When you are running X applications over SSH, the encryption/decryption overhead of the SSH protocol may slow down the rendering of remotely running X applications. Furthermore, if an SSH session is established over a wide area network, X11 forwarding over SSH may become even slower due to network latency and throughput limitation.
In this tutorial, I will describe some tips on how to speed up X11 forwarding in SSH over wide area networks.
There are two ways to boost the performance of X11 forwarding via SSH.
First, you can use the compression option of OpenSSH client. With "-C" option, OpenSSH client will compress all data exchanged over SSH, including stdin, stdout, stderr and forwarded X11 sessions.
You can also consider using less computation-heavy ciphers in SSH, so that less time is spent during encryption/decryption. The default AES cipher used by OpenSSH is known to be slow.
An independent study shows that arcfour and blowfish ciphers are faster than AES, as shown below. According to SSH man page, blowfish is a fast block cipher which is also very secure. Meanwhile, arcfour stream cipher is known to be more vulnerable than common block ciphers. So use caution when using arcfour.
To speed up X11 forwarding by using the above tips, you can SSH to a remote host as follows.
Alternatively, you can specify these options in a SSH configuration file.
To edit a system-wide SSH configuration file:
To edit a per-user SSH configuration file:
In either SSH configuration file, add the following:
Host remote_host.com Compression yes ForwardX11 yes Ciphers blowfish-cbc,arcfour
Then you can SSH to the remote host without using any command-line option:
Note that there are some caveats in switching to a different cipher in SSH. First, the performance of a particular cipher may vary across different processor architecture. For instance, recent generations of Intel processors (e.g., Intel i5, i7, Xeon) come with hardware support for AES (e.g., AES-NI), in which case (hardware-accelerated) AES would be much faster than the rest.
Second, if the network over which X11 forwarding is established is extremely slow, then the bottleneck of X11 forwarding is actually the network, not the CPU. In this case, the performance of X11 forwarding would not be affected whichever cipher you are using.
Subscribe to Xmodulo
Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.
Did you find this tutorial helpful? Then please be generous and support Xmodulo!
Latest posts by Dan Nanni (see all)
- How to install Suricata intrusion detection system on Linux - September 3, 2015
- How to switch from NetworkManager to systemd-networkd on Linux - August 31, 2015
- How to set up a system status page of your infrastructure - August 25, 2015