SSH
SSH (Secure Shell) is a protocol for secure communication between computers. It is famously used to connect to a remote machine and execute programs there through a remote shell, but because it is a protocol (and not a particular application) it has many usages (for example secure copy or remote synchronization).
To use SSH and create a connection, you need that both the remote server and your client have SSH software installed.
The manual page of a ssh (notice the lower case, this is a shell application) open implementation says:
ssh (SSH client) is a program for logging into a remote machine and for
executing commands on a remote machine. It is intended to replace rlogin
and rsh, and provide secure encrypted communications between two untrust-
ed hosts over an insecure network. X11 connections and arbitrary TCP
ports can also be forwarded over the secure channel.
All Linux and Unix systems (including MacOSX) have ssh programs that can act as SSH clients to connect to a remote machine. Execute them from a shell (terminal) by commanding
ssh username@remote_machine or
ssh -Y user@remote_machine if you expect to use X11 graphical applications (with some old versions of ssh the -Y option won't work, use -X instead). In the Mac, not any terminal will do: you need a X11 terminal, which is included in your installation CDs but may not be installed by default, see X11).
Remote graphical applications
That last option will tunnel X11 through a secure channel. For that to work, also the remote server must be configured properly, by adding the following line to the sshd_config
file (usually at /etc/ssh/
or /etc/
):
X11Forwarding yes
Without this option, when launching an application remotely, even when using the -Y
option in the ssh connection, you may still get an error like the following one:
error: no display name and no $DISPLAY environment available
In recent versions of ssh, you can set this option for a restricted number of users, not to everyone:
# Example of overriding settings on a per-user basis
Match User username1,username2
X11Forwarding yes
This other option in the ssh_config
file may sometimes be convenient, although not very secure:
ForwardX11Trusted yes
About X11 tunneling, see also
- http://developer.apple.com/qa/qa2004/qa1383.html
- https://www.scorec.rpi.edu/wiki/Tunneling_X11
- http://www.uic.edu/depts/accc/newsletter/adn31/xwindows.html
Windows
There is no ssh client by default in Windows, you may need to install Cygwin, see Remote Display, PuTTY or TeraTerm. They all support X11 tunneling, but only Cygwin has an X11 server included that will allow you to use it directly.
Read more in the Wikipedia.
Tunnels
SSH's tunnel capabilities are not restricted to the graphical X11. You can create tunnels for all kind of secure connections between different machines.
For example, even if your linux box is behind a firewall, you can create a tunnel to temporarily allow an external administrator fix something in it. You actually connect to the administrator machine, allowing ssh to use that connection to go back to your computer. That connection you create must be kept open for the remote administrator to login, and the tunnel will disappear whenever you break it. You should command something like
ssh -R 2222:localhost:22 guest at admin.machine.com
(The remote administrator should create a guest
account for you to login). After that, the administrator can connect to its local port 2222 (that is being forwarded to your local machine's port 22, the typical ssh port) and by using an account in your machine be able to operate it.
See also: