Graphical login into Unix/Linux systems from Cygwin using SSH

XDMCP is insecure when used directly, as it is unencrypted, and will send your credentials and all keystrokes and mouse actions  over the network in clear text. By default XDMCP is disabled on most recent distros. Thankfully there isn’t any reason to use it!

Instead of using XDMCP, you can use X11 forwarding to run your graphical environments across SSH. Doing so also allows you to log in via smart cards, if your version of SSH has PKCS11 support.

I’ve written a script called remote-graphical-login to make this much easier. Note that this script has smartcard support built in, and may not work properly if the libraries do not exist on your system. In a future version I’ll make this configurable so that it can be used with identity files, or without an agent. Here’s the usage:

Usage: [-s session] [-I cardlib] [-l username] [username@][hostname]
        -s      kde or gnome (default)
        -I      coolkey or activclient (default)
        -l      Username to login with
Example: -s kde testuser@testhost

There may be a few bugs in the script. Let me know if you run into any.

Update (06/14/10): Fixed some issues in the script. Notably, the X launcher did exactly the opposite of what it was intended to do. If an X server was already running, it would re-use that server. The intended action was for the script to start a new X server on another display number. This is now fixed. Also, an informational message will now be shown to users when they do not specify a username or hostname, mentioning the ability to do so.

  • Pingback: Tweets that mention Graphical login into Unix/Linux systems from Cygwin using SSH | Ryan Lane's Blog --

  • I’m curious what your thoughts are on the NX libraries. I’ve used FreeNX before and it was pretty decent.

    It’s over SSH, so I assumed it was secure (at least moreso than XDMCP), or am I mistaken?

    • I haven’t used NX. I’ve read a decent amount about it, and I’d have to say it is likely much faster than simply running gnome or kde across SSH to a local X11 server. Unfortunately, you do need to install and configure server and client software for it. The advantage of Cygwin’s X server + X11 over SSH is that it is simple.

      I generally don’t need a very fast remote X11 environment, but the one situation I can think of, is using something like Sun Visualization System (which Oracle, in its rape and pillage style takeover has killed) or VizStack, where you can run hardware 3D accelerated applications remotely. These use VirtualGL to capture calls to and from the GPU, and turn the GPU results into images that can be compressed and sent back to the client. The VirtualGL folks don’t use NX though. They use TurboVNC (which does image compression, and other niceties that NX does), or VGL, which sends directly to an X11 server. So, in this situation, the Cygwin X server + X11 forwarding would still work for me :).

  • Alok CRANK

    Could some one pls give me an clear cut explanation as to how one can log onto unix os and how to change the password after logging in??…….IT WOULD BE VERY GENEROUS IF U COULD HELP ME OUT WITH THIS.

    • You need to have an account on a unix/linux system. Without this, you can’t do anything on one.