Learn How To Setup X11 Forwarding over SSH on Debian Wheezy

March 26, 2019

Table of Contents

    While there is generally no need for a graphical user interface (GUI) on a server, some system administrators have encountered cases where a GUI is needed. Most often, people use VNC to access the graphical user interface of the server which, given a dangerous environment such as the Internet, brings several security risks with it. A more secure way to remotely access X11 applications is by using the “X11 forwarding” feature of SSH. This tutorial will show you how to enable it on a server running Debian Wheezy.

    Note: X11 forwarding works with Windows and OS X hosts too, although that setup requires some additional work (especially with Windows). For this tutorial, we assume Linux.

    First, you need X11 to be present on the server (gvim is just an application for testing purposes here, you can basically install and use every application you want):

    apt-get install xorg vim-gtk

    Open /etc/ssh/sshd_config with your favorite text editor and edit the following line:

    X11Forwarding no

    And add the following lines:

    Match User yourusername
        X11Forwarding yes

    And restart the SSH daemon:

    service sshd restart

    Ensure that your firewall is configured to allow SSH-connections as well as connections to the loopback-interface. A lot of problems with X11 forwarding stem from blocked connections to the loopback-interface.

    Now you can connect from your client as usual, only that now you add the -X parameter to enable X11 forwarding:

    ssh -X yourusername@yourserver.tld

    To take gvim as example, simply enter:


    into the shell. After a delay of about two seconds, a window will open. You are now securely accessing graphical applications over the Internet!

    Need help?

    Do you need help setting up this on your own service?
    Please contact us and we’ll provide you the best possible quote!