Remote X11 access from VPSs
Enabling X11 forwarding via SSH in FreeBSD
X11 has lost relevance during last years but it is still very useful in many cases. With the ubiquity of cloud services it is common to find the need to forward the X11 clients to a local server, specially if you rely on classic UNIX tools and environments.
In this short post you can find the necessary steps to configure both FreeBSD (will likely be applicable to most Linux distributions too) and Xming in Windows.
Install X11 and xauth
You will have to install an xclient and xauth to handle the authorization. As a bare basic:
pkg install xterm
pkg install xauthI do not use Xauth in my local X Window server (that is the Xming running in your laptop), but it is required by SSH as PuTTY expects to handle the authorisation via MIT-Magic-Cookies.
To access my FreeBSD box within my LAN I do not use xauth at all and I just point DISPLAY variable to the Windows box.
Enable X11 Forwarding
The first step is to enable X11 Forwarding, to do so only one line needs to be commented out from file /etc/ssh/sshd_config in our server:
Change this:
#X11Forwarding yesinto this:
X11Forwarding yes
Launch Xming
There are very few X Windows servers for Microsoft Windows. I use Xming. It is open source so you can compile yourself. However, to use it in an easy way the author provides an already compiled installation version which makes its usage straightforward. It just takes just 10 British pounds to get a user name and password, go for it so the author has some incentive to maintain it.
Once you have donated you will get a username and password to download the installation program. You will have lifetime access -or at least as much time as the author decides to maintain the software-.
Both donation and download take place at http://www.straightrunning.com/XmingNotes/.
Once installed I normally launch it via Xlaunch.
You can select multiple windows (it will integrate every X11 client program you launch as a normal Microsoft Windows window), or you can go for one single window containing the whole X11 desktop (either windowed or full screen). I normally work with multiple windows unless I am accessing a local area network server and I want the whole MWM desktop there.
I also selected 0 as Display number.
Then click on next and choose Start no client.
Click again on next and ensure that No access control is enabled. This allows any system to launch clients in your server, which usually is not a problem if you are in your own LAN environment.
Click again on Next and then on Finish and your server will be launched.
You might get the following notice:
That is related to having disabled access control. You can use access control via Xauth or hosts but normally I do not do that because I do not have the risk of anybody launching screens against my local X window server.
Once launched you will get the Xming icon on your bar with the screen number.
Your computer has now a X Window server running in :0.0 which in X terms means first screen of your first monitor.
Configure your SSH client
Under Connection/SSH/X11 check Enable X11 forwarding and use localhost:0.0 as display location. The monitor and screen values must match with the ones used by Xming.
Open a SSH session against the server and launch xterm
Next you can open normally a SSH PuTTY session against your server.
You can check that everything is working fine by typing:
$ echo $DISPLAY
localhost:10.0
$ xterm &And you will get a new X11 terminal window in your Window machine.
You would notice also that a .Xauthority file has been created under user’s home directory.
On X11 remote performance
X11 was designed from scratch as a network protocol. It is therefore a native network protocol, conceived to be fast enough in LAN environments.
When X11 runs locally the implementation does not use TCP sockets, but as it was designed to work naturally and smooth across a 1980’s LAN, it shall work fine over networks.
Current WAN connections have the same or better performance (both in terms of latency and bandwidth) than old LANs, so X11 shall work smoothly.
In practice the newer X11 applications have not been designed with such approach in mind. Features such as font aliasing and applications that heavily rely on graphical effects tend to be not optimised for X11 network remote connections. Hence it is common to experience bad performance in X11.
In particular something extremely annoying that I have not managed to troubleshoot yet is the large lag that FreeBSD/PuTTY (maybe it does affect other Linux distributions too) takes to open the first x terminal window. Once that first terminal is displayed, everything is smooth.
In general classic X11 applications will work smooth and fast. If you code your own applications following O’Reilly guides it will work fine. Trying to visualise video or graphic accelerated video will have much worse performance. Also OpenGL applications might not be able to be visualised at all.
In some sense X11 is considered outdated and one of its great virtues (the possibility to run remotely any graphical application in a different workstation) has not been honoured by many new applications, as they all assume the X server is attached locally to the machine running the X11 application.
