24 Apr 2016 - by 'Maurits van der Schee'
I upgraded my HTPC from Ubuntu 14.04 to 16.04 and since the box does not have a keyboard or mouse I had to setup remote access. I chose to install x11vnc, which is easy to use, but requires tunneling over SSH to be secure.
I chose "x11vnc", which is easy to use and can be configured to be active during the login (greeter). It's built-in security is not good, so it requires tunneling over SSH to be secure. That's why we start installing an SSH server using:
sudo apt-get install openssh-server
Then we ensure the firewall is installed and we configure it to allow traffic on TCP 22 (SSH) and enable it:
sudo apt-get install ufw sudo ufw allow 22 sudo ufw enable
Now try to login using SSH. This should succeed.
Now that SSH is set up, we can install the "x11vnc" package using:
sudo apt-get install x11vnc
Then we setup a password (just an extra layer of security).
sudo x11vnc -storepasswd SomeVerySecurePassword /etc/x11vnc.pass
Now we add the startup configuration:
sudo nano /lib/systemd/system/x11vnc.service
In the editor we copy/paste the following:
[Unit] Description="x11vnc" Requires=display-manager.service After=display-manager.service [Service] ExecStart=/usr/bin/x11vnc -xkb -norc -forever -shared -display :0 -auth guess -rfbauth /etc/x11vnc.pass -localhost -o /var/log/x11vnc.log ExecStop=/usr/bin/killall x11vnc Restart=on-failure Restart-sec=2 [Install] WantedBy=multi-user.target
By starting the "x11vnc" with the option "-localhost" we limit it to (SSH) tunneled connections. In order to make this configuration effective we have to issue the following commands:
sudo systemctl daemon-reload sudo systemctl enable x11vnc sudo systemctl start x11vnc
Now you can connect to your machine using an SSH tunnel or using the "remmina" VNC client (for Linux), which has a built-in tunnel manager.