Thursday, June 7, 2012

Ubuntu 12.04 – How to use VNC even at the login prompt

I have a partially headless desktop machine on my desk only connected with a monitor. I typically use this machine for heavy duty computation or simulation. The machine is more than decent hardware wise. But I have a decent enough laptop where I like to keep all my day to day stuffs. Given the scenario, if I should ever have to use keyboard and mouse on the desktop machine, I would typically use Synergy to control the desktop using the keyboard and mouse from my laptop. Since the desktop has a much larger screen, it is quite convenient that way for many specific things. The desktop runs a SSH server. So, I can login over SSH and start the Synergy client which would connect back to the Synergy server running on my laptop. The setup is actually quite handy.

Now, there’s a catch. The problem is that synergy refuses to bind to the keyboard and mouse on the desktop machine due to missing X authentication credentials at the login prompt. Since at the login prompt, the user (me@desktop) hasn’t logged in yet. So, he (me@desktop) doesn’t have a proper X credential yet. Apparently, there is no easy way to pass the custom MIT-MAGIC-COOKIE to synergy. Therefore, I decided to fall back to VNC, which is also occasionally useful when I am working remotely.

Ubuntu 12.04 Precise Pangolin (I think 11.10 too) comes with LightDM as the login and display manager. Therefore, the desktop environments such as GNOME, KDE or LXDE would be started by LightDM only after the login has been successful. As mentioned before, Synergy can’t work in this phase because the X server authentication credentials from LightDM can not be passed easily. Therefore, to type in the password at LightDM login prompt, I use x11vnc. On Ubuntu, a quick “apt-get install x11vnc” will install it. The reason I like it a lot is mostly because it can be used like a regular console utility to start-up the VNC service. For example, I could just do “x11vnc –display :0” to quickly setup a VNC session over SSH and then login remotely over VNC. The additional benefit would be that VNC will be passed thru SSH (by means of SSH port forwarding), it will be way more secure than just plain VNC. So, coming back to where we were - to start x11vnc at the login prompt, a typical “x11vnc –display :0” wouldn’t work. Because the X server will refuse authentication as we need the authentication credentials for the LightDM service which is started as “root”. x11vnc provides an “-auth auto” option. But, it will also mostly likely fail because the “.Xauthority” file wouldn’t be found.

To get around this, we need to locate the right “.Xauthority” file where the MIT-MAGIC-COOKIE is saved. After some snooping around on my file-system, it appears that the LightDM service stores it’s files in “/var/lib/lightdm” directory. Great! now if we just do a “sudo x11vnc –display :0 –auth /var/lib/lightdm/.Xauthority” x11vnc will run in the login prompt and we will be able to use VNC even after login .

So, to recap, the steps are:

  • apt-get install x11vnc openssh-server
  • Reboot the machine (or log-out). In my case it’s my desktop.
  • ssh user@desktop. I would do it from my laptop.
  • sudo x11vnc –display :0 –auth /var/lib/lightdm/.Xauthority
  • Now, from my laptop I can use any VNC viewer to connect my desktop even in the login prompt.


Unknown said...

Thanks! This is just what I was looking for, although it's a bit scary running a VNC as root with the security implications. I'd recommend hedging your bets with something like that is recommended at

ssh -t -L 5900:localhost:5900 far-away.east 'sudo x11vnc -localhost -display :0 -auth /var/lib/lightdm/.Xauthority'

to create the tunnel and only allow localhost connections. There is also a handy Upstart config file here:

Unknown said...

Hi @Jason, thanks a lot for your comment and for the links. I actually do run VNC through SSH by means of, as you suggested, SSH local port forwarding. An upstart service script is also obviously quite handy. But I actually prefer not to run VNC as a service as root and would rather start it on demand only when absolutely needed. So in my case, first I'll SSH to my remote machine (which will also forward my local 5900 port to remote 5900). Then I'll type 'x11vnc -display :0' in the SSH console to run VNC on the remote machine. And finally, I will point my VNC client from the local machine to 'localhost:5900' address. The "sudo x11vnc" is needed to be able to access the '/var/lib/lightdm/.Xauthority' file. Once we have gone past the login screen, we don't need to do the "sudo x11vnc" anymore. The trick is still handly in scenarios, for example, when you have had rebooted your machine and stuck at the login prompt.

Anonymous said...

Thank you so much.

Missis Karens blog said...

Howdy! What a adorable looking personal blog you own! Did you organize this website with our own help?

Unknown said...

Hi @Karen, thank you so much. Very glad that you liked it. Yes, I manage it on my own as a casual hobby. I checked out your blog and it is very nice too. Thanks again.

Morten said...

Using Synergy already at login prompt, check out;


Anonymous said...

"Great! now if we just do a “sudo 11vnc –display :0 –auth /var/lib/lightdm/.Xauthority” x11vnc will run in the login prompt and we will be able to use VNC even after login ."

should be "sudo x11vnc.... you are missing an x there :)

Thanks a lot for this, saved me from driving to the office :)

Unknown said...

Thanks for pointing out :). Fixed now. I am glad that you found it useful. Cheers!

Anonymous said...

This is a really great find Babil... I've been wondering for quite some time how to VNC access a headless machine after reboot(sitting at login). I typically had to drag a keyboard and monitor in(ugh) and therefore avoided rebooting at all cost.

Anonymous said...

Have you ever considereԀ publishing an ebook or guest authoring on other blogs?

I have a blߋg centered on the samе subjects yoս discսss and woul гeally like tо have you share some
ѕtories/information. I know my subscribers ԝould value yojr
work. If ʏou're evrn remotely iոterested, feel frеe to shoot mme
an еmail.

Feel free to surf to my web page :: android tv box review xbmc - -

Anil said...

Thank you so very much Babil. This is exactly what I was looking for and works like magic. :)

Unknown said...

Thank you very much. Been looking for this for a while. Awsome job!

Anonymous said...

Thank you very much. Best & easiest howto for x11vnc prior to login. THKS

Unknown said...

is there a good way to get this running at startup (after a reboot?? my machine is accessible only from behind my firewall and is just a simple media server for plex)

Anonymous said...

Cheers big ears. This is a life saver.

Celestino Laranjeira said...

if problem with xauthority continues, view my solution (unafortunatelly in portuguese) check this: Ubuntu não passa do ecrã de login

Post a Comment