Starting a fully-permissioned X-session over SSH?

chrabyrd · 2018-10-19 19:08:04

Hi all!

I have a remote machine (htpc) that's connected to a TV 100% of the time. I gain access to it over ssh/vnc. I'm currently running the two VNC servers supplied in the TigerVNC package, `vncserver` and `x0vncserver`. I'm not running any display managers, just using xinit to run xfce4. `x0vncserver` allows control over the current session, and for it to run correctly the remote machine needs an instance of Xorg (but let's say xfce for practical purposes) up and running. My goal is to be able to interact with the physical box (via attached keyboard and mouse) as absolutely as little as possible, which means being able to bring up a fully-permissioned Xorg + XFCE session over SSH. The user account that I'm using has all the same system permissions as root.

Right now `/etc/X11/Xwrapper.config` looks like:

allowed_users=anybody
needs_root_rights=yes

which allows me to run `startx` over SSH and have an instance of XFCE start on display :0 (the connected tv). Unfortunately, the permissions for HDMI audio and bluetooth seemed to be revoked. However I can run `sudo startx` and have an instance of XFCE start (logged in as root instead of the ssh'd user) with all the correct permissions. Strangely enough, if I run `sudo -u <USERNAME> startx` the XFCE instance has revoked permissions again.

An alternative approach I've tried is starting both Xorg and XFCE as systemd services. I'm able to get both services up and running but instead of an XFCE instance I'm met with a black screen (however, I'm able to access it via x0vncserver). If this is a better path I'd be happy to post relevant troubleshooting info.

Or if anyone else has an idea I'm all ears! The one thing I can't do is automatic login / autostart x for security reasons.

Thanks for the help guys :-)

kokoko3k · 2018-10-19 19:47:23

You can use:
https://wiki.archlinux.org/index.php/Ge … al_console
...plus:
https://wiki.archlinux.org/index.php/Xi … X_at_login

chrabyrd · 2018-10-19 20:01:40

@kokoko3k

Not quite

Or if anyone else has an idea I'm all ears! The one thing I can't do is automatic login / autostart x for security reasons.

kokoko3k · 2018-10-21 07:46:08

Ok, missed that part, but still, you don't need a full fladged autologin;
The following is a bit hackish, I think it kinda exploits systemd logind service, and probably there are better ways to tell systemd to treat you as a local user even if you login via ssh; anyway:

1 - Do as i said in the previous post; make sure autologin works and startx works after autologin.
2 - Disable the getty service on the tty so you disable autologin:

#> systemctl disable getty@tty1

3 - Via ssh, do:

#> systemctl start getty@tty1

...that will actually start (or stop) the xorg session;
It may be convenient to use an "higher" tty, so that you still have the classic login prompt at boot

It works for me, but i tested it on an old system:

netbook kokonicki # pacman -Q systemd xorg-server linux xf86-video-intel
systemd 229-3
xorg-server 1.18.4-1
linux 4.4.5-1
xf86-video-intel 1:2.99.917+746+g169c74f-1

I hope it works for you too.

-EDIT-
Oh, the thread title is misleading, it makes people think you want to run an ssh tunnelled Xorg session.
I'd change it from "over ssh" to "via ssh"

Last edited by kokoko3k (2018-10-21 07:58:41)

Arch Linux

#1 2018-10-19 19:08:04

Starting a fully-permissioned X-session over SSH?

#2 2018-10-19 19:47:23

Re: Starting a fully-permissioned X-session over SSH?

#3 2018-10-19 20:01:40

Re: Starting a fully-permissioned X-session over SSH?

#4 2018-10-21 07:46:08

Re: Starting a fully-permissioned X-session over SSH?

Board footer