How to install X11VNC
To remotely graphically administrate a computer, VNC is a very good solution. But most of the VNC server starts a new session. If it is ok to just start new applications, it's not exactly "taking control of the remote screen".
X11VNC can do this by directly connect to the running X11 session and duplicate it on the VNC protocol.
Most of the VNC implementation does not support SSL security or equivalent, and are therefore not secure. So I will propose a solution using SSH+VNC to connect. Here is the configuration I will explain you to put in place:
- a X11VNC server to run as root, with no password.
- a X11VNC (or more) to run as a single user, with a simple password.
- both will only listen on localhost, so you will need to ssh (and forward port) to connect.
- a "viewer only" mode.
- a http interface.
Install x11vnc using slapt-get (slapt-get -i x11vnc) or via gslapt. "tk" package is also needed if you want to use the tray icon.
Create the following script and put it, for example, in the root's home /root/bin/rootvnc:
#!/bin/sh AUTH=$(ps -f -u root |grep '[ ]/usr/bin/X'|sed 's/.*-auth \([^ ]*\).*/\1/') x11vnc -auth $AUTH
Then make it executable:
chmod +x bin/rootvnc
It will find you're running X session and connect to it.
Use it only when your system is in the login screen (gdm)
You'll be able to login, and then the VNC session will exit.
Create a .vnc directory in your home directory. Edit a .vnc/passwd file as is:
your_password __BEGIN_VIEWONLY__ your_view_only_password
Change the properties of the file to be only readable by you:
chmod u=rw,go= .vnc/passwd
Create a bin directory in your home directory. Create the two following files. bin/myx11vnc:
#!/bin/sh SCR=$1 [ -z "$SCR" ] && SCR=0 ( sleep 1 x11vnc -clip xinerama$SCR -rfbversion 3.6 -rfbport 590$SCR \ -http_oneport -httpdir /usr/share/x11vnc/classes -httpport 580$SCR \ -logfile $HOME/.x11vnc-$SCR.log -nomodtweak -xkb -repeat -forever -bg \ -overlay_nocursor -tightfilexfer -passwdfile $HOME/.vnc/passwd -v ) &
#!/bin/sh ( sleep 10 x11vnc -gui connect,tray -forever -bg & ) &
Make them executable:
chmod +x bin/myx11*
You can of course change the ports used for VNC and HTTP. Here it starts at 5900 for VNC and increments for each screen, and starts at 5800 for http and increments for each screen.
I will describe a way to launch X11VNC at Xfce launch. It could easily adapted for other DM. In fact if the DM respect Freedesktop.org standards, it will work.
Create the following .desktop files in .config/autostart: X11VNC-0.desktop:
[Desktop Entry] Encoding=UTF-8 Version=0.9.4 Type=Application Name=X11VNC 0 Comment= Exec=/home/jrd/bin/myx11vnc 0 StartupNotify=false Terminal=false Hidden=false Icon=computer GenericName=
And of course a X11VNC-1.desktop if you have two monitor (like me). X11VNC-tray.desktop:
[Desktop Entry] Encoding=UTF-8 Version=0.9.4 Type=Application Name=X11VNC Tray Icon Comment= Exec=/home/jrd/bin/myx11tray StartupNotify=false Terminal=false Hidden=false Icon=computer GenericName=
The sleep 10 in the myx11tray script is for waiting a bit that the vnc server starts but the & is also here for not blocking the DM session initialisation.
Here it is, it's up and running.
How to use? Next chapter!
How to use
- You're computer is running but is lock on the login screen or is in runlevel 3 or less (no graphic system running).
- You have a DM session running.
No DM session running
First connect from you're current computer (A) to computer you want to remote control (B) using ssh. Do this by forwarding VNC:
$ ssh -t -L 5900:localhost:5900 root@B # ./bin/rootvnc
Of course, run Xorg if it's not running previously by calling init 4 or equivalent before rootvnc.
Then connect from A using any vnc client to 'localhost'. You will get the login screen.
After login, close the VNC client on A, and quit the SSH session on B.
You will not be in the DM session running case.
DM session running
Open a ssh connection from A to B using ssh and port forwarding.
- If you choose to connect using VNC protocol, forward port 5900 (or 5901).
- If you choose to connect using HTTP protocol, forward port 5800 (or 5801).
You can of course forward all these.
$ ssh -t -L 5900:localhost:5900 user@B
The connect using your VNC client or your browser.
- If you provide the first password in the .vnc/passwd file, you will have full power on the screen.
- If you provide the second password in the .vnc/passwd file, you will be able to only see what's happening on the screen.
To quit, just qui your VNC client and SSH connection.