I love my Chromebook! Since I got it back in November, I've found a wealth of great cloud based apps. However, sometimes I wish I could have access to the software and files on my Linux desktop PC without having to sit at my desk or I don't have an acceptable free cloud based app to perform a certain task.
With this in mind, I went looking for a way to remote into my Linux desktop. Chrome Remote Desktop isn't an option because it requires someone to be sitting at the remote computer to grant access to it. If I'm working from somewhere other than home, this isn't an option. My next thought was that there’s an excellent VNC client available for Chrome from RealVNC, so why not setup a VNC server?
The Adventure Begins
It turns out that VNC server packages are not all created equal. Most VNC servers will connect you to the existing desktop session, which will work for some, but I'm looking to connect to my dual screen desktop (3200x1080 resolution) using a HP Chromebook 11 (1366x768 resolution) ... hardly ideal for any practical use. I needed to find a way to create a new desktop session at my Chromebook's native resolution.
What I ended up settling on after a few hours of online research, I came across a comparison of VNC systems. With this information, I decided to use TightVNC as my VNC server because it will indeed allow you to connect to a new desktop session other than the existing one. Installing TightVNC is easy enough. Most major distributions have it available in their package repositories (Debian, Ubuntu, Fedora, et. al.) If you connect to the system without any configuration you get a basic X session with a grey background and terminal window. Though basic, you have a working remote connection.
In anticipation of having to stop / restart VNC a number of times while setting things up, I created a couple of bash scripts for the task to save some typing.
Configuring The Desktop Session
My desktop is running XFCE and I was hoping to create another XFCE session to connect to. I configured the xstartup script that VNC uses to launch a XFCE session. After connecting and not getting a working session though, I discovered in the logs that "xfce4-session: Another session manager is already running". It seems you can't run two concurrent XFCE sessions at the same time. Not certain how other desktop environments will respond in this situation because I have not tested them, but be aware of this possibility.
After doing a little thinking, I decided to use Openbox as a window manager on the remote session due to it's lightweight nature. After installing it and configuring things, I connected and to find a working Openbox session. While it still needs to have some theming done and it's menu configured, I have a working desktop.
Security
While things are working completely satisfactorily for when I'm on my home network, If I'm working away from home and remoting back inside my traffic would be open to every Tom, Dick, and NSA to who wished to eavesdrop on it over the open internet. TightVNC is not able to do it's own encryption (the RealVNC Chrome app likes to remind you of this at least 3 times when you connect in hopes that you'll pay them for their improved version of VNC that is capable of doing so). I figured at this point my best bet was to handle encryption through a SSH tunnel. The question I had was, can you do SSH port forwarding of the VNC session to a Chromebook? It turns out you can indeed.
On the Google Chrome Web Store you will find a freely available Secure Shell App. At first I was a bit confused whether it could indeed do port forwarding due to some conflicting information in it's documentation, but after testing it myself I can assure you that it does indeed work. If you decided that you want to use the built in CROSH shell on the Chromebook, you can do port forwarding with it, but only between ports 8000 and 8999. If you plan to take this path, be aware that you'll have to reconfigure TightVNC to work within this port range. The last thing to do now was reconfigure TightVNC to only connect to connections from localhost instead of other computers.
Here's How You Do It
These instructions should work on Debian, Ubuntu, and their derivative distributions. Your mileage may vary.
Step 1 - Install Software
Open a terminal on your Linux computer and type in the following to install the necessary software:
sudo apt-get install tightvncserver ssh openbox -y
Next follow these links to install the necessary apps - Secure Shell and VNC Viewer - on your Chromebook.
Step 2 - Create Start / Stop Scripts
If you don't already have one already, create a bin directory in your home folder, then move into the directory.
mkdir ~/bin && cd ~/bin
Next we'll create two scripts (startvnc & stopvnc) inside of this directory for stopping and starting TightVNC. At the prompt type:
nano startvnc
Either type or copy & paste these lines into the editor.
