Thursday, June 7, 2012

Ubuntu 12.04 – How to use VNC even at the login prompt


I have a partially headless desktop machine on my desk only connected with a monitor. I typically use this machine for heavy duty computation or simulation. The machine is more than decent hardware wise. But I have a decent enough laptop where I like to keep all my day to day stuffs. Given the scenario, if I should ever have to use keyboard and mouse on the desktop machine, I would typically use Synergy to control the desktop using the keyboard and mouse from my laptop. Since the desktop has a much larger screen, it is quite convenient that way for many specific things. The desktop runs a SSH server. So, I can login over SSH and start the Synergy client which would connect back to the Synergy server running on my laptop. The setup is actually quite handy.

Now, there’s a catch. The problem is that synergy refuses to bind to the keyboard and mouse on the desktop machine due to missing X authentication credentials at the login prompt. Since at the login prompt, the user (me@desktop) hasn’t logged in yet. So, he (me@desktop) doesn’t have a proper X credential yet. Apparently, there is no easy way to pass the custom MIT-MAGIC-COOKIE to synergy. Therefore, I decided to fall back to VNC, which is also occasionally useful when I am working remotely.

Ubuntu 12.04 Precise Pangolin (I think 11.10 too) comes with LightDM as the login and display manager. Therefore, the desktop environments such as GNOME, KDE or LXDE would be started by LightDM only after the login has been successful. As mentioned before, Synergy can’t work in this phase because the X server authentication credentials from LightDM can not be passed easily. Therefore, to type in the password at LightDM login prompt, I use x11vnc. On Ubuntu, a quick “apt-get install x11vnc” will install it. The reason I like it a lot is mostly because it can be used like a regular console utility to start-up the VNC service. For example, I could just do “x11vnc –display :0” to quickly setup a VNC session over SSH and then login remotely over VNC. The additional benefit would be that VNC will be passed thru SSH (by means of SSH port forwarding), it will be way more secure than just plain VNC. So, coming back to where we were - to start x11vnc at the login prompt, a typical “x11vnc –display :0” wouldn’t work. Because the X server will refuse authentication as we need the authentication credentials for the LightDM service which is started as “root”. x11vnc provides an “-auth auto” option. But, it will also mostly likely fail because the “.Xauthority” file wouldn’t be found.

To get around this, we need to locate the right “.Xauthority” file where the MIT-MAGIC-COOKIE is saved. After some snooping around on my file-system, it appears that the LightDM service stores it’s files in “/var/lib/lightdm” directory. Great! now if we just do a “sudo x11vnc –display :0 –auth /var/lib/lightdm/.Xauthority” x11vnc will run in the login prompt and we will be able to use VNC even after login .

So, to recap, the steps are:

  • apt-get install x11vnc openssh-server
  • Reboot the machine (or log-out). In my case it’s my desktop.
  • ssh user@desktop. I would do it from my laptop.
  • sudo x11vnc –display :0 –auth /var/lib/lightdm/.Xauthority
  • Now, from my laptop I can use any VNC viewer to connect my desktop even in the login prompt.


16 comments:

Post a Comment