A few weeks ago I posted an ‘interesting’ picture showing that is was possible to access the desktop on one machine from another – and then access another machine from the second and so on.
I actually managed to nest five different desktops, using three different versions of linux with three different window managers, on three different types of hardware, before I ran out of boxes.
Personally I find that using a remote desktop is the best way to connect to my Raspberry Pi, which is connected to my network but is ‘headless’ without it’s own screen, keyboard or mouse.
So far I haven’t figured out how to connect remotely to a VAX/VMS machine running DEC Windows/Motif yet but I’m working on it!
Note – When using Xwindows to connect to a remote machine over the network all the interactions between the X client and server, such as keystrokes and displayed text, can be easily monitored because the connection is not encrypted. This includes the user name and password.
If you are concerned about security then you should use ssh to connect to the remote machine first and then forward the Xwindows connection over the encrypted ssh connection. To do this you have to connect to the remote system using ssh from a console window and login first before configuring the display environment variable and starting the applications you want to
run using the command line on the remote machine.
However, this isn’t as easy as simply connecting the remote machine’s display manager and being able to see the remote desktop in a window on your local machine, so when I’m using my own private network I prefer to use Xwindows to connect from my desktop machine running an xserver to connect to the display manager on a remote machine using XDMCP.
To do this you need to configure you local machine to allow it to run an xserver in a window on the existing desktop. (The xserver is the component that interfaces with the screen keyboard and mouse – the applications that use Xwindows are the xclients).
$ su Password: # apt-get install xserver-xephyr Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: xserver-xephyr 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 1927kB of archives. After this operation, 4358kB of additional disk space will be used. : : : Setting up xserver-xephyr (2:1.4.2-10.lenny4) ... #
Then once you have configured the remote machine assuming it's IP address is 192.168.0.1 you can connect using the following command.
$ Xephyr -query 192.168.0.1 -screen 1024x800 -dpi 96 -terminate :1
Note that the command will fail if the display is already in use (or has already been started) so you may need to use a higher display number, this is defiantly true if you are using more that one connection. To get around this I wrote a little script that finds the first available display number and attempts to connects to the specified remote machine.
Then on the machine you want to connect to you will need to configure the display manager to allow incoming connections. How you do this will depend on which display manager you are using, see notes below.
If the remote display manager is not running or you cannot connect you will get a window with a gray background. If everything else is configured correctly then the connection may be being blocked by a firewall since most modern linux distributions include a firewall which will block incoming network traffic.
To allow incoming connections you will need to allow incoming connections on ports 177, 6000-6005, and 7100. Assuming you are using UFW then you need to modify the firewall rules using the following commands where nnn.nnn.nnn are the first three octets of your network address. (I am assuming you subnet mask is 255.255.255.0).
$ su Password: # ufw allow proto udp from nnn.nnn.nnn.0/24 to any port 177 Rule added # ufw allow proto tcp from nnn.nnn.nnn.0/24 to any port 177 Rule added # ufw allow proto tcp from nnn.nnn.nnn.0/24 to any port 6000:6005 Rule added # ufw allow proto tcp from nnn.nnn.nnn.0/24 to any port 7100 Rule added #
This is the default display manager for the GNOME desktop environment to enable remote access you will need to make the following changes to allow incoming network connections and enable XDMCP. You need to add the same entries for both GDM and the newer GDM3, however the configuration files have slightly different names.
For GDM you need to modify the following file.
$ su Password: # vi /etc/gdm/gdm.conf
If you are using GDM3 then you need to modify a slightly different file.
$ su Password: # vi /etc/gdm3/daemon.conf
In both cases however you need to modify the following the entries in the same sections of the file as shown below to enable XDMCP and allow incoming connections.
[security] DisallowTCP=false [xdmcp] Enable=true [gui]
This is a new lightweight default display manager that has been adopted by some of the more up to date distributions, including that used on the Raspberry Pi, as the default display manager, replacing GDM.
To enable remote connections you need to edit the configuration file.
$ su Password: # vi /etc/lightdm/lightdm.conf
Then make the following changes to enable XDMCP.
# [XDMCPServer] enabled=true port=177 #key= #
KDM is the default display manager for the KDE desktop environment.
To enable remote connections you need to modify two separate files, the KDM configuration file itself and a separate configuration file that controls which machines are allowed to connect.
Start by modifying the KDM configuration file.
$ su Password: # vi /etc/kde4/kdm/kdmrc
You need to make the following changes to enable XDMCP.
Then to allow any machine to connect you need to edit the configuration file that controls remote connections.
# vi /etc/kde4/kdm/Xaccess
Find the line shown below, which will be commented out and uncomment it.
# * #any host can get a login window #
As before you will need to reboot the machine (or at least restart Xwindows) for the changes to take effect.