Written by Christian Ahmer | 11/13/2023

Optimizing X11 session forwarding over SSH

X11 forwarding over SSH is a powerful tool for remotely running graphical applications on a remote server while displaying them on a local machine. However, users often encounter issues related to speed and performance when using X11 forwarding. In this article, we'll explore the factors that contribute to the noticeable slowness when using ssh -X and why ssh -Y can offer a significant improvement. We'll also discuss the role of cipher selection, such as ssh -Y -c aes128-ctr, in optimizing X11 forwarding. I know that X11 and its forwarding mechanisms are old and dusted, but there are times when you do not have other possibilities and it would be sufficient for your needs - when it is fast enough.

Some X11 running <a class=linux computers in a room">

Understanding X11 Forwarding and SSH:

X11 forwarding works by tunneling X11 protocol messages from the remote server to the local machine through an encrypted SSH connection. This allows you to run graphical applications on the remote server while viewing their output on your local display. However, the choice of SSH flags can significantly impact the speed and responsiveness of this process.


The Slowness of ssh -X:

ssh -X is the default command for X11 forwarding, and while it gets the job done, it can be noticeably slower in some cases. The primary reason for this slowness lies in the way it handles X11 security and trusted/untrusted connections.

When using ssh -X, SSH will set up a "trusted" X11 connection, which means that the remote server is allowed to interact with your local X server to some extent. This added security layer can introduce latency, causing graphical applications to feel sluggish, especially over long-distance or high-latency network connections.


The Improvement with ssh -Y:

ssh -Y offers an improvement over ssh -X by setting up a "trusted" connection that is more permissive than the default configuration of ssh -X. With ssh -Y, the remote server can interact with your local X server more efficiently, reducing the latency and improving the overall responsiveness of graphical applications.


Cipher Selection for Optimization:

In addition to choosing between ssh -X and ssh -Y, selecting the right cipher can further enhance X11 forwarding performance. For example, the -c flag allows you to specify a cipher for SSH encryption. Choosing a lightweight and efficient cipher like aes128-ctr can result in faster data transfer, reducing the overhead introduced by encryption.

Here's how to use ssh -Y with the aes128-ctr cipher:


ssh -Y -c aes128-ctr user@ip


Conclusion:

When it comes to X11 forwarding over SSH, understanding the options available can greatly impact your experience. While ssh -X is the default and provides security, it may feel slow due to its strict trusted connection. ssh -Y, on the other hand, offers improved speed by providing a more permissive trusted connection. Additionally, selecting an efficient cipher like aes128-ctr can further enhance performance.

In summary, for users seeking a faster and more responsive X11 forwarding experience, ssh -Y with an optimized cipher like aes128-ctr is a recommended choice. By making these adjustments, you can enjoy the benefits of remote graphical applications without compromising on speed.