= Running GUI Programs = SSH can be used to tunnel graphical applications over a network as well as text-based ones. GUIs are more complicated than text, and therefore harder to set up and more likely to require extra software. == Check Your SSH Server Settings == By default, Ubuntu's SSH server has everything you need enabled. If you have disabled features for security reasons, you might not be able to start GUI programs. To make sure, look in your '''/etc/ssh/sshd_config''' for this line: {{{ AllowTcpForwarding No }}} This disables forwarding of Internet connections over SSH. You should delete this line if you want to use VNC for GUI programs (discussed below). Next, look for this line: {{{ X11Forwarding yes }}} This enables Unix-style GUI forwarding over SSH. If you don't see it, open the file in your favourite text editor and add that line. You will need superuser privileges to save changes to '''/etc/ssh/sshd_config'''. == Single Applications == If you are logging in from a Unix-like operating system, you can forward single applications over SSH very easily, because all Unix-like systems share a common graphics layer called X11. This even works under Mac OS X, although you will need to install and start the [[http://www.apple.com/support/downloads/x11formacosx.html|X11 server]] before using SSH. To forward single applications, connect to your system using the command-line, but add the '''-X''' option to forward X11 connections: {{{ ssh -X joe@laptop }}} Once the connection is made, type the name of your GUI program on the command-line: {{{ firefox & }}} Your program will start as normal, although you might find it's a little slower than it would be if it were running locally. The trailing '''&''' means that the program should run in "background mode", so you can start typing new commands in straight away, rather than waiting for your program to finish. If you only want to run a single command, you can log in like this: {{{ ssh -f -T -X joe@laptop firefox }}} That will run Firefox, then exit when it finishes. See [[http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1|the SSH manual page]] for information about '''-f''' and '''-T'''. If you start an application and it complains that it cannot find the display, try installing the '''xauth''' package from the Main repository. Xauth is installed by default with desktop installations but not server installations. If you suspect that programs are running slowly because of a lack of bandwith, you can turn SSH compression on with the '''-C''' option: {{{ ssh -fTXC joe@laptop firefox }}} Using '''-fTXC''' here is identical to '''-f -T -X -C'''. === Nested windows === Xephyr is a program that gives you an X server within your current server. It's available in the '''xserver-xephyr''' package in the Main repository. [[http://cafelinux.org/OptickleArt/albums/userpics/Xephyr.png|{{http://cafelinux.org/OptickleArt/albums/userpics/normal_Xephyr.png}}]] Two ssh forwarded desktops on dual monitors, click to enlarge Setting up Xephyr was explained briefly in the [[http://ubuntuforums.org/showthread.php?t=620003|Ubuntu forums]]. == Tunneling VNC connections through ssh == Virtual Network Computing ("VNC") is a cross-platform way of sharing a desktop. Once you've set your SSH server up, see [[VNC]] for more information. = Breaking out of a controlled network = Sometimes it's useful to tunnel all web traffic over SSH, without having to start Firefox on a remote computer. For example, to work around network monitoring or snooping, or to avoid badly configured routers on the Internet. If you can change the settings on your web browser, you can probably use SSH to circumvent these filters. ||{{attachment:IconsPage/IconWarning3.png}} ||'''Warning''': Filtering and monitoring is usually implemented for a reason. Even if you don't agree with that reason, your IT department might not take kindly to you flouting their rules.|| [[WikiPedia:SOCKS|SOCKS]] is a protocol is used by some proxy servers. The SOCKS protocol allows a client (such as a web browser) to ask a server to download a file for it, rather than downloading the file directly. Most SSH clients can act as a SOCKS proxy server, securely tunnelling requests through your SSH session, making an ordinary (insecure) web request from your Ubuntu computer. Using the command-line SSH client, you should activate SOCKS by doing: {{{ ssh -C -D 1080 user@host }}} '''-D''' refers to '''D'''ynamic port forwarding, and '''1080''' is the standard SOCKS port. You can use a different port if you prefer, but you should choose a port in the range 1024 to 49151, inclusive. '''-C''' enables '''C'''ompression, which [[https://calomel.org/firefox_ssh_proxy.html|speeds the tunnel up]] when proxying mainly text-based information (like web browsing), but can slow it down when proxying binary information (like downloading files). There is also a [[http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter3.html#using-port-forwarding|brief discussion]] in the PuTTY manual page about how to get PuTTY to act as a SOCKS proxy server. Once you have set your SOCKS proxy up, your applications can use a SOCKS proxy on the computer you are connecting from. For example, in Firefox: * go to Edit -> Preferences -> Advanced -> Network -> Connection -> Settings... * check "Manual proxy configuration" * make sure "Use this proxy server for all protocols" is cleared * clear "HTTP Proxy", "SSL Proxy", "FTP Proxy", and "Gopher Proxy" fields * enter "127.0.0.1" for "SOCKS Host", and "1080" (or whatever port you chose) for Port. You can also set Firefox to use the DNS through that proxy, so even your DNS lookups are secure: * Type in about:config in the Firefox address bar * Find the key called "network.proxy.socks_remote_dns" and set it to true The SOCKS proxy will stop working when you close your SSH session. You will need to change these settings back to normal in order for your browser to work again. = See also = * [[https://wiki.ubuntu.com/Recovery/Remote|Remote Recovery]] * [[AdvancedOpenSSH|Advanced SSH configuration and extra security]]