Skip to content

Instantly share code, notes, and snippets.

@itsfolf

itsfolf/vnc.md

Last active August 17, 2022 21:55
Show Gist options
  • Save itsfolf/1029f674eca3783f2d123521ff6a4ceb to your computer and use it in GitHub Desktop.
Save itsfolf/1029f674eca3783f2d123521ff6a4ceb to your computer and use it in GitHub Desktop.
Download ZIP
How to setup VNC on Wayland (Sway) + SDDM for unattended access
Raw
vnc.md

How to setup VNC on Wayland (Sway) + SDDM for unattended access

1. Install both x11vnc and wayvnc

Since SDDM runs under X11 we will be running two separate vnc services, each on it's own port. x11vnc will take care of SDDM, while wayvnc will handle our desktop session. Both services are set up with SSL encryption.

While it's technically possible to run a single service with some scripting magic to switch between the two, this was by far the easiest and most reliable way.

2. Set up x11vnc

Set a password

sudo x11vnc -storepasswd [YOUR VNC PASSWORD] /etc/x11vnc.passwd

Create systemd service

To run x11vnc on system start, we need to update the service with our authentication settings, create a file under /etc/systemd/system/x11vnc.service.d/override.conf with the following content:

# /etc/systemd/system/x11vnc.service.d/override.conf
[Service]
ExecStart=
ExecStart=/bin/bash -c "/usr/bin/x11vnc -auth /var/run/sddm/* -display :0 -forever -noxdamage -repeat -ssl -shared -rfbauth /etc/x11vnc.passwd"
Restart=always
RestartSec=2

[Install]
WantedBy=multi-user.target

⚠️ It's important not to set the -loop flag so that restarting is handled by systemd, this ensures that x11vnc is always started with the right MIT-MAGIC-COOKIE from sddm (-auth) which changes on each session.

Enable x11vnc service

sudo systemctl enable --now x11vnc

3. Set up wayvnc

Generate certificates

These can be anywhere you want, I recommend placing them on the wayvnc config directory ~/.config/wayvnc/

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
	-keyout key.pem -out cert.pem -subj /CN=localhost \
	-addext subjectAltName=DNS:localhost,DNS:localhost,IP:127.0.0.1

Wayvnc config

Create a file at $HOME/.config/wayvnc/config (Replace $USER with your username)

address=0.0.0.0
port=5901  # By default, x11vnc runs on port 5900, so we'll be starting wayvnc on 5901
enable_auth=true
username=folf
password=*********
private_key_file=/home/$USER/.config/wayvnc/key.pem
certificate_file=/home/$USER/.config/wayvnc/cert.pem

Enable the wayvnc service

❯ systemctl enable --user --now wayvnc

That's it. You will need to set up two separate connections on your client (port 5900 and 5901). The x11vnc connection will show a black screen whenever a session is active. It's safe to directly port forward these services, as both are encrypted and password protected, but connecting through an SSH tunnel is still recommended.

Sources

https://wiki.archlinux.org/title/x11vnc https://github.com/any1/wayvnc https://askubuntu.com/questions/1105598/x11vnc-sddm-systemd-service

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment