Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

X11 Forwarding (Unix)

X11 forwarding is a special case of remote tunneling.

SSH Tectia Server supports X11 forwarding on Unix platforms. SSH Tectia Client and ConnectSecure support X11 forwarding on both Unix and Windows platforms.

X11 forwarding

Figure 8.6. X11 forwarding

By default, SSH Tectia Server allows X11 forwarding for all users. To enable X11 forwarding only for the specified users, include an entry similar to the following in your ssh-server-config.xml file:

  <rule group="admins">
    <tunnel-x11 action="allow" />
    <tunnel-x11 action="deny" />

On Unix, you can define what type of X11 listener address will be used in X11 forwarding. The address type is configured with the settings element by adding attribute x11-listen-address that takes the following values:

  • localhost (default) - sets the DISPLAY environment variable to<screen>, where <screen> is the tunneled screen number, typically 10.0. This means that the x11 listener is bound to a loopback address; this setting should be sufficient for most use cases.

  • any - sets the DISPLAY environment variable to <address:screen>, where <address> is the interface to which the SSH session is bound (typically the first network interface) and the <screen> is the tunneled screen number, typically 10.0. This setting will bind the X11 listener to the (wildcard) interface thereby allowing connections to the proxy from other hosts. Use this setting on HPUX systems, if you need to tunnel older X11 applications (such as hpterm).

    When x11-listen-address=any, the SO_REUSEADDR socket option will be left non-set in order to prevent the possibility of session hijacking on some operating systems by other users binding to the same port with a more specific address.

For example:

    x11-listen-address="any" />

Want to see how PrivX can help your organisation?

Are you a DEVELOPER accessing cloud hosts, are you a IT ADMIN managing access & credentials in your corporation, are you BUSINESS MANAGER and want to save money or are you responsible of IT SECURITY in DevOps