SSH X11 Forwarding Of Gnome-Boxes Under Wayland & Mixed Wayland & X11 Environments
Debian has made the commitment to continue forward with Wayland. Those of us who use SSH X11 forwarding regularly are stuck with that for the time being, but contrary to some of the griping on the Web, SSH X11 forwarding still works fine with Wayland. It just requires a little different praxis. Most help forums just instruct users who want to use SSH X11 forwarding to run their system under Xorg, and remind them that gdm (gnome display manager) offers the option to start either an X11 gnome session, or a Wayland gnome-session from the login screen. Sure that works... but it becomes a nuisance for SSH remote networking; since you cannot start a session from a display manager login prompt with SSH on Wayland, or from Wayland without allowing SSH a root login. I’m not going there myself, and I don’t even recommend it anymore for administrators without a security abstraction layer. In the specific case of gdm, I do think there is a potential to write a post-session script to facilitate a user auto-login to Xorg via SSH, but again I don’t think those kind of things can be hardened properly in root except by allowing only user space to SSH. Anyway, as you will see here, there really isn’t a problem with SSH X11 forwarding under Wayland if you remember two things: a Wayland SSH client requires a nested X server (I use Xephyr), and a Wayland SSH host requires the preset string before your application command: GDK_BACKEND=x11. It’s easy to understand that Xephyr becomes your X11 frontend (display) on your client, and you are telling your Wayland host to use an X11 backend to run your specific application of choice on your client’s X-display (Xephyr window).
Configuration 1): SSH client on Xorg and SSH host on Xorg. This of course works flawlessly, at least the way I want it to, with all the RAM/CPU tax on the bigger host machine. Open a terminal and run in a normal syntax like here: ssh -X trinidad@10.42.0.73 -p 54321 gnome-boxes 2>/dev/null
SSH host on Xorg image below:
SSH client on Xorg image below:
Configuration 2): SSH client on wayland and SSH host on Xorg. In this case with the client on wayland, and the server on Xorg, though the client still displays the gnome-boxes guest remotely via Xwayland, you cannot login, because the host keyboard set and the spice user tools cannot be grabbed by an SSH client running a virtualized guest in an Xwayland window. An Xwayland window does not work the same as a nested Xserver window. The solution is simple enough. Open a terminal and run the command: Xephyr -br -ac -noreset -screen 1150x850 :8 then open a new terminal window and run a like syntax to what follows: DISPLAY=:8 ssh -X trinidad@10.42.0.73 -p 54321 gnome-boxes 2>/dev/null Because your client is on wayland you need a nested Xserver to display X11 forwarded applications even though your SSH server is on Xorg. Now your spice tools and keyboard will work just fine.
SSH host on Xorg image below:
SSH client on wayland image below:
Configuration 3): SSH client on wayland and SSH host on wayland. In this case you need both a nested Xserver on your client and a command string to start an X11 backend on your host. On your client open a terminal and run: Xephyr -br -ac -noreset -screen 1150x850 :8 then open a new terminal window and run like the syntax here: DISPLAY=:8 ssh -X trinidad@10.42.0.73 -p 54321 GDK_BACKEND=x11 gnome-boxes 2>/dev/null Your a spice tools and keyboard will all run fine in your virtualized guest.
SSH host on wayland image below:
SSH client on wayland image below:
Configuration 4): SSH client on Xorg and SSH host on wayland. Here you won’t need a nested Xserver because your client is on Xorg, but because your host is on wayland you will need the x11 backend command string in your SSH command. Open a terminal and run like the syntax here: ssh -X trinidad@10.42.0.73 -p 54321 GDK_BACKEND=x11 gnome-boxes 2>/dev/null Your spice tools and keyboard will all work fine in your virtualized guest.
SSH host on wayland image below:
SSH client on Xorg image below:
I hope this lays to rest the misconceptions concerning SSH X11 forwarding and wayland, at least as far as the gnome DE is concerned. My use case here was a Debian gnome 9.9 SSH host and a Debian 10 gnome SSH client both capable of running wayland or Xorg. As Debian gnome moves toward the future with wayland, more and more applications are going to move to pure wayland, but in the meantime SSH X11 forwarding will continue to work for Xorg compatible applications.