The understated usefulness of SSH, part 2.

January 11, 2009

Last time, I covered some different ways of using SSH for remote access on a LAN or over the Internet, using RSA keys for secure authentication, and how to use GNU Screen to keep a process running after disconnecting your SSH session.  This time, I’ll talk about using SSH with X11 forwarding, using VNC with SSH, and making it all run faster by adding compression and changing the cipher of your SSH session.

X11 forwarding is a feature built into X which enables you to make use of graphical applications running on a server from another computer over the network (if the server has a GUI).  This technology enables you to use graphical tools to change settings or view files on the remote computer, or to forward graphical applications to your workstation which you might not otherwise have to ability (or desire) to install.  The forwarded applications will actually be running on the server, so your local computer will have it’s processor and memory free for other things.  To use X11 forwarding in Ubuntu, just add the -X flag to your SSH command like so:

ssh -X remoteuser@<remote IP address>

Easy, huh?  Now that you’re logged into the remote computer, you can try typing “nautilus” to launch the graphical File Manager.  Notice that the files displayed are those on the remote system, and not your local machine.  You could also try running “evince” to read some PDF’s you have on the server, or “eog” to browse your photo collection remotely.  You get the idea.  I find that forwarding VirtualBox is very useful.  Doing so enables you to use or administer Virtual Machines residing on your server, without having to install any software locally, and without taking up a big chuck of your memory.

X11 forwarding is very useful for making use of specific applications, but if you need remote access to the entire desktop you can use VNC.  VNC can be run over SSH in a variety of configurations, but I’ll show you one really easy way which uses X11 forwarding.   Before this will work, VNC access needs to be enabled on the remote computer.  You will also need the xtightvncviewer package installed.  You can install it from the command line by typing “sudo aptitude install xtightvncviewer”.  Now that you know how to use X11 forwarding, you can easily set up Ubuntu’s default VNC client Vino by SSHing into the remote system (remember the -X flag) and running the command “vino-preferences”.  On the General tab, all boxes should be checked except for “Ask you for confirmation”, and of course, setting a decent password is always a good idea.  After this is all set up, you can start VNC with the command “vncviewer localhost” from an existing connection, or in a single command from your local machine like this:

ssh -X user@<IP address> vncviewer localhost

While X11 forwarding can be extremely useful, it can also be quite slow, particularly across slower network connections or over the Internet.  To speed things up, you can instruct SSH to use compression (employing the same algorithm used by gzip) by adding the -C flag to your SSH command.

ssh -C user@<IP address>

You can also opt to use a faster but less secure cipher if you are willing to sacrifice some of the SSH connection’s security in exchange for increased performance.  There are a variety of ciphers available.  The default cipher used by SSH is AES (the Advanced Encryption Standard) which is extremely secure, and is approved for top secret information by the NSA.  However, it isn’t the fastest available.  A faster and still quite secure cipher is Blowfish, which is a good compromise if AES is too slow but you still want to keep the connection secure.  An even faster, but less secure cipher is Arcfour.  Arcfour has a few known vulnerabilities, but is still being used in WEP and WPA Wi-Fi encryption, Microsoft’s RDP protocol, and a number of other cryptosystems in spite of it’s flaws.

So, to use SSH with the speedier but still secure blowfish cipher, you would type:

ssh -c blowfish-cbc user@<IP address>

If you wanted to use Arcfour:

ssh -c arcfour user@<IP address>

Therefore, to connect to the remote system using SSH with X11 forwarding enabled, plus compression and the fast arcfour cipher, use:

ssh -c arcfour -XC user@<IP address>

Well, I hope you’ve found this useful.  If you have any questions or suggestions, please feel free to comment!

Next time, I’ll finish up this series with some tips on using Bash aliases to simplify the commands involved, as well as a couple other useful things you can do with SSH.  Thanks for reading!


4 Responses to “The understated usefulness of SSH, part 2.”

  1. ubersoldat Says:

    Just today I was showing the SSH X forwarding magic to a friend and did the VNC trick.I didn’t any of the settings you recommend here so it was a little slow, but now I’m gonna try with those settings and see how things go.

  2. […] The understated usefulness of SSH, part 2. […]

  3. rik Says:

    tried ssh -X <> then tried nautilus just get “cannot open display”

  4. omegamormegil Says:

    Make sure you are leaving out the ‘<>’. If the IP address of the computer you are trying to connect to is and the usernames are the same on both computers, you would want to type “ssh -X”. You may need to check your SSH settings on the remote computer to ensure X forwarding is enabled. Edit the file /etc/ssh/sshd_config and make sure you have a line that says “X11Forwarding yes”. If it is set to no, just change the “no” to a “yes”.

    For additional reading, check out the Ubuntu Community Documentation on X11 forwarding here:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: