X Magic Tricks
Run a second instance of X Windows
Normally only a single X server is run on a machine for a
suppose another user wants to use the machine. The
would be to terminate and log off the first user, then logon the second.
startx -- :1
to start a second X server on display :1. The
default window manager will be started, usually gnome, but if
startx is replaced by startxfce4 the xfce4 window manager will be used
Run a remote X session locally via VNC
Suppose you have a remote machine that you want to display and
control locally. Maybe that machine is difficult to go to,
or maybe it's headless - without a monitor. You can easily
display an entire X session from that remote machine locally
by running vnc (Virtual Network Computing).
Visit the remote machine and start vncserver. Use ssh to
login, and run the command
A better alternative is to activate the vncserver service on
the remote machine
so it will be active after a reboot. But first, edit the
remote /etc/sysconfig/vncservers file to add lines such as
Start the vncviewer. At the local machine run
Tunnel VNC via SSH over the internet
The above method works fine within a local network, but if you need to access a remote machine somewhere on the internet, a more secure method is needed. Let's assume that both the local machine and the remote machine are behind routers and firewall devices and that each have private addresses on their LAN's and they access the internet by NAT (Network Address Translation) performed at the router devices. The routers have public internet addresses, but the Linux boxes do not. However, each of the routers use port forwarding for port 22, so that ssh traffic to the router address is passed inward to a Linux box. Thus, an ssh connection addressed to the public router address is passed to the internal Linux box. Any machine on the local network can address an ssh session to the main machine at the remote LAN using the public name of the remote router, say, remote.system.org.
With this setup, ssh can be used to create a tunnel from the local machine to the main remote machine, as thoroughly described in VNC through SSH. Here is a recipe that follows that guidance:
Start vncserver on the remote machine, as previously described.
Log on to remote.system.org as user 'joe' via ssh and start vncserver
(and Xvnc), obtaining the address for the vnc display, eg,
machname.domain.lan:1. If you prefer to use a window manager
twm, edit the $HOME/.vnc/xstartup. In addition, determine
the IP of
machname on the local LAN, eg 192.168.2.2 and then break the ssh
Step 2: Create an ssh tunnel.
ssh -L 5902:192.168.2.2:5901 -N -T -c blowfish firstname.lastname@example.org
vncviewer normally connects to port 58XX, where XX is the display number such as :1. The -L option says to create a tunnel from port 5902 on the localhost to the machine address 192.168.2.2:5901 on remote.system.org, logging in as joe. The 5902 port means vncviewer will connect to localhost:2 but will actually talk to display :1 on the machine with IP 192.168.2.2. The screen number implied by 5901 must match the screen number obtained in Step 1 (:1). The -N option causes ssh to not create a command prompt, but only to open the tunnel. The -c option tells ssh to use blowfish encryption instead of the default 3des. This is somewhat more efficient, and just about as secure. Leave this ssh session running.
Step 3: Start vncviewer.
vncviewer -PreferredEncoding hextile localhost:2
Note the use of localhost:2 to connect to the tunnel on port 5902. The -PreferredEncoding hextile option is slightly more efficient over a network connection than the default 'raw' encoding. After entering the password established in Step 1, a new large window will open, with the designated window manager running on the remote machine. All traffic on the internet is encrypted and secure.