A closer look at x11vnc

I’ve got to say, one of the things I really like about linux are the myriad of options for remotely administering a system. SSH is the one I use the most, but for the graphical you have x (especially on the LAN), nxserver (which is a compressed and optionally encrypted wrapper of the X protocol….), vnc can be used, although as I’ve noted in the prior articles one problem with either nxserver, X or vnc is that you can’t by default connect to a running X session. x0rfbserver CAN, but only if a user is logged in (as far as I know….) I found an interesting trick with x11vnc that let’s you run it even if the system is at the greeter. (the login screen for X).

This was kind of neat because it would save me a trip to the other end of the house a few times…. anyway…. I just downloaded my x11vnc binary to the machine using ssh…. (so, you DO have to have ssh access to the machine, then wget the x11vnc binary that you’ve precompiled, or install x11vnc on the system/compile from source, apt-get, urpmi, whatever works for you….) I should note there are a variety of precompiled binaries on the x11vnc site.

Anyway, once you’ve got the binary downloaded (and chmod +x so you can run it….) you can run it like this…. x11vnc -desktop :0 …. but wait… there’s a problem – YOU don’t own the x display at this point, it’s still the greeter.

So, you’re told that you need to add -auth and include the path to the auth file…. how to find this magic file? The help gives a hint…. “ps wwaux | grep auth”, so in my case it was at /var/run/xauth/A:0-IJeAuS (changes each time you restart X, or re-visit the greeter…) and you really ought to be root, so you could (at least sudo….) su and then start the x11vnc server, or…

sudo x11vnc -desktop :0 -auth /var/run/xauth/A:0-IJeAuS

(again the authfile changes each time the server’s restarted so use the ps wwaux | grep auth above to find it…)

Then you can connect with a viewer, or if you have a viewer -listening already…. just add -connect address.of.listening.pc and your looking at THE greeter for the active display (not A greeter served up virtually). This could be useful for remote tutoring sessions where you wanted to illustrate EVERYTHING from logging in, etc… OR, let’s say you want to get some work done on your home PC, but…. don’t think you’ll finish everything up and have time to close the session only to restart later, this way, you can log in remotely, when you come back the work should still be up on the desktop (assuming no power interruptions….) the next time you connect or sit down. And what about security, what if someone’s sitting watching what I do remotely. Depending on the circumstance (tutorial/tech support) that’s fine, but if it’s desktop work, web browsing, etc… not fine. It’s possible (I read there’s a patch for this) for x11vnc to switch on DPMS power saving on the monitor when it runs, which isn’t bullet proof OBVIOUSLY, but would be a discouragement of casual snooping. I think they discussed the idea of kicking the screensaver immediately if the power saving was awakened and then the remote vnc’er would know something was up. The bottom line is, if you’re concerned about people accessing your pc while you’re away, you really need to find a way to control physical access to it anyway. Because the same one that could be watching your remote web-browsing, could be booting up a knoppix disc and accessing the drive anyway….

Anyway, I thought the remote login on the REAL display was a neat plus which I’ve already made use of a couple times. I wish there were a way to do that in Windows without having to run vnc as a service (I seem to recall logging in on a few machines using vnc when I had it running as a service…) The big problem, is that I don’t LIKE the idea of leaving a vnc server running all the time when you only need it on occasion, which is one reason I like the Ultravnc SC idea, the “click when you need support idea” is very similar to something I had setup with tightvnc on an internal lan, where they all have an icon on the desktop that says “Allow remote administration”, when then would start a vnc server, I’d ssh in through the gateway, and do an vncviewer -via connection (connect via the ssh gateway.) The advantage there is that the username/password info is encrypted.

Related Posts

Blog Traffic Exchange Related Posts
  • x11vnc recompiled to be as widely compatible as possible... As I said in the earlier posts, I was essentially looking for a "Single click" solution for linux VNC remote desktop support. A solution that doesn't require the remote support client to change firewall settings, install software, etc. What I've settled on is closer to a single cut and paste......
  • Exporting an active linux desktop with vnc, or vnc remote desktop under linux There are lots of ways to get a remote desktop under linux, remote X, nxserver, vnc. One of the problems though is the most common configuration doesn't let you connect to a running desktop session. There is a vnc component that let's you do this and I'm using it right......
  • Remote tech support with anything - would I do it? I've tried to ask myself if I'd trust someone enough to let them run a remote session on my own desktop to solve a problem. I think the answer is "it depends". If you think about it, I do tech support for home users quite a bit and they let......
Blog Traffic Exchange Related Websites
  • How Are Your Lifestyle Choices Impacting Your Health? Quantitative Feedback Over the years, the way I eat has gradually changed. Growing up, it was definitely 'meat, potatoes, vegetables', with milk and cereal for breakfast. => As a young adult, the milk and cereal disappeared, to be replaced by (non-dairy) homemade fruit smoothies - a change that relieved the lower-abdominal......
  • Microsoft Security Bulletin MS10-046 - Critical Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) Published: August 02, 2010¬†|¬†Updated: August 03, 2010 Version: 1.1 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon......
  • iPhone, Firefox, Safari, IE8 Pwned! The three day Pwn2Own contest at the CanSecWest security show is on. And at the end of the day, 3 major browsers, Firefox, Safari and IE8 were successfully exploited. Also a non-jailbroken iPhone was also hacked and its SMS database was stolen. Vincenzo Iozzo and Ralf Philipp Weinmann redirected an......
PDF24    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

Comments are closed.

Switch to our mobile site