SSH is normally used for remote access and administration where tasks are done from the CLI (Command Line Interface), using command line tools.

SSH can forward the display or GUI from the SSH server to the client, enabling running X11/X or graphical apps from within an SSH session.

You can run graphical applications via SSH by configuring X11Forwarding directive and installing xauth on the server, and then enable the X11 forwarding option on the client when connecting. You will also need to be running a graphical desktop such as GNOME or KDE yourself, though it does not need to be the same desktop environment as in the remote server.

Related: How to use X11-Forwarding in SSH as root or sudo user

Steps to start GUI application via SSH:

  1. Enable X11Forwarding in the SSH server.

    Related: How to enable or disable X11Forwarding in SSH server

  2. Make sure xauth is installed on the SSH server. 

    $ sudo apt update && sudo apt install --assume-yes xauth #Ubuntu and other Debian-based distribution $ sudo dnf install --assumeyes xorg-x11-xauth #CentOS and other Red Hat based distributions

  3. Connect SSH client to SSH server with X11 forwarding option enabled. 

    $ ssh -X remote-host.com [email protected]'s password:  user@remote-host:~$

    -X is the option to enable X11 forwarding from the client. You can also use -Y option to enable trusted X11 forwarding.

    -X
    Enables X11 forwarding. This can also be specified on a per host basis in a configuration file. X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring. For this reason, X11 forwarding is subjected to X11 SECURITY extension restrictions by default. Please refer to the ssh -Y option and the ForwardX11Trusted directive in ssh_config(5) for more information. (Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension restrictions by default, because too many programs currently crash in this mode. Set the ForwardX11Trusted option to “no” to restore the upstream behavior. This may change in future depending on client-side improvements.)

    -Y
    Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls. (Debian-specific: In the default configuration, this option is equivalent to -X, since ForwardX11Trusted defaults to “yes” as described above. Set the ForwardX11Trusted option to “no” to restore the upstream behavior. This may change in future depending on client-side improvements.)

  4. Run X11 or GUI application from command line. 

    $ xclock

    All the resources that you interact with during the session, such as opening files, will be those on the remote server.