How to speed up X11 forwarding in SSH

Content

When you run X applications over SSH, the encryption/decryption overhead of the SSH protocol can slow down the rendering speed of X applications running remotely. Additionally, if the SSH session is established over a wide area network, X11 forwarding over SSH may become slower due to network latency and throughput limitations.

In this tutorial, I will introduce some tips on how to accelerate X11 forwarding in SSH over a WAN.

There are two ways to improve the performance of X11 forwarding over SSH.

Method One

First, you can use the compression option of the OpenSSH client. By using the -C option, the OpenSSH client will compress all data exchanged over SSH, including stdin, stdout, stderr, and forwarded X11 sessions.

You may also consider using less computationally intensive ciphers in SSH to spend less time on the encryption/decryption process. It is well known that the default AES cipher used by OpenSSH is quite slow.

An independent study shows that arcfour and blowfish ciphers are faster than AES, as follows. According to the SSH man page, blowfish is a fast block cipher and is very secure. At the same time, the arcfour stream cipher is more susceptible to attacks than common block ciphers. Therefore, caution should be exercised when using arcfour.

To use the above techniques to speed up X11 forwarding, you can connect to the remote host via SSH as follows.

$ ssh -XC -c blowfish-cbc,arcfour [email host.com

Method Two

Alternatively, you can specify these options in the SSH configuration file.

To edit the system-wide SSH configuration file:

$ sudo vi /etc/ssh/ssh_config

To edit each user's SSH configuration file:

$ vi ~/.ssh/config

In any SSH configuration file, add the following content:

Host remote_host.com Compression yes ForwardX11 yes Ciphers blowfish-cbc,arcfour

Then you can connect to the remote host via SSH without using any command line options:

$ ssh [email host.com

Please note that there are some considerations when switching to different passwords in SSH. First, the performance of specific passwords may vary depending on different processor architectures. For example, recent generations of Intel processors (such as Intel i5, i7, Xeon) come with hardware support for AES (such as AES-NI), in which case (hardware acceleration) AES will be much faster than on other processors.

Secondly, if the network for establishing X11 forwarding is very slow, then the bottleneck of X11 forwarding is actually the network, not the CPU. In this case, the performance of X11 forwarding will not be affected regardless of which password you use.

Link
https://cn.linux-console.net/?p=8995
Summary
When running X applications over SSH, the encryption/decryption overhead can slow down rendering, especially over wide area networks (WANs) due to latency and throughput limitations. This tutorial provides tips to accelerate X11 forwarding over SSH. Two methods are suggested to improve performance. The first method involves using the OpenSSH client's compression option with the `-C` flag, which compresses all data exchanged over SSH, including X11 sessions. Additionally, using less computationally intensive ciphers like `blowfish` or `arcfour` can reduce encryption time, although caution is advised with `arcfour` due to its vulnerability. To implement these changes, users can connect to a remote host using the command: `ssh -XC -c blowfish-cbc,arcfour [email_host.com]`. The second method involves editing the SSH configuration files to include compression and preferred ciphers, allowing users to connect without command-line options. However, performance may vary based on processor architecture and network speed, as a slow network can be the primary bottleneck regardless of the cipher used.