There're quite a few howtos on the topic already, but most involve a lot more steps than what I've found. If you need a quick&dirty way to connect to the already running GDM, here's how to do it (ssh into the server and run as root):
$ apt-get install x11vnc
$ ps ax | egrep '(auth.*gdm|gdm.*auth)'
6022 tty7 Ss+ 0:10 /usr/X11R6/bin/X :0 -br -audit 0 -auth /var/lib/gdm/:0.Xauth -nolisten tcp vt7
11322 pts/8 S+ 0:00 egrep (auth.*gdm|gdm.*auth)
# Take the display and the auth file from the gdm command line above.
$ x11vnc -forever -display :0 -auth /var/lib/gdm/:0.Xauth
Now you can use your VNC client to connect to the VNC server which is most probably running on the standard 5900 port.
Note that this is _totally_ insecure:
- The connection between your VNC client and the server will be not encrypted. Thus the username and password (as you type them into the login box) will travel in plain text over the network.
- The VNC server is running with root privileges which is again something that you do not really want.
But hey: it was simple and fast, wasn't it?
To make this more secure you can do the following:
- Run the VNC server on the localhost (
x11vnc -forever -display :0 -listen 127.0.0.1 -auth /var/lib/gdm/:0.Xauth
- Run the VNC server with the privileges of a normal user. The GDM xauth file (
/var/lib/gdm/:0.Xauth) is by default readable only by the root user. You can of course make copy of it, chown it to the normal user and start the server with the normal user.
You could write a script to set up all this and add it to the correct runlevel so the VNC server starts up automatically on every boot. I've already created this script and attached it to this post (see
). To use it you put it in
and set it up to run on every boot (but after the
initscript finished, which runs by default as
update-rc.d gdm defaults 99
And to connect to the VNC server, ssh into the box forwarding some local port to the server's localhost:5900 port (eg.
ssh -L 9001:localhost:5900 vnc.example.com
) and start the VNC client on the forwarded port (localhost:9001 in the example).
If your VNC server is sitting on a company intranet, you can create an SSH port-forwarding chain:
ssh -L 9001:localhost:3333 firewall.mycompany.com
ssh -L 3333:localhost:5900 vnc.example.com
The above example assumes:
- you start the first command on your workstation (presumably outside your company network)
- the company firewall (firewall.mycompany.com) allows SSH connections from outside the company
- the second command is executed in the SSH session on the firewall server
PS: if your VNC client (I used "Chicken of the VNC"
) gives you an error like "Zlib inflate error: (null)" or "Zlib inflate error: invalid block type", try changing the color preferences. Connecting to a Debian with 24 bit color depth I had to change in Chicken of the VNC the connection profile's color depth from "Let Server Decide" to "Millions of Colors". Otherwise it gave me a "Zlib inflate error: (null)" error.