#!/bin/bash
vncserver -nolisten tcp -depth 24 -geometry 1366x768 :1 -localhost
To save press [CTRL] + O. To exit press [CTRL] + X. This script starts VNC with 24 bit color depth at 1366x768 resolution on localhost display 1. Next create the stop script.
nano stopvnc
#!/bin/bash
vncserver -kill :1
After these files have been created, we need to make them executable and then return to the home directory.
chmod +x *vnc && cd ~
Step 3 - First Time Starting TightVNC
The first time that TightVNC runs, it will create the configuration files it needs and ask you to create and verify a password that you'll use in order to gain access to the computer when you remote into it. Be sure to pick a GOOD password. To do this, run the script we just created above.
bin/startvnc
After you've created your password stop VNC with the other script.
bin/stopvnc
Step 4 - Configure Xstartup Script
Now we need to setup what kind of session will run when we connect in via VNC. We do this with the “xstartup” file. It’s generally a good idea to make a backup of any configuration files like this before we make serious changes to them. First do this.
mv ~/.vnc/xstartup ~/.vnc/xstartup-backup
Then we'll create the new file.
nano ~/.vnc/xstartup
Enter the following into the script.
#!/bin/sh
exec openbox-session
We also need to make this file executable.
chmod +x ~/.vnc/xstartup
Step 5 - Start VNC & Verify The Port
Now that everything is configured, we need to start TightVNC using our script.
bin/startvnc
Once it’s started, we want to be certain that VNC is listening on the proper port. To do this type at the prompt (note the default port is 5901):
netstat -nl | grep 5901
If everything is working properly, TightVNC will be listening on 127.0.0.1:5901.
Step 6 - Firewall Ports
If you have a firewall and you don't already have port 22 forwarded from your firewall to your computer, you'll need to make sure to do so or else you will not be able to connect to your computer via SSH from outside of your network. Seeing as there are various manufacturers of router/firewall devices, you'll have to find directions on how to do so for your specific device.
Step 7 - Connect To Desktop Via SSH With Port Forwarding
Now that everything is installed and configured, we're ready to connect. It’s important to note that even on your internal network, the only way to connect to VNC on your desktop is to either be using the desktop itself, or through port forwarding as we're about to do. Also note, that you should determine what your public facing IP address is and use it below. If you do not know what it is, you can still test it using your internal IP address, but you will need the public IP in order to gain access from the outside world.
Open up the Secure Shell app on your Chromebook. Enter your connection information as detailed in the image below, replacing the username and IP address shown with your own username and IP address, and then click Connect.
At this point, you'll be connected to your desktop computer via SSH and prompted for your password. We already have started VNC, but if you were connecting from the outside world, you might not have it running at all times. You could launch it using your script at this point, if needed.
Step 8 - Connect To VNC Server Through SSH Tunnel
Now to connect to our remote X11 session, open up the VNC Viewer app on the Chromebook and enter in the following address then click Connect:
If all is successful, you'll be asked for the password you set earlier for TightVNC. After supplying the password you’ll be presented with your Openbox session on your desktop computer. You should be able to use the Openbox menu (right click) to launch a terminal window on the session that will allow you to launch other applications – until you configure the Openbox menu and other settings as you wish.
Closing Thoughts
So now you're ready to go! From your Chromebook, you can connect via secure shell with port forwarding to your Linux desktop computer, start TightVNC using the script we created. Then you connect to your PC via VNC Viewer through the encrypted SSH tunnel. When you're finished, you can close out the VNC connection and then run the stopvnc script to close out the Openbox session that's running. Finally, when you're finished just disconnect from your secure shell connection.
I hope this how-to helps somebody. I know that this isn't likely to be an in-demand thing to be able to do, but I know that I certainly could have used a post like this myself to help save me a lot of time. Now that I know how to set this up, I've actually got some ideas for creating another session to connect to with my Android phone to check on system stats. Maybe even set it up to control Pithos (Pandora client) for when I'm using my PC to stream music. It has my gears spinning.
