| |||||||||
| ||||||||||||||
Author: Engys | Topic: X11 forwarding over SSH & Pulseaudio | Last change: 2013-09-04 12:10:26 | ||||||||||||
For X11 forwarding in this example you need to edit /etc/ssh/ssh_config and unmask ForwardX11 yes
and /etc/ssh/sshd_config X11Forwarding yes
X11DisplayOffset 10 X11UseLocalhost yes To create a local Pulseaudio connection by using ssh you need to adjust your Pulseaudio preferences with paprefs. Keep in mind you do this on the client side. In this example the client side is the account that controls the display hardware. Open a terminal and type in: paprefs
Adjust Network-Server and permit Pulseaudio to connect to local audio devices. More is not required! Then you create your connection to another local account. Here is an example for a local connection to Firefox+Flash in a separate useraccount: ssh -X zock@127.0.0.1 PULSE_SERVER=127.0.0.1 /home/zock/opt/firefox23/firefox
Anyway for a 3D accelerated application over ssh you will need a trusted X11 connection. Trusted X11 forwarding is a security risk! If you have an open trusted X11 connection every keystroke on the client side can be grabbed on the server side. So if you open up a root terminal while having started an application over trusted X11 forwarding the server can catch your password even if the focus is placed in another window! For a trusted X11 connections we use -Y instead of -X as ssh parameter. If you like to test the security risk on a trusted X11 connection you can compile the following sourcecode for yourself: http://web.mit.edu/Watchmaker/src/xkey/xkey.c to test the binary type in: ./xkey $DISPLAY
To use your applications in different user accounts it is better to start an independent X session. Simply log in your account via virtual console (ctrl+alt+f1-f6) and fire up: startx
use (ctrl+alt+f7-f12) to change between your X sessions. In some distributions like Arch Linux the X session take place on the same virtual console where you startx. | ||||||||||||||
|