datixlogo

      Document made with KompoZer

X Magic Tricks


Run a second instance of X Windows

Normally only a single X server is run on a machine for a user.   But suppose another user wants to use the machine.   The conventional way would be to terminate and log off the first user, then logon the second.

There's an easier way - run a second X server and switch screens.   The second user goes to a console window with CTRL-ALT-F2 and logs in, then types

 startx -- :1

to start a second X server on display :1.  The default window manager will be started, usually gnome, but if startx is replaced by startxfce4 the xfce4 window manager will be used instead.  
Switch back and forth:
    CTRL-ALT-F7  switch to display :0 for the first user
    CTRL-ALT-F8  switch to display :1 for the second user.

Run a remote X session locally via VNC

Suppose you have a remote machine that you want to display and control locally.   Maybe that machine is difficult to go to, or maybe it's headless - without a monitor.  You can easily display an entire X session from that remote  machine locally by running vnc (Virtual Network Computing).

Step 1:  Visit the remote machine and start vncserver.  Use ssh to login, and run the command
    vncserver [ :1 ]
where the optional :1 chooses a specific display number instead of the next available one.  This also populates a new directory, ~/.vnc/ with several files.  The startup file ~/.vnc/xstartup, will include commands to start twm, a lightweight window manager.  If you prefer a more robust manager, such as xfce4, edit this file to say:
  #
xterm -geometry 80x24+10+10  -ls -title "$VNCDESKTOP Desktop" &
  # twm &
  startxfec4 &

Then logoff and terminate the ssh session.

A better alternative is to activate the vncserver service on the remote machine 
    sysconfig enable vncserver
    sysconfig start vncserver

so it will be active after a reboot.  But first, edit the remote /etc/sysconfig/vncservers file to add lines such as

    VNCSERVERS="1:dad"
    VNCSERVERARGS[1]="-geometry 1024x768"

These lines specify who will be running the service and the size of the display window.  It's still necessary to edit the startup file, as above.

Step 2:  Start the vncviewer.  At the local machine run
    vncviewer  remotename:1
A popup window will ask for a password for the remote user's account.   Then a large window will open to the remote machine.

Voila!  You now have X running on your local machine, with all it's usual windows, plus a large window to the remote machine with it's own set of windows inside  - an X session within an X session.

You can open additional VNC sessions to other remote machines, limited only by the amount of RAM locally.  The VNC protocol is quite efficient and creates little traffic on the network.  It's hard to see how makers of KVM switches stay in business when this can be done at zero cost.

Tunnel VNC via SSH over the internet

The above method works fine within a local network, but if you need to access a remote machine somewhere on the internet, a more secure method is needed.   Let's assume that both the local machine and the remote machine are behind routers and firewall devices and that each have private addresses on their LAN's and they access the internet by NAT (Network Address Translation) performed at the router devices.   The routers have public internet addresses, but the Linux boxes do not.   However, each of the routers use port forwarding for port 22, so that ssh traffic to the router address is passed inward to a Linux box.   Thus, an ssh connection addressed to the public router address is passed to the internal Linux box.   Any machine on the local network can address an ssh session to the main machine at the remote LAN using the public name of the remote router, say, remote.system.org.

With this setup, ssh can be used to create a tunnel from the local machine to the main remote machine, as thoroughly described in VNC through SSH. Here is a recipe that follows that guidance:

Step 1: Start vncserver on the remote machine, as previously described. Log on to remote.system.org as user 'joe' via ssh and start vncserver (and Xvnc), obtaining the address for the vnc display, eg, machname.domain.lan:1.   If you prefer to use a window manager other than twm, edit the $HOME/.vnc/xstartup.   In addition, determine the IP of machname on the local LAN, eg 192.168.2.2 and then break the ssh session.

Step 2: Create an ssh tunnel.

   ssh -L 5902:192.168.2.2:5901 -N -T -c blowfish joe@remote.system.org

vncviewer normally connects to port 58XX, where XX is the display number such as :1.   The -L option says to create a tunnel from port 5902 on the localhost to the machine address 192.168.2.2:5901 on remote.system.org, logging in as joe.   The 5902 port means vncviewer will connect to localhost:2 but will actually talk to display :1 on the machine with IP 192.168.2.2.   The screen number implied by 5901 must match the screen number obtained in Step 1 (:1).   The -N option causes ssh to not create a command prompt, but only to open the tunnel.   The -c option tells ssh to use blowfish encryption instead of the default 3des.   This is somewhat more efficient, and just about as secure.   Leave this ssh session running.

Step 3:   Start vncviewer.

   vncviewer -PreferredEncoding hextile localhost:2

Note the use of localhost:2 to connect to the tunnel on port 5902.   The -PreferredEncoding hextile option is slightly more efficient over a network connection than the default 'raw' encoding.   After entering the password established in Step 1, a new large window will open, with the designated window manager running on the remote machine.   All traffic on the internet is encrypted and secure.