Fri, 02 Sep 2011
Remote Support using X11VNC

Sometimes, ssh shell access to a remote machine is not enough and you really need to see the user's desktop. Particularly when you are trying to help people that have little or no computer skill.

Luckily (or unluckily if you look at it in a different way) I need Linux to Linux remote access. But VNC alone can sometimes be a pain to set up correctly (and securely), and when you need to see a running X session not start a new one. There are a few "point and click" GUI solutions for Linux and one decent one appeared to be Teamviewer. It has a standard installer and a (Wine-based) GUI which is easy to use. I tried this and it worked very well - until it didn't. For some reason, it stopped working correctly and I could only see a black screen not the client desktop. I could not seem to fix this so had to look for something else.

Enter x11vnc.

X11vnc lets you connect via a VNC viewer to a real X11 session. So you can view and interact with the remote user's desktop as they watch. This is how I set up X11vnc and use an SSH tunnel to encrypt and secure the connection. Using SSH public key support only, this makes a very easy to use solution, and your user doesn't need to do anything at all.

On Remote System :

This is the system that needs support.

  • Install x11vnc (should be packaged in your distribution)
  • Install tightvncserver (gives us vncpassword)
  • Create an x11vnc start script :

    /root/bin/x11vnc

    authfile="$(ps ax | grep auth | awk '/gdm3/ { print $13 }')"
    /usr/bin/x11vnc -auth $authfile

    This assume we are running Gnome and the Gnome Display Manager v3 (GDM3). The main point of this is to locate and use the X11 cookie that will allow a connection to the X server.

    Make it executable : chmod +x /root/bin/x11vnc

  • Now create an x11vnc configuration file :

    /root/.x11vncrc

    display :0 # This will do in most single user machine
    rfbauth .vnc/passwd # password file
    rfbport 5900 # Use this default port
    localhost # Only accept local connections. This makes your x11vnc secure along with SSH.
    solid darkblue # Optional (changes background into solid color)
    noxdamage
    scale 0.9 # Whatever your (client) monitor/display likes

    There are various options available and the above (scale,noxdamage) seems to work well for me.

  • Set a VNC password (in a shell) :

    vncpasswd

On Client System :

This is the system from which you are doing support.

  • Type the following command (replace HOST and PORT as applicable) in a terminal on your system :

    ssh -p PORT -L5900:localhost:5900 root@HOST '~/bin/x11vnc'

    This starts the x11vnc script on the remote system (script created as above) and tunnels through SSH.

  • In another window, type the following to run your VNC viewer :

    vncviewer -encodings "copyrect tight hextile" localhost:0

    There are various options available, the above seems to give good performance for me on my desktop.

The only remaining problem I have with this procedure is that I'm accessing the remote client as user root. Using SSH public-key access only mitigates this a lot but the fact remains that root access is not good. The problem I have had is managing to figure out and read the X auth file ("magic cookie"). This is what the "grep auth" step in the x11vnc run script is doing.