User:Armin/SSH X11 Forward via NX

From ArchWiki
Jump to navigation Jump to search


X11 forwarding of graphical interfaces of remotely executed programs via SSH is a convenient feature. However, due to the X11 protocol, this is not very efficient over slow and non-local network connections, in particular when gateways/proxies are involved. X2Go offers an easy to use alternative approach, but may not be desirable in all use cases.


This article describes how to set up an efficient rootless X11 forward which be used to connect to a host on an internal network via ssh forwarding on a gateway machine.

Prerequisites

Assuming you have a working setup of SSH, install the nxproxy package on both local and remote machines, as well as nxagent on the remote host. For ease of use, consider installing SSH keys on all involved machines.

Setup

On the local machine, ssh to <host> shell via <gateway>, opening a shell and at the same time create a port forward of local port 20000 to remote 4008 on <host>:

       $ ssh -tt -L20000:<host>:4008 <gateway> ssh <host>

Note: this assumes that the forwarded port to <host> is accessible by <gateway>.

On <host>, start nxproxy with options to your liking and send it to background by issuing:

       $ nxproxy -C :8 link=adsl render=y encryption=1 &

nxproxy will now create a display at :8 and listen on <host> port 4008

On the local machine, connect the nxproxy to the remote display to the local display for rendering:

       $ DISPLAY=:0 nxproxy -S localhost:16000 &
Warning: nxproxy appears to use the default 4000 for <port> and, if given, adds it to the <port> argument, so we have to subtract this offset from our local ssh forward port (20000). This needs some investigation.


At this point, basic X11 programs such as xterm would forward to the local machine. You can test this by by issuing:

       $ DISPLAY=:8 xterm

on <host>. However, programs based on GTK+ or other toolkits might use features of X11, that would prevent them from working in this configuration.

To fix this, start nxagent in rootless mode on <host> to create another display (:9) which is forwarded to the local machine via the nxproxy connection on :8

       $ nxagent -R -display nx/:8 :9 &


For convenience, export DISPLAY on <host>:

       $ export DISPLAY=:9

and you may start using programs such as gvim, gedit or firefox just as if you had connected via ssh -X.


Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: writing needs some updating; explanation of nxproxy port offset is lacking; demonstrate how this can be used without a gateway server (Discuss in User talk:Armin/SSH X11 Forward via NX#)