[Contents] [Index]

About This Document>>     Introduction to SSH Secure Shell >>     Configuring SSH Secure Shell >>         Basic Configuration>>         Subconfigurations >>         Configuring SSH Secure Shell for TCP Wrappers Support>>         Configuring SSH2 for SSH1 Compatibility         Forwarding>>             Port Forwarding             Dynamic Port Forwarding             X11 Forwarding             Agent Forwarding     Authentication >>     Log Messages >>     Using SSH Secure Shell >>     Tool Syntax>>     Technical Specifications >>

X11 Forwarding

To enable X11 forwarding:

1. Make sure that the SSH Secure Shell software was compiled with X forwarding support. The binary packages contain runtime X detection in SSH Secure Shell version 3.2 and above. However, if X security extensions are wanted, it is necessary to compile from source. When compiling, make sure not to run ./configure with any X disabling options.
2. Ensure that xauth is in the path of the user running ./configure. Also, make sure that you have the following line in your /etc/ssh2/sshd2_config file:

    
   AllowX11Forwarding              yes
   

   X11 forwarding also needs to be enabled in the client by setting the following line in the ssh2_config file:

    
   ForwardX11                      yes
   

3. Log into the remote system and type xclock &. This starts a X clock program that can be used for testing the forwarding connection. If the X clock window is displayed properly, you have X11 forwarding working.

Note: Do not set the DISPLAY variable on the client. You will most likely disable encryption. (X connections forwarded through Secure Shell use a special local display setting.)

In SSH Secure Shell 3.2 and above, if X11 SECURITY extension is compiled in, the X11 client applications are treated as untrusted by default (the effects of this depend on your Xserver's security policy). For more information, please see the ssh2_config man pages.