UbuntuHelp:X11vnc

x11vnc is one of the popular VNC programs, which shows the real X desktop as said on the program homepage. It supports also SSH-tunneling...

Adjusting repository

You should enable at least universe repository if you already did not made that. For more details, please see here. Also please see explanations of Ubuntu repository components. In short - add the word universe (and why not also multiverse) to the end of repository row at /etc/apt/sources.list. Be also careful - please see, that in the end of the /etc/apt/sources.list is also empty row (known also as End-Of-File). If you have Ubuntu 6.06 LTS, then write to the /etc/apt/sources.list:

deb http://archive.ubuntu.com/ubuntu/ dapper main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ dapper main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu/ dapper-updates main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ dapper-updates main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu/ dapper-backports main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ dapper-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu dapper-security main restricted universe multiverse
deb-src http://security.ubuntu.com/ubuntu dapper-security main restricted universe multiverse

... or if you have Ubuntu 6.10, then write to the /etc/apt/sources.list:

deb http://archive.ubuntu.com/ubuntu/ edgy main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ edgy main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu/ edgy-updates main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ edgy-updates main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu/ edgy-backports main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ edgy-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu edgy-security main restricted universe multiverse
deb-src http://security.ubuntu.com/ubuntu edgy-security main restricted universe multiverse

You may use also your local repositories, e.g. http://ee.archive.ubuntu.com/ubuntu/ for Estonian, etc. In the future, please change yourself the distro name in /etc/apt/sources.list. After editing /etc/apt/sources.list you need to update repositories:

sudo apt-get update

You may also want to upgrade your system:

sudo apt-get dist-upgrade

This may take awhile, depends on which condition your system is - when was last update, did you updated your system before and what is your internet connection speed. For new Ubuntu system this may be hundreds of megabytes data. After each program installation I suggest also run:

sudo ldconfig && sudo dpkg --configure -a && sudo apt-get clean

In Windows you needed to do restart but in Ubuntu you may run the row above instead of restart. This will also delete downloaded and successfully installed program packets from hard drive to save space. You may want to use bash (or whatever shell you use) aliases to map long commands into short:

• http://www.ss64.com/bash/alias.html

You may enter just alias without arguments to see current aliases. After creating aliases you need to reopen terminal window to have changes in effect. After dist-upgrade you may also need to edit /boot/grub/menu.lst to be sure, that you are running latest installed kernel:

sudo nano /boot/grub/menu.lst

After editing /boot/grub/menu.lst and changing to the new kernel, you need to reboot your computer to have changes in effect. To get know, what kernel your system is using, run at command line:

uname -r

x11vnc installation

To install x11vnc, run at command line

sudo apt-get install x11vnc

After installation I suggest also to run:

sudo ldconfig && sudo dpkg --configure -a && sudo apt-get clean

Password creation

If you need to use authenticated sessions for VNC, then you need to create password. You may use the command

vncpasswd

or use x11vnc to create password:

x11vnc -storepasswd password /path/to/passfile

• password should be typed as regular text
• /path/to/passfile may be e.g. /etc/vncpasswd
• after that I suggest also edit ~/.bash_history and delete from there entered password for security reasons

You may also see unofficial Ubuntu guide and look How to disable history listing in Console mode to prevent sensible information storage at user's bash history according your distro's version. You may then connect like this:

vncviewer -passwd /path/to/passfile IP-address

Certainly, replace IP-address with correct number. It gives you very comfortable way to connect to another computer. If you have a lot of these computers, then you may create graphical menu into KDE/Gnome/etc. main menu and later just choose by mouse-clicking the computer you want to access remotely. If needed, install also vncviewer:

sudo apt-get install xvncviewer

... or whatever you prefer. This will also install dependency vnc-common. This xvncviewer gives also vncviewer for command line usage and vncpasswd utility, which is more secure - you don't need to write password as plain text into command line and worry about command line history remember typed password.

Adjust permissions to passfile

chmod a+r /path/to/passfile

... to give read permission to all. Don't worry - password in this file is encrypted and not readable

Run the x11vnc server

... for one session

At the command line write:

x11vnc -rfbauth /path/to/passfile -rfbport 5900 -shared -forever -nowf -norc -notruecolor -scale 4/5 -scale_cursor 1 -desktop computer_name -bg

• rfbauth /path/to/passfile asks authentication, if missing, then not
• rfbport 5900 defines the TCP port 5900, where you run the x11vnc server
• shared gives access more than one simultaneous session
• forever runs x11vnc server forever. If this parameter not shown, then x11vnc closes down
• nowf tries to detect window moves or resizes when a mouse button is held down and show a wireframe instead of the full opaque window
• norc makes rudimentary config file support: if the file $HOME/.x11vncrc exists then each line in it is treated as a single command line option. Disable with -norc.
• notruecolor Gives for 8bpp displays, force indexed color (i.e. a colormap) even if it looks like 8bpp TrueColor (rare problem).
• scale 4/5 will scale the framebuffer by factor fraction. E.g. 17" screen with 1027x768 will shown as 800x600. Useful if your monitor has lower resolution than the remote computer. If remote computer screen resolution is much more bigger than yours - you may use bigger fraction, e.g. 3/4, etc..
• scale_cursor 1 is useful not to scale cursor but only screen resolution.
• desktop computer_name means the computer or owner or company or whatever describes for you that remote computer. Spaces and characters with umlaut are not allowed. Replase computer_name with your desired name.
• bg will run x11vnc in background

For more information about x11vnc parameters, please type at command line:

man x11vnc

or look here.

