Most people know that you can run command line programs over SSH. But a lot of people don’t realize that you can run graphics programs over SSH through a feature called X11 Forwarding. Looky here:
X Window System
The X Window System version 11 (commonly referred to as X11) is a windowing system commonly used in Linux. It’s fundamental to the graphical user interface (GUI) in most Linux distributions, including the NVIDIA Jetsons.
X11 follows a client-server model. The X server communicates with the hardware, such as the monitor, keyboard, and mouse. The X clients are the various applications that use the server to display GUI elements. This architecture allows support for what is termed network transparency. The client and the server can be on separate machines. In other words, an application may run on one machine, and display on a different one. Of course, the X11 client and server may be on the same machine so that the GUI shows up on an attached monitor.
Window Management
X11 itself doesn’t dictate how windows look or behave. Instead, there are Window Managers to handle the task. Desktop environments have a default window manager. For example, a Jetson with a GNOME desktop environment uses the “Mutter” window manager. The window manager controls the placement, appearance and decorations (like border and title bars) of windows.
Extensions for X11 like OpenGL for providing 3D graphics capabilities and others implement modern features like compositing add flexibility.
X11 Protocol
X11 uses a network protocol to communicate between the server and clients. This protocol allows X clients to send requests to the X server (like opening a window or drawing graphics), and receive responses and events (like keyboard or mouse input) from the server.
Since applications don’t write directly to hardware (as in more modern operating systems such as Windows or Macintosh OS), the stream can be redirected over the network.
Note that Wayland, which some think of as the successor to X11 on Linux, does not support network transparency. Wayland is simpler and more modern. It also ditches the network bit. The work around is much like that of other operating systems, a remote desktop or similar.
X11 Forwarding
X11 Forwarding is the feature which allows a user to run a graphical application on a remote server and have the application’s display (its window) appear on their local machine. You can think of it as a simple forwarding of the network stream. The application on the remote machine is sending display messages to your local machine.
The terminology is a little tricky. It’s the opposite of what you would normally expect. The “server” is the system that displays the application (i.e., the user’s local machine). The “client” is the system where the application is running (i.e., the remote machine).
It’s pretty straightforward how it works:
- The user connects from their local machine (X Server) to the remote machine (X Client) via a secure shell (SSH) connection.
- When setting up the connection, the user enables X11 forwarding. That tells the SSH server on the remote to forward X11 protocol data over the SSH connection.
- When the user runs a graphical application on the remote machine, the application sends its X11 data to the SSH server.
- The SSH server sends this data through the SSH encrypted SSH tunnel to the user’s local machine.
- The SSH client on the user’s local machine receives the data and passes it to the local X11 server. The X11 server then displays the applications window, just as if it were running locally.
The terminology clouds the explanation a bit. Conceptually, when the remote application makes a drawing call, SSH sends it to the local machine to draw it. The rest is just plumbing.
Mostly the Same
The local graphics are mostly the same as they would display on the remote with a monitor attached. However, remember that the remote and the local machines may have different window managers. The windows may look a bit different.
Naturally, you expect lag in the process. It depends on how fast the network connection is, and the amount of data that you’re piping over the network. You don’t expect raw, uncompressed video to be displayed as fast as if it was running completely on one machine. Same with a wired versus wireless connection.
That’s why most video gets highly compressed before you send it over a network connection. It’s so ubiquitous that you don’t think about it most of the time. Until you have to.
Why X11 Forwarding ?
Most operating systems (you can do this with Linux too) use VNC or remote desktop or some other similar solution to viewing remote machines. This is fairly heavyweight; you have to keep track of the entire graphic state of the desktop. This has gotten better over the years with use of compression, faster machines and so on. But it’s still has a lot of overhead.
On the other hand, X11 forwarding brings you only the window in which you are interested. It’s very useful when you are doing remote development. You can use tools like Visual Studio Code on a local host to program a Jetson remotely, yet still run the application you are developing on the local machine too.
Also, it can be a little meta having a remote desktop along with your local desktop on the screen at once.
Running SSH with X11 Forwarding
Oh, and the bit about running SSH. There are two flags of interest. -X (X11 with Security Restrictions) and -Y (Trusted X11 Forwarding). -X enables X11 forwarding with restrictions. It activates a secure form of X11 forwarding to prevent remote clients from performing, uh, “unauthorized” activities. -X is “untrusted”.
-Y enables “trusted” X11 forwarding. This removes some of the security restrictions. Probably a bad idea if you’re not on a trusted network or out in the big bad Internet.
A typical command would look like:
$ ssh <option> <user name>@<ip_address>
for example:
$ ssh -X jim@192.168.1.12
That’s reads as open a trusted X11 connection under the user name jim at the IP address 192.168.1.12.
Other Operating Systems
Both Windows and Macintosh have 3rd party programs of X11 server implementations. On Macintosh, many people user XQuartz. On a Windows box, many people use Putty as their SSH client and Xming for their X11 server.
Certainly worth checking out if you are curious or want to work from a different machine.
5 Responses
Want to see an even faster refresh? Add -C for compression as well.
ssh -XC user@host
That’s a good tip! I think one factor is the machine that you’re running it on. On my old PC, for example, using compression was dog slow. On a new machine it’s probably quite a savings. Also, it depends on how fast your network is. Over a slow network, the time spent compressing is probably smaller than the transmission time for the larger amount of data. Thanks for contributing, and thanks for reading!
Are you able to run the deepstream sample apps over an ssh -X connection? when we try (Jetson Orin AGX dev kit), we get a warning, namely:
libEGL warning: DRI3: failed to query the version
and, in brief, everything comes to a crashing halt.
Our current understanding is that only desktop forwarding will get us out of this, by forcing all the rendering to occur on the Jetson.
I believe your understanding is correct. EGL is Embedded GL, a modified version of OpenGL. I noticed that apps like NoMachine also run into problems with it. The typical solution is to write a program on the Jetson to have DeepStream stream the video over something like RTSP if you need to view the video remotely. Thanks for reading!
same issue…