Forwarding X11 traffic without "X11Forwarding yes"

It is possible to forward X11 traffic over an ssh tunnel even if the OpenSSH X11Forwarding directive is set to "no."

From the sshd_config man page:
Note that disabling X11 forwarding does not prevent users from forwarding X11 traffic, as users can always install their own forwarders.

On the client system:
1. Run xhost +localhost to permit X11 server connections from localhost.
2. Run ssh -R 6000:localhost:6000 user@remote_server to forward X11 traffic (TCP port 6000) from remote_server to the local system over an ssh tunnel. From the client perspective, the X11 traffic is originating from localhost.

On the server system:
1. Run export DISPLAY=localhost:0
2. Run an X client (e.g. xterm).

Back to brandonhutchinson.com.
Last modified: 08/11/2005