How to connect to the GDM X session via VNC

There're quite a few howtos on the topic already, but most involve a lot more steps than what I've found. If you need a quick&dirty way to connect to the already running GDM, here's how to do it (ssh into the server and run as root):
$ apt-get install x11vnc
(...)
$ ps ax | egrep '(auth.*gdm|gdm.*auth)'
6022 tty7     Ss+    0:10 /usr/X11R6/bin/X :0 -br -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten tcp vt7
11322 pts/8    S+     0:00 egrep (auth.*gdm|gdm.*auth)
# Take the display and the auth file from the gdm command line above.
$ x11vnc -forever -display :0 -auth /var/lib/gdm/:0.Xauth

Now you can use your VNC client to connect to the VNC server which is most probably running on the standard 5900 port.

Note that this is _totally_ insecure:
  • The connection between your VNC client and the server will be not encrypted. Thus the username and password (as you type them into the login box) will travel in plain text over the network.
  • The VNC server is running with root privileges which is again something that you do not really want.
But hey: it was simple and fast, wasn't it? Smile

To make this more secure you can do the following:
  • Run the VNC server on the localhost (x11vnc -forever -display :0 -listen 127.0.0.1 -auth /var/lib/gdm/:0.Xauth
  • Run the VNC server with the privileges of a normal user. The GDM xauth file (/var/lib/gdm/:0.Xauth) is by default readable only by the root user. You can of course make copy of it, chown it to the normal user and start the server with the normal user.
You could write a script to set up all this and add it to the correct runlevel so the VNC server starts up automatically on every boot. I've already created this script and attached it to this post (see gdm_vnc). To use it you put it in /etc/init.d and set it up to run on every boot (but after the gdm initscript finished, which runs by default as /etc/rc2.d/S30gdm):
update-rc.d gdm defaults 99

And to connect to the VNC server, ssh into the box forwarding some local port to the server's localhost:5900 port (eg. ssh -L 9001:localhost:5900 vnc.example.com) and start the VNC client on the forwarded port (localhost:9001 in the example).

If your VNC server is sitting on a company intranet, you can create an SSH port-forwarding chain:
ssh -L 9001:localhost:3333 firewall.mycompany.com
ssh -L 3333:localhost:5900 vnc.example.com

The above example assumes:
  • you start the first command on your workstation (presumably outside your company network)
  • the company firewall (firewall.mycompany.com) allows SSH connections from outside the company
  • the second command is executed in the SSH session on the firewall server
PS: if your VNC client (I used "Chicken of the VNC") gives you an error like "Zlib inflate error: (null)" or "Zlib inflate error: invalid block type", try changing the color preferences. Connecting to a Debian with 24 bit color depth I had to change in Chicken of the VNC the connection profile's color depth from "Let Server Decide" to "Millions of Colors". Otherwise it gave me a "Zlib inflate error: (null)" error.

AttachmentSize
gdm_vnc3.62 KB

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

I still dont know why people

I still dont know why people would connect to the X of another pc.. You are behind your own desktop, so for graphic apps you can use your own, and remote, its allmost only on a server, and server needs no X.

great stuff

Worked great for me. I always wondered if this was possible. Who knew it was so simple? Thanks!