errors that may occur on connection. More verbose output can be achieved by
passing the "-v" switch:

+------------------------------------------------------------------------------+
|                                                                              |
|   $ ssh -X -v user@localhost                                                 |
|                                                                              |
+------------------------------------------------------------------------------+

You can now start any X program on the remote server, the output will be
forwarded to your local session:

+------------------------------------------------------------------------------+
|                                                                              |
|   $ xclock                                                                   |
|                                                                              |
+------------------------------------------------------------------------------+

This should create a new window with the xclock application on your client side
X server.

Use an "&" at the end of the command to prevent tying up the terminal in
question:

+------------------------------------------------------------------------------+
|                                                                              |
|   $ xclock &                                                                 |
|                                                                              |
+------------------------------------------------------------------------------+


Tips and Tricks
________________________________________________________________________________

* If your connection is slow, try enabling SSH compression by passing the "-C"
  switch.

  +----------------------------------------------------------------------------+
  |                                                                            |
  |   $ ssh -X -C user@localhost                                               |
  |                                                                            |
  +----------------------------------------------------------------------------+

* You can further improve your connection speed by using a cypher to connect to
  the remove server. This can be passed as an argument using the "-c" switch
  at the initialization of a new SSH connection. [5]
  
  +----------------------------------------------------------------------------+
  |                                                                            |
  |   $ ssh -X -C -c aes256-ctr user@localhost                                 |
  |                                                                            |
  +----------------------------------------------------------------------------+
  
* Your remote system most likely has many cypher options already available for
  you to choose from (es128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128,
  aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc,
  arcfour, etc.) and each will vary in performance and security. Check out
  websites that benchmark the various security cyphers and choose the one that
  works best for you. [6]

* Can you forward an entire desktop session?  Why yes, you can! Instructions for
  doing so vary per client, server configuration, and platform [7]. If you chose
  vcxsrv as your client on a Windows host, then I would recommend checking out
  the following youtube video:

  "Linux and Windows | X11 Forwarding with SSH | VNC Alternative" by knary
  https://www.youtube.com/watch?v=UWlsS6Jaibc


References
________________________________________________________________________________

[0] https://wiki.archlinux.org/index.php/OpenSSH#X11_forwarding
[1] https://sourceforge.net/projects/vcxsrv/
[2] https://mobaxterm.mobatek.net/
[3] http://straightrunning.com/XmingNotes/
[4] https://x410.dev
[5] https://cyberciti.biz/faq/speeding-up-ssh-x11-forwarding-with-unix-osx-linux-bsd/
[6] https://blog.famzah.net/2010/06/11/openssh-ciphers-performance-benchmark/
[7] https://blog.warbel.net/index.php/2018/02/21/using-xnest-or-putty-vcxsrv-to-start-a-full-remote-session/