johnb I know we have vnc and x2go and such client applications but I want to go fancier and also use native apps and protocols we have on our day to day systems.
Xorg was designed for a client-server use, and Xnest(1) is included in base for such a purpose. No need to rely on the ancient and insecure XDMCP proto, rather, you can encrypt the session through SSH.
First you'll need to instruct your server's sshd
to allow X11 port forwarding for the relevant user on more IPs than merely the loopback address; in order to do so, add this to your /etc/ssh/sshd_config
.
Match User <username>
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost no
# for modular Xorg uncomment the following line.
#XAuthLocation /usr/pkg/bin/xauth
Now you can connect to your server with X11 forwarding support by appending the -X
switch; from the client (you may also want set X11 forwarding to be a default setting in your ~/.ssh/config
):
# ssh -X $username@$host.$mydomain
Now you can run Xnest
on the server to launch a X session on a remote DISPLAY for the SSH client to use. Refer to the man page and have a look at the relevant Xnest line in my script below to understand the command's options.
At this point an empty Xnest window will be spawned on your client machine. You can send any GUI app to it by running it with the DISPLAY variable properly set (or by specifying it on the command line, e.g. xterm -display :1
).
Personally I resolve to a shell script to launch a remote desktop as I quickly got tired of doing it by hand:
#!/bin/sh
# quick way to launch Xnest to another display
display=:1
# define mcookie for xauth
MCOOKIE=$(mcookie)
# add xauth
xauth add localhost/unix$display . $MCOOKIE
# launch Xnest to IPCLIENT
Xnest -ac -geometry 800x600 -depth 24 $display &
Xnest_pid=$!
sleep 1
#export display to Xnest server
DISPLAY=$display; export DISPLAY
ENV=${HOME}/.profile; export ENV
vtwm &
kill $!
#remove all xauth key
xauth remove localhost/unix$display
exit 0
Below I have a Xnest session on my laptop (client) featuring my Rapsberry Pi3 (server); as you can see the result is quite pleasant and usable