... automatically at user login

To enable x11vnc automatically run at user login, you need to write it into display manager's session config file called Xsession:

• KDE 3.x uses usually /etc/kde3/kdm/Xsession - you can add the x11vnc running command there in the beginning of file. In SUSE Linux is this file /etc/opt/kde3/share/config/kdm/Xsession. There may also be other distros, which may use different path of KDE's Xsession file
• Gnome 2.x uses usually /etc/gdm/Xsession
• other desktop environments may use also /usr/lib/X11/xdm/Xsession or /etc/X11/xdm/Xsession

Display manager's config file Xsession will always run in current user rights.

... when nobody is not logged in

If you need to run x11vnc also when nobody has not yet logged in, then you need to use the file Xsetup, which is usually located at the same locations as Xsession mentioned above. Xsetup will run in root permissions. If you use x11vnc before login, you need to write to the Xsetup:

xhost +localhost
killall x11vnc &>/dev/null
x11vnc -rfbauth /path/to/passfile -rfbport 5900 -shared -forever -nowf -norc -notruecolor -scale 4/5 -scale_cursor 1 -desktop computer_name -bg

• xhost +localhost gives permission to use current display
• killall x11vnc &>/dev/null will end previous x11vnc server if there is any and this action is done as background process and any output is hided (diverted into "black box" /dev/null).
• x11vnc... will then run x11vnc service in background (-bg)

When you using x11vnc before login (writing above into Xsetup), you need to write into Xsession file:

killall x11vnc &>/dev/null
x11vnc -rfbauth /path/to/passfile -rfbport 5900 -shared -forever -nowf -norc -notruecolor -scale 4/5 -scale_cursor 1 -desktop computer_name -bg

It means, that if before login is already x11vnc working, then we need to kill it at first, because it is not working with logging in user rights and therefore has no rights to use display (usually display :0). We need to kill x11vnc in foreign rights and run x11vnc again with current user, who logged in, rights. Also we may want to logg off and log in again with different user - all the time there is necessary to kill previously runned x11vnc. This may happen also when one user is already logged in and we want to run another X session e.g. in display :1 with another username, etc.

Using -connect as call-back

If the computer, you want to access, is located behind the firewall or router, then you may want to run x11vnc as call-back daemon:

x11vnc -nowf -norc -notruecolor -scale 4/5 -scale_cursor 1 -desktop computer_name -connect IP:port -bg

• IP should be your real IP-address, which should be static (not changing after router restart). If you are not directly connected to the internet and have router, then you need to know your external IP-address. For that you may search from Google. If you are using x11vnc in local area network, then there is necessary, that both of computers will see each other in local area network (LAN), e.g. can ping.
• port should be the VNC viewer listener port, what you use (normally 5500/tcp). Then you should divert in router to your local computer IP if your computer is not directly in internet. For more information about used ports, please see here or here.

Possible helping scenario

• person in trouble calls you and asks you to help him/her
• you do not have time to visit him/her or is it to far, so the only one possibility is connect his/her computer over the internet and take the picture of remote computer's graphical desktop into your computer's desktop. Here will step in the program x11vnc
• you will run at command line:

vncviewer -listen

... and you will activate redirection of port 5500/tcp (this is the default port and protocol, what vncviewer will use in listening mode) in your router if you use router or if you use firewall, then you should allow also there port 5500/tcp (or whatever port you use) as incoming connection. You may also want to create an icon onto desktop for just in case if somebody needs quick help, you can quickly run vncviewer at the command line in listening mode.

• person in trouble will click on icon "Call John to help me" (of whatever its name is) at the desktop, which has been preconfigured by you before
• you will see problematic remote desktop over VNC and you can help him/her
• if you will close your vncviewer window - automatically will x11vnc server close down on remote computer because we did not used the parameter "-forever".
• if person in trouble needs again your help - he/she should run again this preconfigured x11vnc icon on his/her computer's desktop. Certainly, at your side there should be vncviewer in listening mode and in router/firewall should be enabled port 5500/tcp.
• you should be located at this location, which IP-address(es) you preconfigured on his/her computer. If you have more than one location - you may do graphical menu into KDE/Gnome/etc. main menu and then people just calling you if they need help and you will say, where you are. Then person in trouble will click e.g. at the choice "John at work" or "John at home" or "John at place 1", etc.

If you have e.g. multiple support engineers at one external IP-address, then you may just use different port numbers for each. Just notice, that you will not use the same port, which is already in use in your network. Certainly, you need also reconfigure your router for those different ports (each external port is redirected to different computers in local area network) and each computer firewall settings if there is used any.

Alternatives

You may also use program called rfb, which is known also as x0rfbserver:

sudo apt-get install rfb

For more information:

man x0rfbserver

and

x0rfbserver -help

If needed, you may add x0rfbserver into Xsession file to run it as user (with permissions to use current display).

Links

If you want to know more about remote administration, then here are some useful links:

• http://en.wikipedia.org/wiki/Vnc
• http://en.wikipedia.org/wiki/Remote_Desktop_Protocol
• http://en.wikipedia.org/wiki/NX_technology
• http://en.wikipedia.org/wiki/X_display_manager - XDMCP protocol also enables remote login
• http://en.wikipedia.org/wiki/Remote_administration
• http://tldp.org/HOWTO/XDMCP-HOWTO/
• http://linuxmafia.com/faq/Legacy_Microsoft/vnc-and-similar.html