Remotely setting up remote access to a GNOME session

Posted: September 5th, 2007 | Filed under: Gtk-Vnc, Virt Tools | 5 Comments »

I’ve got many boxes for testing purposes and while often I can run graphical apps over SSH, every so often I really do need to run the app within a full GNOME session. For example, the incredible new PolicyKit app in Fedora 8 enables desktop applications to authenticate to gain extra privileges. PolicyKit uses ConsoleKit for its session tracking & the ConsoleKit sessions are created by GDM when you initially login. Thus to test an application using PolicyKit you really do need to login via GDM and run a full GNOME session, not merely a X tunnel over SSH.

Now of course the critical times when I need to do this testing are when I’m not physically anywhere near the machine I need to test on. And invariably I’ve not left a login session active, nor even GNOME’s ‘remote desktop’ access enabled. Traditionally I’ve just created a suitable VNC server startup file containing

$ cat $HOME/.vnc/xstartup
#!/bin/sh

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &

unset DBUS_SESSION_BUS_ADDRESS
eval `dbus-launch --sh-syntax --exit-with-session`
exec  gnome-session

This gets me a full GNOME login session. Unfortunately there’s no ConsoleKit session associated with this & thus no possibility of using PolicyKit. GNOME itself though does come with VINO which can export your regular X session using the VNC protocol. If only I were logged into X on the machine’s console & running VINO. Argh.

After much poking around I finally figured out a solution. First off, SSH to the box in question as your regular desktop user. Now we can use gconftool-2 to enable VINO. We need to enable it, enable authentication, set a password, turn off incoming connection prompts and possibily set an explicit port (if you have something else on the regular port 5900 – eg a Xen guest).

# Disable local confirmation dialog for incoming connections
gconftool-2 --type bool --set /desktop/gnome/remote_access/prompt_enabled false

# Change VNC port to :9 instead of :0
gconftool-2 --type bool --set /desktop/gnome/remote_access/use_alternative_port true
gconftool-2 --type int --set /desktop/gnome/remote_access/alternative_port 5909

# Enable password auth
gconftool-2 --type list --list-type string --set /desktop/gnome/remote_access/authentication_methods '[vnc]'
PW=`echo 'mypassword' | base64`
gconftool-2 --type string --set /desktop/gnome/remote_access/vnc_password $PW

# Enable the VINO server
gconftool-2 --type bool --set /desktop/gnome/remote_access/enabled true

So that has the VINO server configured to run when I’m logged in, but as I mentioned already – I’m typically not logged in on the console when I need to be. For this challenge GDM comes to the rescue. It is possible change its config file to specify that a particular user will be automatically logged in the moment GDM starts. To do this edit /etc/gdm/custom.conf and add

[daemon]
AutomaticLogin=yourusername
AutomaticLoginEnable=true

A quick restart of GDM later, and I’m automatically logged into the remote box with a full GNOME session, including all the neccessary ConsoleKit magic. I can now connect with VNC and properly test virt-manager / PolicyKit integration. Yay.

5 Responses to “Remotely setting up remote access to a GNOME session”

  1. Greate! Just I want to know!
    But in my Fedora 8(running in KVM), the VINO doesn’t work right! I want to know more about the configuration of VINO, I think!
    Thanks for your article, just a good hint!

  2. Alan says:

    Where does the base64 come from? I tried this on an Ubuntu system, but there is not base64 command.

  3. mic says:

    Really useful, tnx for sharing!

    One thing: there’s not a single base64 binary that i can find binary or source available.
    a quick advanced search on ubuntu packages shows a base64tool part of Package mkvtoolnix (2.0.0-1) [universe].

    The use is a bit different, tough, since it does not read/write from/to stdin/stdout, so it is necessary to echo the password to a file, then specify its name on cmdline.

    Anyway to obtain installation directions, just type
    # base64tool
    at yr ubuntu Feisty prompt

  4. Edward says:

    Setting up on Ubuntu 9.04 in Aug 2009 I found that I did already have the needed base64 command (my config is ubuntu-desktop over a server install), however instead of editing /etc/gdm/custom.conf I needed to change the configuration of /etc/gdm/gdm.conf instead for the automatic login. After I edited the correct file and restarted GDM, VNC came right up.

    Thanks!

Leave a Reply





Spam protection: Sum of s1x plus n1ne ?: