2021-03-23 00:15:32 +00:00
How to Share A Screen Across Qubes
==================================
2021-03-25 22:54:26 +00:00
> Warning:
> This guide involves opening up a TCP port between qubes. This is discouraged from the security standpoint and should only be used as a last resort, use sparingly.
## Terminology
PRESENTATION-QUBE is the Qube you want to view the screen from
CONTENT-QUBE is the Qube that has the window you want to share
2021-03-23 00:15:32 +00:00
## Setup The Shared Screen Server
2021-03-25 22:54:26 +00:00
Choose one of these sub-sections depending on whether you want to open a new screen (increased isolation), or use an existing monitor or screen.
### If You Want To Share a New Screen
2021-03-23 00:15:32 +00:00
2021-03-25 22:54:26 +00:00
In the Content Qube:
2021-04-07 17:21:47 +00:00
1. Install packages `sudo apt install xfwm4 tigervnc-standalone-server tigervnc-viewer` or `sudo dnf install xfwm4 tigervnc-server tigervnc`
2021-03-23 00:15:32 +00:00
2021-04-07 17:21:47 +00:00
2. Enter the password by executing `vncpasswd`
1. You can generate secure enough passwords for this purpose using `openssl rand -base64 16 | tr -d '+/=' | head -c 8;echo`
2. Enter one password for read/write (first password and verify prompt)
3. Enter a different password for the view only password (second password and verify prompt)
2021-04-07 17:43:46 +00:00
3. Start the server `vncserver :1 -xstartup /usr/bin/xfwm4 -geometry 1920x1080 -localhost no`
2021-03-23 00:15:32 +00:00
2021-04-07 17:43:46 +00:00
4. View the shared screen `vncviewer -passwd ~/.vnc/passwd :1`
2021-03-23 00:15:32 +00:00
2021-04-07 17:43:46 +00:00
5. Open applications `DISPLAY=:1 xterm` where xterm can be any binary on your system
2021-03-23 00:15:32 +00:00
2021-03-25 22:54:26 +00:00
## If You Want To Share an Existing Monitor or Window
In the Content Qube:
2021-04-07 17:21:47 +00:00
1. Install packages `sudo apt install xfwm4 x11vnc x11-utils` or `sudo dnf install xfwm4 x11vnc xwininfo`
2021-03-25 22:54:26 +00:00
2021-04-07 17:21:47 +00:00
2. Enter the password by executing `x11vnc -storepasswd`
1. You can generate secure enough passwords for this purpose using `openssl rand -base64 16 | tr -d '+/=' | head -c 8;echo`
3. Start the server
2021-03-25 22:54:26 +00:00
2021-04-07 17:43:46 +00:00
1. If you want to share a window `x11vnc -viewonly -rfbauth ~/.vnc/passwd -rfbport 5901 -clip 1920x1080+0+0`
2021-03-25 22:54:26 +00:00
2021-04-07 17:21:47 +00:00
- Replace `1920x1080+0+0` with the resolution (e.g. `1920x1080` ) and offset (e.g. `+0+0` ) of the screen area you want to share. The coordinates 0,0 are in the top left, increasing down and to the right.
2021-03-25 22:54:26 +00:00
- Use `xrandr --listactivemonitors` in Dom0 to get a list of all monitors and their offsets. That command returns in the form `W/_xH/_+X+Y` . For example to share DP-1, with xrandr output of ` 0: +DP-1 1920/510x1080/287+1280+0 DP-1` , 1920x1080+1280+0 would share just that screen.
- `arandr` is a useful graphical tool to show where all the monitors are in relation to each other.
2021-04-07 17:21:47 +00:00
2. If you want to share a monitor `x11vnc -viewonly -rfbauth ~/.vnc/passwd -rfbport 5901 -id pick`
2021-03-25 22:54:26 +00:00
2021-04-07 17:21:47 +00:00
- This retrieves the numerical id of the next window you click on.
2021-03-25 22:54:26 +00:00
2021-04-07 17:21:47 +00:00
3. If you want to share all the monitors use `x11vnc -viewonly -rfbauth ~/.vnc/passwd -rfbport 5901`
2021-03-25 22:54:26 +00:00
2021-04-07 17:21:47 +00:00
4. View the shared screen as specified in "View The Shared Screen"
2021-03-25 22:54:26 +00:00
2021-04-07 17:21:47 +00:00
5. Open applications like normal
2021-03-25 22:54:26 +00:00
2021-03-23 00:15:32 +00:00
## Qubes Connect TCP Service
These steps are a simpler version of [The Qubes Firewall ](https://www.qubes-os.org/doc/firewall/#opening-a-single-tcp-port-to-other-network-isolated-qube ). In dom0 execute these steps:
1. Edit /etc/qubes-rpc/policy/qubes.ConnectTCP
2021-03-25 22:54:26 +00:00
2. Add the line: `<PRESENTATION-QUBE> @default ask,target=<CONTENT-QUBE>`
2021-03-23 00:15:32 +00:00
2021-03-25 22:54:26 +00:00
- (recommended) By specifying `ask` , dom0 will ask each time a connection is attempted on that port
2021-03-23 00:15:32 +00:00
2021-03-25 22:54:26 +00:00
- (not recommended) Rather than specifying `ask` you can use `allow` to allow all connections without a prompt, this leaves you unaware of new attempted connections.
3. After you are done sharing you screen, remove this line to prevent further unwanted connections
2021-03-23 00:15:32 +00:00
## View The Shared Screen
2021-03-25 22:54:26 +00:00
In the Presentation Qube:
2021-03-23 00:15:32 +00:00
1. Install package `sudo apt install -y tigervnc-viewer`
2021-04-07 17:21:47 +00:00
2. Bind TCP port using Qubes Connect TCP service `qvm-connect-tcp ::5901`
2021-03-23 00:15:32 +00:00
2021-04-07 17:21:47 +00:00
3. Start the VNC Viewer `vncviewer -Shared -ViewOnly -RemoteResize=0 -SendPrimary=0 -SendClipboard=0 -SetPrimary=0 127.0.0.1:5901`
2021-03-23 00:15:32 +00:00
4. Confirm that you want to connect to the Presentation Qube in the dom0 prompt
2021-04-07 17:21:47 +00:00
5. Enter password for the VNC server you created above
2021-03-23 00:15:32 +00:00
6. In your presentation software share the VNC viewer
## Present
In the Content Qube interact with the shared screen, the changes will be mirrored back to your Presentation Qube.
## Notes
2021-04-07 17:21:47 +00:00
- To reset the VNC password delete `~/.vnc/passwd` in the Content Qube
2021-03-23 00:15:32 +00:00
2021-03-25 22:54:26 +00:00
- The Content Qube does not need to have access to the internet
