From ArchWiki
Revision as of 01:00, 7 September 2011 by Sputnick (talk | contribs) (add description)
Jump to: navigation, search

This template has only maintenance purposes. For linking to local translations please use interlanguage links, see Help:i18n#Interlanguage links.

Local languages: Català – Dansk – English – Español – Esperanto – Hrvatski – Indonesia – Italiano – Lietuviškai – Magyar – Nederlands – Norsk Bokmål – Polski – Português – Slovenský – Česky – Ελληνικά – Български – Русский – Српски – Українська – עברית – العربية – ไทย – 日本語 – 正體中文 – 简体中文 – 한국어

External languages (all articles in these languages should be moved to the external wiki): Deutsch – Français – Română – Suomi – Svenska – Tiếng Việt – Türkçe – فارسی

Setting up x11vnc

a VNC server for real X displays


pacman -S x11vnc


First, start X either by startx or through a manager such as GDM or SLiM. Then, open a terminal and type

x11vnc -display :0

Another option is to place the x11vnc line in a script which is called at login.

/usr/bin/x11vnc -nap -wait 50 -noxdamage -passwd PASSWORD -display :0 -forever -o /var/log/x11vnc.log -bg
Note: The password "PASSWORD" above is not secured; anyone who can run ps on the machine will see it. Also note that /var/log/x11vnc.log needs to be created manually and its ownership needs to match that of the user who will run it.

Setting X authority

You may set an X authority file for the VNC server. This is accomplished by using the '-auth' argument followed by the appropriate file, which will depend on how your X server was started. Generally, assigning an X authority file requires running x11vnc as root.


x11vnc -display :0 -auth ~/.Xauthority

If that fails, you may have to run (as root)

x11vnc -display :0 -auth /home/USER/.Xauthority

Where USER is the username of the user who is running the X server.


as root, run

x11vnc -display :0 -auth /var/lib/gdm/:0.Xauth


as root, run

x11vnc -display :0 -auth /var/run/slim.auth

WARNING: This will set up VNC with NO PASSWORD. This means that ANYBODY who has access to the network the computer is on CAN SEE YOUR XSERVER. It is a fairly simple matter to tunnel your VNC connection through SSH to avoid this. Or, simply set a password, as described below.
Note: password will only encrypt the login process itself. The transmission is still unencrypted[1].

Setting a password

mkdir ~/.x11vnc
x11vnc -storepasswd password ~/.x11vnc/passwd

To connect using the stored password use the -rfbauth argument and point to the passwd file you created, like so:

x11vnc -display :0 -rfbauth ~/.x11vnc/passwd 

Your viewer should prompt for a password when connecting.

Running constantly

By default, x11vnc will accept the first VNC session and shutdown when the session disconnects. In order to avoid that, start x11vnc with the -many argument, like this:

x11vnc -many -display :0

To start silently

x11vnc -many -display :0 &>/dev/null &


Get a VNC client on another computer, and type in the IP address of the computer running x11vnc. Hit connect, and you should be set.

If you are attempting to access a VNC server / computer (running x11vnc) from outside of it's network then you'll need to ensure that it has port 5900 forwarded.

SSH Tunnel

You need to have SSH installed and configured.

Use the -localhost flag to x11vnc to have it bind to the local interface. Once that is done, you can use SSH to tunnel the port, and then connect to VNC through SSH. (I haven't tried this) (confirmed working for me, thanks --bloodniece)

Simple example (from http://www.karlrunge.com/x11vnc/index.html#tunnelling):

$ ssh -t -L 5900:localhost:5900 remote_host 'sudo x11vnc -display :0 -auth /home/USER/.Xauthority'

where USER is the username of the user who is running the X server.

(you will likely have to provide passwords/passphrases to login from your current location into your remote_host Unix account; we assume you have a login account on remote_host and it is running the SSH server)

And then in another terminal window on your current machine run the command:

$ vncviewer -encodings "copyrect tight zrle hextile" localhost:0


You can check your ip address and make sure port 5900 is forwarded by visiting this website.