Remote X11 desktop with x11vnc on OpenBSD
April 8, 2022
Here are a few quick instructions on how to setup a VNC server on OpenBSD. This can give you remote X11 access to your OpenBSD machine if you can run an SSH client and VNC client.
If you selected the default sets during your OpenBSD install, the X11 server is already installed, if not, you should install it now. We'll just need to install a VNC server through the packages, I've settled on x11vnc
:
# pkg_add x11vnc
Setting up x11vnc
is pretty simple, you just need to give it command line options when starting the daemon. This is very simple with OpenBSD, just add your options to the /etc/rc.conf.local
file. Here is an example configuration:
x11vnc_flags="-listen localhost -rfbauth /etc/x11vnc.passwd -logfile /var/log/x11vnc -ncache 0 -display :0 -forever -loop100 -auth /etc/X11/xenodm/authdir/authfiles/A:0-*"
I won't explain all the options here, you should read x11vnc(1)
and/or the doc for more details. Nonetheless, the first two options are worth explaining. The VNC server is listening on localhost because the VNC protocol is not encrypted by default, so we will tunnel the VNC connection through SSH. Next, we specify a file containing the password to allow connecting. This file can be created with the following command, of course you should not use verysecurepassword
:
# x11vnc -storepasswd verysecurepassword /etc/x11vnc.passwd
According to the man page, this file is not encrypted and just obfuscated with a fixed private key, so you should restrict the permissions on this file. Anyway the server is ready to be started:
# rcctl start x11vnc
You should now be able to connect to the server, after setting up the port forwarding with SSH, as such for example:
$ ssh -L 5900:localhost:5900 myserver
This basically forwards port 5900 of myserver
to port 5900 on localhost
. To connect to the VNC server, simply use localhost
as the server and port 5900. If issues may arise, read the log and x11vnc(1)
. I've been using this setup for a few weeks now and I'm quite happy with it. As a bonus, here is a screenshot of my openbox VNC session: