Configuring x11vnc securely on your server for remote access

Printer-friendly versionPDF version

So, you more than often need remote access to your web server. In my case my server is not even connected to anything but a network. So a VNC solution for me is a must. And new linux users are left scratching their heads when they come to linux from the windows world. But it doesn't need to be so complicated. Below is a cook-book recipe if you choose to follow it.

I have LXDE running on Debain wheezy. For a while I went with "tightvncserver" solution. But I noticed that in memory I was seeing duplicate processes like "lxpanel" and some other lxde applets. I concluded this must be due to the vnc sessions I create. Each session must be needing a different instance of these panels. It seemed like a shameful waste of my servers memory when I was the only person using it. So I decided to move to the "x11vnc" solution. This was supposed to just forward the running x11 session to your remote desktop. Just perfect, no extra resources wasted in creating new server sessions.

The x11vnc manual was long read but finally got everything to work almost beautifully. So I present the configuration for your benefits.

Under "/etc/init.d/" create a file called "x11vnc". Make it executable and in my case it is owned by root. Copy the contents I provide below to this new file:

#! /bin/sh
# Provides:          x11vnc
# Required-Start:    $all
# Required-Stop:     $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: start/stop x11vnc

case "$1" in
    /usr/bin/x11vnc -q -xkb -noxrecord -noxfixes -noxdamage -display :0 -auth /var/run/lightdm/root/:0 -forever -bg -rfbauth /etc/x11vnc/x11vnc.pass -rfbport 6000 -localhost 
    echo "Starting X11VNC"
    pkill x11vnc
    echo "X11VNC stopped"
    echo "Usage: /etc/init.d/x11vnc {start|stop}"
    exit 1
exit 0

Than install the init script by doing as below:

root@ahsanscorner:/etc# cd init.d/
root@ahsanscorner:/etc/init.d# update-rc.d x11vnc defaults
update-rc.d: using dependency based boot sequencing

Now to explain the x11vnc start command we are saying once started we want the x11vnc service to run forever ( -forever option ), use authentication to login to the x11vnc session using the password file found at "/etc/x11vnc/x11vnc.pass" (-rfbauth option), use the port 6000 (you can use a port of your liking here with -rfbport option), allow connections only from localhost (-localhost option, this is necessary for security, in essence you will via an ssh tunnel connect to your machine via the already mentioned port).

Now first things first, lets first create the password file as below so we can start this service eventually later on.

x11vnc -storepasswd $X11VNC_PASS /etc/x11vnc/x11vnc.pass

If you delve into the details of the init.d system, you might notice I tried to start it up at boot time. But I failed in that, probably becuase there is no setting that tells me when the xserver is ready. So on a newly booted machine you have to ssh to the machine as "root" user and first time around do the following :

# To start the service type this:
service x11vnc start

# To stop the service type this:
service x11vnc stop

If you know how to get the service started at boot time, let me know in the comments section. Although I no longer fret over it anymore, server is almost always running and you just need to start this service up once.

Next I need to show you how to vnc and we are good to go.

On Windows

I use putty to create a tunnel and connect. The following 2 screens show you the setting for this:

how to tunnel with putty

When you click the connect password provide user root and his password. Than use tightvnc viewer to just connect as below:

With Linux

With linux it is simpler. All you need is the package "ssvnc". So do "apt-get install ssvnc". And enter your information as in below screen shot and change option to SSH. Click connect, first enter your root password and than your x11vnc password. And thats that.

Reference : Documentation on x11vnc can be found here and you can view the options for x11vnc here.


Top level category:

Add new comment