1 Linux:Desktop Sharing
2 =====================
3 :author: Aaron Ball
4 :email: nullspoon@iohq.net
5
6
7 == {doctitle}
8
9 For the last several weeks, I and several others running Linux on my team have
10 been unable to use the third party desktop sharing service our company has
11 purchased. This is due to the fact that several weeks ago, we all received
12 updates to our system versions of Java (openjdk and icedtea), which broke their
13 "web" client. We still need to share desktops though on occasion for meetings,
14 so a solution needs to be found. Thankfully there is a pretty great solution
15 out there for this that handles surprisingly well:
16 https://en.wikipedia.org/wiki/Virtual_Network_Computing[VNC].
17
18 [[enter-vnc]]
19 == Enter VNC
20
21 I'm not VNC's biggest fan. It's a really neat protocol, but it is often
22 misused. In nearly every deployment of it that I have seen, the end user didn't
23 tunnel through ssh, didn't enable ssl, and/or used their actual account
24 password to password the vnc session. If someone were particularly clever, they
25 could record the packets and effectively replay the vnc session and possibly
26 get the user's password amongst a list of other potential things.
27
28 Now, given that we're doing desktop sharing, we can't tunnel over ssh because
29 that requires a user account (unless you set up an anonymous account, which is
30 another good option). We can however do vnc over ssl.
31
32 To get going, we need one piece of software -
33 **http://www.karlrunge.com/x11vnc/[x11vnc]**. X11vnc differs from other vnc
34 servers in that it allows you to share display :0 rather than creating a new
35 virtual display (typically starting at :1). This allows you to physically be
36 using the display while other people watch it. Let's look at the
37 command/script to get this started...
38
39 ----
40 #!/usr/bin/env bash
41 echo "Sharing desktop on 5900" x11vnc -viewonly -ssl -sslonly -passwd <password> -forever
42 ----
43
44 What we have here is...
45
46 [cols=",,,,,",options="header",]
47 |===============================================================
48 |x11vnc |-viewonly |-ssl |-sslonly |-passwd <password> |-forever
49 |
50 |Prevents users from taking control of your display
51 |Makes ssl connections available
52 |Forces SSL to be used by all connecting clients
53 |Set the session password
54 |Don't shut the server down when a user disconnects
55 |===============================================================
56
57 A few things to note here...
58
59 One final thing I would like to point out is that with this, you can do
60 clipboard sharing if the clients all support it. All the sharer has to do is
61 copy something and all of the clients should be able to paste it on their
62 computers. I've used this for several meetings now and it works great. The
63 biggest difficulty I've had up to this point is to get people to install VNC
64 clients for the first time. Once they've got that going, they typically comment
65 shortly after the meeting about how much faster and easier vnc is than the
66 service the company pays for.
67
68
69 Category:VNC
70 Category:Linux
71
72
73 // vim: set syntax=asciidoc:
|
