A closer look at x11vnc



I’ve got to say, one of the things I really like about linux are the myriad of options for remotely administering a system. SSH is the one I use the most, but for the graphical you have x (especially on the LAN), nxserver (which is a compressed and optionally encrypted wrapper of the X protocol….), vnc can be used, although as I’ve noted in the prior articles one problem with either nxserver, X or vnc is that you can’t by default connect to a running X session. x0rfbserver CAN, but only if a user is logged in (as far as I know….) I found an interesting trick with x11vnc that let’s you run it even if the system is at the greeter. (the login screen for X).


This was kind of neat because it would save me a trip to the other end of the house a few times…. anyway…. I just downloaded my x11vnc binary to the machine using ssh…. (so, you DO have to have ssh access to the machine, then wget the x11vnc binary that you’ve precompiled, or install x11vnc on the system/compile from source, apt-get, urpmi, whatever works for you….) I should note there are a variety of precompiled binaries on the x11vnc site.

Anyway, once you’ve got the binary downloaded (and chmod +x so you can run it….) you can run it like this…. x11vnc -desktop :0 …. but wait… there’s a problem – YOU don’t own the x display at this point, it’s still the greeter.

So, you’re told that you need to add -auth and include the path to the auth file…. how to find this magic file? The help gives a hint…. “ps wwaux | grep auth”, so in my case it was at /var/run/xauth/A:0-IJeAuS (changes each time you restart X, or re-visit the greeter…) and you really ought to be root, so you could (at least sudo….) su and then start the x11vnc server, or…

sudo x11vnc -desktop :0 -auth /var/run/xauth/A:0-IJeAuS

(again the authfile changes each time the server’s restarted so use the ps wwaux | grep auth above to find it…)

Then you can connect with a viewer, or if you have a viewer -listening already…. just add -connect address.of.listening.pc and your looking at THE greeter for the active display (not A greeter served up virtually). This could be useful for remote tutoring sessions where you wanted to illustrate EVERYTHING from logging in, etc… OR, let’s say you want to get some work done on your home PC, but…. don’t think you’ll finish everything up and have time to close the session only to restart later, this way, you can log in remotely, when you come back the work should still be up on the desktop (assuming no power interruptions….) the next time you connect or sit down. And what about security, what if someone’s sitting watching what I do remotely. Depending on the circumstance (tutorial/tech support) that’s fine, but if it’s desktop work, web browsing, etc… not fine. It’s possible (I read there’s a patch for this) for x11vnc to switch on DPMS power saving on the monitor when it runs, which isn’t bullet proof OBVIOUSLY, but would be a discouragement of casual snooping. I think they discussed the idea of kicking the screensaver immediately if the power saving was awakened and then the remote vnc’er would know something was up. The bottom line is, if you’re concerned about people accessing your pc while you’re away, you really need to find a way to control physical access to it anyway. Because the same one that could be watching your remote web-browsing, could be booting up a knoppix disc and accessing the drive anyway….

Anyway, I thought the remote login on the REAL display was a neat plus which I’ve already made use of a couple times. I wish there were a way to do that in Windows without having to run vnc as a service (I seem to recall logging in on a few machines using vnc when I had it running as a service…) The big problem, is that I don’t LIKE the idea of leaving a vnc server running all the time when you only need it on occasion, which is one reason I like the Ultravnc SC idea, the “click when you need support idea” is very similar to something I had setup with tightvnc on an internal lan, where they all have an icon on the desktop that says “Allow remote administration”, when then would start a vnc server, I’d ssh in through the gateway, and do an vncviewer -via connection (connect via the ssh gateway.) The advantage there is that the username/password info is encrypted.

   Send article as PDF   

Similar Posts