Today I ran into a problem I bet a lot of developers face. I wanted to use the ChatGPT Codex CLI on a headless Linux server that I access through SSH. Copying and pasting code between the server and ChatGPT on my desktop was getting old fast, so the Codex CLI seemed like the perfect solution.
The installation itself? Pretty straightforward. The CLI gives you two authentication options: use an OpenAI API token or connect through ChatGPT. Here's the thing—the API token costs money based on usage. But since I'm already paying for ChatGPT Plus, going the ChatGPT route is basically free. Plus, I get those higher usage limits that come with the subscription.
Now here's where things got interesting. I use Google to log into my OpenAI account. This means the Codex CLI needs to open a browser so I can authenticate with Google and authorize the tool. Pretty standard stuff—except my remote server doesn't have X, a graphical interface, or even a web browser. Kind of a problem.
The Solution: Local Browser, Remote Port
The workaround? Use the browser on my desktop to authenticate. But there's a catch. The local browser needs to send an OAuth access token back to the app that requested it—in this case, the Codex CLI running on the remote Linux box. To make this work, you need to know which port the remote program is listening on to receive that token.
Luckily, the Codex CLI tells you exactly which port it's using. When you launch it, you'll see output like
Look at that URL carefully. Hidden in there is the port number you need. If you decode it, you'll find it in the
redirect_uri parameter:When you decode that URL encoding, it reads:
See that? Port 1455. That's where the Codex CLI is waiting for the OAuth token.
Setting Up SSH Port Forwarding
Now for the solution. Open another SSH session from your desktop and set up port forwarding. Run this command:
This creates a tunnel that forwards traffic from port 1455 on your local machine to the same port on the remote server. Think of it like a direct pipe between the two.
Complete the Login in Your Browser
Once your SSH tunnel is running, copy that authentication URL from the Codex CLI and paste it into your desktop browser. You'll go through the normal login process—Google authentication, two-factor if you have it enabled, the works. After you authenticate, the browser sends the OAuth token back through your SSH tunnel straight to the CLI waiting on the remote server.
And that's it. The authentication is complete, and you can start using Codex CLI on your remote server without any more hassle.
