Ubuntu Fluxbox GUI with x11vnc and Xvfb

From richud.com
Jump to navigation Jump to search

Fluxbox GUI, via VNC (5900) and Xvfb

This will let you remotely access your machine to a Fluxbox GUI, via VNC (5900) and Xvfb completely separately to your 'normal' desktop.

Install the bits

$ sudo apt-get install x11vnc xvfb fluxbox

One liner

  • -create makes it start Xvfb
  • X11VNC_FINDDISPLAY_ALWAYS_FAILS=1 makes it goto the created Xvfb session (Display :1 rather than :0 which will be normal desktop)
  • FD_PROG=/usr/bin/fluxbox makes it fire up Fluxbox (Ubuntu's one, should have background Ubuntu logo)
  • X11VNC_CREATE_GEOM=${1:-1024x768x16} sets screen to 16bit colour 1024x768
  • -gone cleans up when it exits as otherwise Xvfb is left behind (killing xvfb also kills fluxbox)
$ x11vnc -create -env FD_PROG=/usr/bin/fluxbox \
        -env X11VNC_CREATE_GEOM=${1:-1024x768x16} \
        -gone 'killall Xvfb' \
        -bg -nopw

need -auth /var/run/lightdm/root/:0 ?

Doing it separately

taken from http://en.wikipedia.org/wiki/Xvfb

export DISPLAY=:1
Xvfb :1 -screen 0 1024x768x16 &
fluxbox &
x11vnc -display :1 -bg -nopw -xkb


Scenario, access your work machine by creating a reverse ssh tunnel (other pages with more details)

Autossh keeps a ssh tunnel open back from your firewalled work to you homeaddress, port 27002 is an arbitary number for monitoring, basically anything that isnt used for something else.

$ autossh -f -M27002 -q -N -o stricthostkeychecking=no -R 22222:localhost:22 -R 5900:localhost:5900 user@homeaddress

This will sit running on your work pc trying to connect to your home every 300 seconds on port 22 (you will need to map incoming TCP port 22 on your home router to your PC behind it) If you look in /var/log/auth.log you should see your work pc connect. (you will need to have setup with authorized_keys rather than password access for ssh, see other pages)

Once it connects you can now SSH to port 22222 on your home pc which will connect back through this tunnnel to your work pc into a normal terminal. Run the above command to start x11vnc. Now connecting to (on port 5900) on home pc should connect you through to a Fluxbox session on the work pc! (which is invisible to anyone looking on it as it is running in a virtual framebuffer (Xvfb).

Using vino-server

If you want a direct connection to the 'real' desktop you can either use x11vnc without setting anything, or use built in vino-server (aka 'Vino' aka 'Desktop Sharing'). If you are using unity and broadband the experience will be pretty dire except using the lowest settings, which is still pretty aweful. In Precise 12.04 (and 11.10?) vino settings are set in dconf NOT in ~/.gconf/desktop/gnome/remote_access/%gconf.xml

dconf-editor is needed to edit via GUI, gesettings edits via command line

  • enable
  • stop user to confirm (i.e. prompt) [this is vital otherwise you end up connecting to a black screen, which many threads will tell you the incorrect solution for is to replace compiz with metacity etc.]
  • turn off authentication (as going to listen on local interface only, any connection via SSH)
  • listens on local only [obv. dont set this is you are using on a LAN, and probably set a password]


$ export DISPLAY=:0
$ gsettings set org.gnome.Vino enabled true
$ gsettings set org.gnome.Vino prompt-enabled false
$ gsettings set org.gnome.Vino authentication-methods "['none']"
$ gsettings set org.gnome.Vino network-interface lo

These settings take place instantly, you can see this by running "netstat -an --tcp --program", you will see to begin with (default) listen on all interfaces, as soon as you set interface to lo, you should see this change

tcp        0      0  *               LISTEN      12590/vino-server
#change to
tcp        0      0*               LISTEN      12590/vino-server

If it doesn't start you can do it via this, the ampersand with background it.

/usr/lib/vino/vino-server --sm-disable &

So my Vino settings look like;

$ gsettings list-recursively org.gnome.Vino
org.gnome.Vino alternative-port uint16 5900
org.gnome.Vino authentication-methods ['vnc']
org.gnome.Vino disable-background false
org.gnome.Vino disable-xdamage false
org.gnome.Vino enabled true
org.gnome.Vino icon-visibility 'client'
org.gnome.Vino lock-screen-on-disconnect false
org.gnome.Vino mailto ''
org.gnome.Vino network-interface 'lo'
org.gnome.Vino notify-on-connect true
org.gnome.Vino prompt-enabled false
org.gnome.Vino require-encryption false
org.gnome.Vino use-alternative-port false
org.gnome.Vino use-upnp false
org.gnome.Vino view-only false
org.gnome.Vino vnc-password 'keyring'

  • org.gnome.Vino authentication-methods ['vnc'] / org.gnome.Vino vnc-password 'fgWdfggG=' , where it is base64 encoded. [Setting a connection password in vino-preferences (or Desktop Sharing, which is same thing) does this]
  • org.gnome.Vino authentication-methods ['vnc'] / org.gnome.Vino authentication-methods ['none'] = makes it use your normal keyring (GUI now called seahorse) for storing password
  • org.gnome.Vino authentication-methods ['none'], no additional password
  • Note vino-passwd doesnt seem to set anything anywhere -will look into this more, strace seems to show its writing to org.freedesktop.Secr , but dont understand more yet. WIP.


As a pure VNC server (better than vino).

sudo x11vnc -nc -localhost -once -nopw -auth /var/lib/gdm/:0.Xauth -display :0

Once running you can connect securely via an SSH tunnel with Remmina for example, enable ssh tunnel and local loopback. (as its listening on lo remotely)