Monday, August 5, 2013

Best SSH options for X11 forwarding

By SAMAT JAIN
May 8, 2006 - 2:09am

Many versions of SSH, including the extremely common OpenSSH, provide support a feature known as “X11 forwarding.”

Say on you are on one computer running an X server. You want to be able to run a GUI program on another computer (to, say, access files on it), but display the program on the computer you’re sitting at. SSH’s X11 forwarding lets you do this easily in one command, without having to worry about firewalls and permissions.

But it’s a bit slow. There are several options to SSH that you can use to make things faster.

The “-c” option allows selection of cipher for a connection. The default AES cipher is extremely slow: you can get much better performance out of the arcfour and blowfish ciphers. I’ve noticed arcfour to perform the best, but there have been legitimate complaints in the cryptography community about whether or not it is “secure.” If your paramount concern is security, go with blowfish, as it can be just as fast.

The “-C” option enables compression for an SSH connection. On anything but LAN links, compression can make a big difference. SSH performs packet-based compression. That is, it can only compress the data immediately available to it, whatever may be contained in the packet it is currently processing. This immediately limits how much compression can be done, and results in bad compression ratios. But it is usually better than nothing.

All this can be incorporated into a simple bash alias:

alias ssh-x='ssh -c arcfour,blowfish-cbc -XC'

To run a program “xterm” on machine “baz.example.com” but display its GUI on the local machine, simply run:

ssh-x baz.example.com xterm


http://blog.samat.org/2006/05/08/best-ssh-options-for-x11-forwarding

No comments:

Post a Comment