#!/usr/bin/env bash echo "Sharing desktop on 5900" x11vnc -viewonly -ssl -sslonly -passwd <password> -forever
For the last several weeks, I and several others running Linux on my team have been unable to use the third party desktop sharing service our company has purchased. This is due to the fact that several weeks ago, we all received updates to our system versions of Java (openjdk and icedtea), which broke their "web" client. We still need to share desktops though on occasion for meetings, so a solution needs to be found. Thankfully there is a pretty great solution out there for this that handles surprisingly well: VNC.
I’m not VNC’s biggest fan. It’s a really neat protocol, but it is often misused. In nearly every deployment of it that I have seen, the end user didn’t tunnel through ssh, didn’t enable ssl, and/or used their actual account password to password the vnc session. If someone were particularly clever, they could record the packets and effectively replay the vnc session and possibly get the user’s password amongst a list of other potential things.
Now, given that we’re doing desktop sharing, we can’t tunnel over ssh because that requires a user account (unless you set up an anonymous account, which is another good option). We can however do vnc over ssl.
To get going, we need one piece of software - x11vnc. X11vnc differs from other vnc servers in that it allows you to share display :0 rather than creating a new virtual display (typically starting at :1). This allows you to physically be using the display while other people watch it. Let’s look at the command/script to get this started…
#!/usr/bin/env bash echo "Sharing desktop on 5900" x11vnc -viewonly -ssl -sslonly -passwd <password> -forever
What we have here is…
x11vnc | -viewonly | -ssl | -sslonly | -passwd <password> | -forever |
---|---|---|---|---|---|
Prevents users from taking control of your display |
Makes ssl connections available |
Forces SSL to be used by all connecting clients |
Set the session password |
Don’t shut the server down when a user disconnects |
A few things to note here…
One final thing I would like to point out is that with this, you can do clipboard sharing if the clients all support it. All the sharer has to do is copy something and all of the clients should be able to paste it on their computers. I’ve used this for several meetings now and it works great. The biggest difficulty I’ve had up to this point is to get people to install VNC clients for the first time. Once they’ve got that going, they typically comment shortly after the meeting about how much faster and easier vnc is than the service the company pays for.
Category:VNC Category:Linux