summaryrefslogtreecommitdiff
path: root/20220408-remote-desktop-vnc-openbsd.md
blob: 65cd2dbb1aeee4b92c16d96dbf12ea249017022b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

# Remote X11 desktop with x11vnc on OpenBSD

April 8, 2022

Here are a few quick instructions on how to setup a VNC server on OpenBSD. This can give you remote X11 access to your OpenBSD machine if you can run an SSH client and VNC client.

If you selected the default sets during your OpenBSD install, the X11 server is already installed, if not, you should install it now. We'll just need to install a VNC server through the packages, I've settled on `x11vnc`:

	# pkg_add x11vnc

Setting up `x11vnc` is pretty simple, you just need to give it command line options when starting the daemon. This is very simple with OpenBSD, just add your options to the `/etc/rc.conf.local` file. Here is an example configuration:

	x11vnc_flags="-listen localhost -rfbauth /etc/x11vnc.passwd -logfile /var/log/x11vnc -ncache 0 -display :0 -forever -loop100 -auth /etc/X11/xenodm/authdir/authfiles/A:0-*"

I won't explain all the options here, you should read `x11vnc(1)` and/or the [doc](https://github.com/LibVNC/x11vnc/tree/master/doc/OPTIONS.md) for more details. Nonetheless, the first two options are worth explaining. The VNC server is listening on localhost because the VNC protocol is not encrypted by default, so we will tunnel the VNC connection through SSH. Next, we specify a file containing the password to allow connecting. This file can be created with the following command, of course you should not use `verysecurepassword`:

	# x11vnc -storepasswd verysecurepassword /etc/x11vnc.passwd

According to the man page, this file is not encrypted and just obfuscated with a fixed private key, so you should restrict the permissions on this file. Anyway the server is ready to be started:

	# rcctl start x11vnc

You should now be able to connect to the server, after setting up the port forwarding with SSH, as such for example:

	$ ssh -L 5900:localhost:5900 myserver

This basically forwards port 5900 of `myserver` to port 5900 on `localhost`. To connect to the VNC server, simply use `localhost` as the server and port 5900. If issues may arise, read the log and `x11vnc(1)`. I've been using this setup for a few weeks now and I'm quite happy with it. As a bonus, here is a screenshot of my openbox VNC session:

[![openbox session screenshot](/static/20220408-openbox-vnc.png)](/static/20220408-openbox-vnc.png)
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 20:25:44 +0000