Upgrade Your VNC Experience by Switching to X11 Forwarding

A simple guide to running programs straight from your Linux workstation on a remote host. Windows included.

Photo by Sai Kiran Anagani on Unsplash

Background

My team uses Fedora in a Windows environment. Usually, it works okay, but VNC for pair programming was fraught with troubles. We run multiple monitors locally, but pairing on a large conference room TV required disabling monitors and lowering the screen resolution. After we finished, we had to switch it back. Don’t even get me started on the lag that VNC introduced.

X11 forwarding is a simple and battle-tested way to access our Linux workstations (and their remote data/programs) from a Windows machine. It’s a perfect solution for pair programming without having to install the entire stack of tools.

After you complete this guide, you should be able to use a Windows workstation to run your IDE directly from your Fedora workstation just like it was a native experience.

Setting up X11 Forwarding on Linux

Let’s get started by setting up your Linux workstation. This guide assumes you’re running Fedora 29, but it should be easily adaptable to some other distributions and versions.

For this to work, you’ll need some non-default packages on your workstation.

sudo dnf install xorg-x11-server-Xorg xorg-x11-xauth xorg-x11-apps

Next, we need to enable X11 forwarding within our SSH server configuration. Add to the file the following to /etc/ssh/sshd_config:

Match User your_username_here_plz
    X11Forwarding yes

Then test your configuration to verify the edit parses:

sudo sshd -t

Like in most Unix things, no output means no errors.

Now we are ready to restart the SSH service so it picks up your new configuration:

sudo systemctl restart sshd.service

Your SSH server now knows that it can forward X11 sessions over SSH!

Next up is opening the required ports in your firewall.

sudo firewall-cmd --add-service=ssh
sudo firewall-cmd --add-service=ssh --permanent

The first command applies to the current running rule set, while the second writes the configuration to disk. Rather than flushing iptables to get the rule in effect right away, I’ve always just run the command twice (once including --permanent).

That’s it for your host workstation. Next up, we’ll configure the Windows client.

Connecting from another Linux workstation

Just run your SSH session with the -X flag to enable X11 forwarding.

For Windows, forget Putty and use MobaXterm instead

You’ll need an Xserver compatible client. Putty can do this, but I’ve found it awkward to configure and use. In this guide, we’ll use MobaXterm. They offer a free version with some restrictions. Personally, I run the portable edition and it works great.

MobaXterm free Xserver and tabbed SSH client for Windows

MobaXterm has all the right settings and support packages built in, so there’s no special configuration.

We’re now ready to test things out by connecting to our Linux workstation from a Windows machine.

SSH into your machine normally, then execute a GUI program like you normally would at your workstation.

Typing in xclock is a super easy way to test that things are working.

Now’s a good time to mention that this is not a security-hardened guide. In order to get down to the basic implementation of X11 forwarding, I’ve assumed that you are on a trusted network. If that’s not your case, please look into properly securing sshd as you work through this guide.