Remotely setting up remote access to a GNOME session
I’ve got many boxes for testing purposes and while often I can run graphical apps over SSH, every so often I really do need to run the app within a full GNOME session. For example, the incredible new PolicyKit app in Fedora 8 enables desktop applications to authenticate to gain extra privileges. PolicyKit uses ConsoleKit for its session tracking & the ConsoleKit sessions are created by GDM when you initially login. Thus to test an application using PolicyKit you really do need to login via GDM and run a full GNOME session, not merely a X tunnel over SSH.
Now of course the critical times when I need to do this testing are when I’m not physically anywhere near the machine I need to test on. And invariably I’ve not left a login session active, nor even GNOME’s ‘remote desktop’ access enabled. Traditionally I’ve just created a suitable VNC server startup file containing
$ cat $HOME/.vnc/xstartup #!/bin/sh [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic & unset DBUS_SESSION_BUS_ADDRESS eval `dbus-launch --sh-syntax --exit-with-session` exec gnome-session
This gets me a full GNOME login session. Unfortunately there’s no ConsoleKit session associated with this & thus no possibility of using PolicyKit. GNOME itself though does come with VINO which can export your regular X session using the VNC protocol. If only I were logged into X on the machine’s console & running VINO. Argh.
After much poking around I finally figured out a solution. First off, SSH to the box in question as your regular desktop user. Now we can use gconftool-2 to enable VINO. We need to enable it, enable authentication, set a password, turn off incoming connection prompts and possibily set an explicit port (if you have something else on the regular port 5900 – eg a Xen guest).
# Disable local confirmation dialog for incoming connections gconftool-2 --type bool --set /desktop/gnome/remote_access/prompt_enabled false # Change VNC port to :9 instead of :0 gconftool-2 --type bool --set /desktop/gnome/remote_access/use_alternative_port true gconftool-2 --type int --set /desktop/gnome/remote_access/alternative_port 5909 # Enable password auth gconftool-2 --type list --list-type string --set /desktop/gnome/remote_access/authentication_methods '[vnc]' PW=`echo 'mypassword' | base64` gconftool-2 --type string --set /desktop/gnome/remote_access/vnc_password $PW # Enable the VINO server gconftool-2 --type bool --set /desktop/gnome/remote_access/enabled true
So that has the VINO server configured to run when I’m logged in, but as I mentioned already – I’m typically not logged in on the console when I need to be. For this challenge GDM comes to the rescue. It is possible change its config file to specify that a particular user will be automatically logged in the moment GDM starts. To do this edit /etc/gdm/custom.conf and add
[daemon] AutomaticLogin=yourusername AutomaticLoginEnable=true
A quick restart of GDM later, and I’m automatically logged into the remote box with a full GNOME session, including all the neccessary ConsoleKit magic. I can now connect with VNC and properly test virt-manager / PolicyKit integration. Yay.
nx/freenx
Greate! Just I want to know!
But in my Fedora 8(running in KVM), the VINO doesn’t work right! I want to know more about the configuration of VINO, I think!
Thanks for your article, just a good hint!
Where does the base64 come from? I tried this on an Ubuntu system, but there is not base64 command.
Really useful, tnx for sharing!
One thing: there’s not a single base64 binary that i can find binary or source available.
a quick advanced search on ubuntu packages shows a base64tool part of Package mkvtoolnix (2.0.0-1) [universe].
The use is a bit different, tough, since it does not read/write from/to stdin/stdout, so it is necessary to echo the password to a file, then specify its name on cmdline.
Anyway to obtain installation directions, just type
# base64tool
at yr ubuntu Feisty prompt
Setting up on Ubuntu 9.04 in Aug 2009 I found that I did already have the needed base64 command (my config is ubuntu-desktop over a server install), however instead of editing /etc/gdm/custom.conf I needed to change the configuration of /etc/gdm/gdm.conf instead for the automatic login. After I edited the correct file and restarted GDM, VNC came right up.
Thanks!