Added x11vnc and fedora. UNTESTED

This commit is contained in:
ctrlaltf24 2021-03-25 15:54:26 -07:00
parent 4e2a888bf1
commit 2e5b69569c
No known key found for this signature in database
GPG Key ID: F7E614D38BE5C4CA

View File

@ -2,11 +2,23 @@
How to Share A Screen Across Qubes How to Share A Screen Across Qubes
================================== ==================================
> Warning:
> This guide involves opening up a TCP port between qubes. This is discouraged from the security standpoint and should only be used as a last resort, use sparingly.
## Terminology
PRESENTATION-QUBE is the Qube you want to view the screen from
CONTENT-QUBE is the Qube that has the window you want to share
## Setup The Shared Screen Server ## Setup The Shared Screen Server
In the Qube you want to want to share a screen from (referred to the Content Qube) execute these commands: Choose one of these sub-sections depending on whether you want to open a new screen (increased isolation), or use an existing monitor or screen.
1. Install packages `sudo apt install -y xfwm4 tigervnc-standalone-server tigervnc-viewer` ### If You Want To Share a New Screen
In the Content Qube:
1. Install packages `sudo apt install -y xfwm4 tigervnc-standalone-server tigervnc-viewer` or `sudo dnf install -y xfwm4 tigervnc-server tigervnc`
2. Start the server `vncserver :10 -xstartup /usr/bin/xfwm4 -geometry 1920x1080 -localhost no` 2. Start the server `vncserver :10 -xstartup /usr/bin/xfwm4 -geometry 1920x1080 -localhost no`
@ -16,27 +28,61 @@ In the Qube you want to want to share a screen from (referred to the Content Qub
2. Enter one password for read/write (first password and verify prompt) 2. Enter one password for read/write (first password and verify prompt)
3. Enter a different password for the view only password (second password and verify prompt) 3. (recommended) Enter a different password for the view only password (second password and verify prompt)
3. View the shared screen `xtigervncviewer -passwd /home/user/.vnc/passwd :10` 3. View the shared screen `vncviewer -passwd /home/user/.vnc/passwd :10`
4. Open applications `DISPLAY=:10 xterm` where xterm can be any binary on your system 4. Open applications `DISPLAY=:10 xterm` where xterm can be any binary on your system
## If You Want To Share an Existing Monitor or Window
In the Content Qube:
1. Install packages `sudo apt install -y xfwm4 x11vnc x11-utils` or `sudo dnf install -y xfwm4 x11vnc xwininfo`
2. Start the server
1. If you want to share a window `x11vnc -rfbport 5910 -clip 1920x1080+0+0 -storepassword`
- Replace `1920x1080+0+0` with the resolution and offset of the screen area you want to share. The origin for linux monitors is in the top left, increasing down and to the right.
- Use `xrandr --listactivemonitors` in Dom0 to get a list of all monitors and their offsets. That command returns in the form `W/_xH/_+X+Y`. For example to share DP-1, with xrandr output of ` 0: +DP-1 1920/510x1080/287+1280+0 DP-1`, 1920x1080+1280+0 would share just that screen.
- `arandr` is a useful graphical tool to show where all the monitors are in relation to each other.
2. If you want to share a monitor `x11vnc -rfbport 5910 -id pick -storepassword`
- This uses the `xwininfo` (or `x11-utils`o on debian) package installed earlier to get the numerical id of the next window you click on.
3. Enter passwords when prompted
1. You can generate secure enough passwords for this purpose using `openssl rand -base64 16 | tr -d '+/=' | head -c 8;echo`
2. Enter one password for read/write (first password and verify prompt)
3. Enter a different password for the view only password (second password and verify prompt)
3. View the shared screen like normal
4. Open applications like normal
## Qubes Connect TCP Service ## Qubes Connect TCP Service
These steps are a simpler version of [The Qubes Firewall](https://www.qubes-os.org/doc/firewall/#opening-a-single-tcp-port-to-other-network-isolated-qube). In dom0 execute these steps: These steps are a simpler version of [The Qubes Firewall](https://www.qubes-os.org/doc/firewall/#opening-a-single-tcp-port-to-other-network-isolated-qube). In dom0 execute these steps:
1. Edit /etc/qubes-rpc/policy/qubes.ConnectTCP 1. Edit /etc/qubes-rpc/policy/qubes.ConnectTCP
2. Add the line: `PRESENTATION-QUBE @default ask,target=CONTENT-QUBE` 2. Add the line: `<PRESENTATION-QUBE> @default ask,target=<CONTENT-QUBE>`
- Where PRESENTATION-QUBE is the Qube you want to view the screen from - (recommended) By specifying `ask`, dom0 will ask each time a connection is attempted on that port
- Where CONTENT-QUBE is the Qube that has the window you want to share - (not recommended) Rather than specifying `ask` you can use `allow` to allow all connections without a prompt, this leaves you unaware of new attempted connections.
3. After you are done sharing you screen, remove this line to prevent further unwanted connections
## View The Shared Screen ## View The Shared Screen
In the Qube you want to view the shared screen from (referred to the Presentation Qube): In the Presentation Qube:
1. Install package `sudo apt install -y tigervnc-viewer` 1. Install package `sudo apt install -y tigervnc-viewer`
@ -59,7 +105,3 @@ In the Content Qube interact with the shared screen, the changes will be mirrore
- To reset the VNC password delete `/home/user/.vnc/passwd` in the Content Qube - To reset the VNC password delete `/home/user/.vnc/passwd` in the Content Qube
- The Content Qube does not need to have access to the internet - The Content Qube does not need to have access to the internet
- Opening up a TCP port between Qubes Should only be used as a last resort, use sparingly.
- After you are done, remove the line you added in `/etc/qubes-rpc/policy/qubes.ConnectTCP`