X session via ssh tunnel


Direct logins using X are a problem because it's unencrypted; that means that your username and password go over the network visible to anyone bothered enough to look for them. Furthermore, everything you do on the remote system travels over the network to your desktop unencrypted, which means any passwords or other confidential information you use is also visible on the local network.

In the same way that telnet have been near universally replaced with SSH, it's time to do the same with plain X logins.

Handily the solution is the same - SSH has in built support for running X traffic securely across the encrypted link:

Using PuTTY from Windows

It's fairly straightforward to run a full X session over SSH; the first step is to start an X server in passive mode - this way it will be there to accept requests when they come in, but won't try to log you on to the remote system directly. For eXceed it's simply a matter of starting it, not using the icon for XDMCP:

Exceed can be configured using the xconfig option to always run in passive mode when you click the Exceed icon or, when it starts select the passive option.

Once that's done (the eXceed splash screen will appear and disappear) then you need to start PuTTY in the usual way. Most new Windows desktops have it installed in  Start, Programs, WinSCP3 & PuTTY, PuTTY.

If you do not appear to have putty installed on your desktop the simplest option is to install a copy on your desktop yourself. Google putty, which will find select the download page, click on putty.exe in the windows section, select the option to save the file, save it on your desktop. You can then start it up and configure it as below.

You need to set up a few options, this picture gives an overview of where to find them, but we'll go through them individually:

Enter the host name eg and save this as pplxint1-kde.


Firstly, we need to actually turn on X forwarding, under the SSH->X11 set of options:


Then tell PuTTY that we want it to start a KDE session when we log in :


And finally, we should tell PuTTY what username to log us in with:


Once that's all set up it makes sense to go back to the top level of PuTTY options and save those settings as a stored session - that way all we need to do next time is double-click the entry in the list, rather than set everything by hand again.


Once you have your session started up its a very good idea to open a terminal window and change the font to Fixed, as that improves scrolling performance no end. Then click the save options, so that all future windows will have the fixed fonts.


Using SSH from a Linux system

This is somewhat simpler - assuming that your local Linux system is running an X server already then you simply need to open a terminal and run:

ssh -X

or alternatively set the option permanently in your ~/.ssh/config file:

ForwardX11 Yes

then any graphical programs that you start on the remote system will display on your local machine. One potential catch is that SSH sets the DISPLAY environment variable automatically on the remote end to point to itself - if your login scripts reset DISPLAY they will break the forwarding setup, so you need to ensure that they don't reset it if it's already been setup.