I have a old tower PC as a server, local LAN IP 192.168.1.4
On that PC turned the firewall off. None of this is good practice security wise but just for testing purposes ...
/etc/ssh/sshd_config file edited lines to uncomment/include ...
PermitRootLogin yes
StrictModes no
PasswordAuthentication yes
PermitEmptyPasswords no
X11Forwarding yes
and sshd (re)started
Logged into router and set ssh port (22) forwarded to 192.168.1.4 (my server)
also noted the external IP (77.76.75.74 (made up number here))
On my laptop I then set up a two hop port forward ...
ssh -f -N -L 55555:77.76.75.74:22 -2 username@de1.hashbang.sh
The 55555 port can be any number you like, ideally above 10000
More usually you'd use a direct single hop link, I used two just to try 'remote' distance out i.e. in the above the routing goes from my London IP (laptop) to Germany (hashbang ssh server) and back to London again (PC/server). For the direct single hop the format is ...
ssh -f -N -L 55555:localhost:22 77.76.75.74
With that set, local (laptop) port 55555 is directed to the servers IP (77.76.75.74 external IP, 192.168.1.4 internal IP)
So we can now run Xforwarding, such as on the laptop ...
ssh -p 55555 -Y localhost galculator
and the servers galculator is run, where the display appears on our local (laptop) screen. The -Y switch tells the server to permit Xforwarding. Where that data flows from the server (PC on the other side of the room) to Germany (hashbang server), and back to my laptop.
Or with google chrome installed on the server
ssh -p 55555 -Y localhost /opt/google/chrome/chrome --no-sandbox
and similarly a browser window opens on my laptop (local) device.
Or libreoffice ... or whatever program you want to run.
Takes a minute or two to settle (laggy) but then runs OK. In the case of a browser given that every keystroke in the url bar initiates a communication to google that is very laggy, but once you're on a web site (forum.puppylinux.com for instance) the response times are pretty good. Playing a youtube is OK'ish not really a comfortable watch and we've no sound forwarded here either, but usable.
When done, kill the ssh forward process, reinstate your firewall if you like to have that running, and log back into the router and disable/delete the port 22 forwarding, unless you'd rather leave that available for the next time.
You might add
Compression yes
(or delayed instead of yes) to /etc/ssh/sshd_config, IIRC the default is yes anyway, but the default for ssh (client) is no compression, you have to add the -C switch to your ssh command to activate compression of data flowing through the ssh tunnel. Depending upon what you're running compression may help, may slow things down, a case of try and see.
ssh -p 55555 -C -Y localhost galculator
Alternative to specifying a program you can run just
ssh -p 55555 -C -Y localhost
which connects you to the remote system, cli, from where you can run whatever program you like and see the screen for that appear on your local client (laptop) screen.
# mtpaint
for instance.
For local use, server and laptop in the same room/house, the likes of tigervnc is better than X forwarding IME. run vncserver on the server, vncviewer on the client.
Oh, BTW IIRC rox doesn't work/work-well through Xforwarding. Easy answer is to sshfs. On your laptop ...
mkdir /mnt/server
mount 192.168.1.4:/somefolder /mnt/server
and use your local (laptop) rox to open /mnt/server (or wherever you might mount the 192.168.1.4 (or whatever IP) remote boxes /somefolder (or whatever remote folder)
Complex systems to try and standardise a self imposed complex array of differences.
)
)