Securely Access a Real X Session Using ssh and x11vnc

Novell Cool Solutions: Trench
By Kirk Coombs

Digg This - Slashdot This

Posted: 11 Jul 2005

Applies To:

    • SUSE Linux Enterprise Server

    • Open Enterprise Server

Note: x11vnc is not packaged with SLES or OES, and thus does not qualify for support of any kind. Perform the following at your own risk.

Using the VNC tools included in SLES and OES (Xvnc/vncserver), VNC servers spawn their own "virtual" X sessions apart from any real X servers which may be running. It is often desirable to use VNC to connect to a real session (i.e. the one being displayed on the monitor). There is a handy program, x11vnc, which does just this.

Begin by downloading and installing x11vnc. The main project can be found at http://www.karlrunge.com/x11vnc. Downloading from here requires that the source is compiled manually. Prepackaged RPM's can also be found on the Internet.

The following instructions assume that only one user is logged into an X session (corresponding to display :0). If multiple users are logged in, adjust the display numbers accordingly.

After x11vnc has been installed, note how it is used. At the command prompt, enter:

> x11vnc -display :0

Notice that a lot of output is displayed on the console, and that you are not returned to the command prompt. The VNC server is active until the command is ended by typing <ctrl>-c, or it is terminated remotely. Notice that the last line shows which port the VNC server is active on. If no other VNC servers are active, this should be port 5900.

Next, connect to this server. Bring up a terminal on a remote computer, and type:

> vncviewer <hostname or IP of server>:0

A VNC window appears which replicates the server computer's desktop. Notice that when this window is closed, the server stops. This is the default behavior of x11vnc. This can be configured by command switches if desired.

Now that the basic behavior is understood, lets combine x11vnc with ssh to create an encrypted connection. Begin by logging into the server, starting an X session (such as KDE or Gnome). Then, from a remote computer, enter the following ssh command:

> ssh -l <user that is logged in on server> -L 5901:localhost:5900 <hostname or IP of server> x11vnc -display :0

You should see output indicating that the VNC server is running, and is on port 5900. A key part of this command is: 5901:localhost:5900. This instructs ssh to map port 5900 on the server to port 5901 on this remote computer. Now, on the remote computer enter:

> vncviewer localhost:1

The desktop of the server should now be displayed. When the VNC window is closed, the VNC server and ssh connection are also terminated.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© Micro Focus