When you SSH into a server in the normal manner, as we've been doing, you can only run text-mode programs. If you try to remotely run any GUI-based program, such as Firefox, you'll get an error message. But, when you open the sshd_config file of pretty much any Linux distribution, you'll see this line:

X11Forwarding yes

This means that with the right option switch, you can remotely run GUI-based programs. Assuming that you're logging into a machine that has a graphical desktop environment installed, you can use either the -Y or the -X option when logging in, like so:

ssh -X [email protected]
or
ssh -Y [email protected]

The problem here is that the X11 protocol, which powers graphical desktop environments on most Linux and Unix systems, has a few security weaknesses that make it somewhat dangerous to use remotely. The bad guys have ways of using it to compromise an entire system. Your best bet is to disable it by changing the X11Forwarding line to the following:

X11Forwarding no

As usual, restart the SSH service to make it read in the new configuration.

Now that you know about X11 forwarding, let's dig some tunnels.