Secure remote X server access with Chrome Remote Desktop

3 minute read Published: 2019-08-30

Let's imagine that, for reasons unknown, you are like me and wish to run a second X server on your machine that you can

Well, if so, do I have the pointless combination of technologies for you!

To be honest, there isn't much to it. If all you're looking for is secure remote access to your machine, Chrome Remote Desktop just does it for you. Better yet, you don't actually have to run Chrome to use it (you can use Chromium). Install the daemon and you're pretty much good to go.

The way that crd works on Linux is (very loosely) as follows:

  1. Start a new PulseAudio socket to have separate audio from the main session
  2. Set up authentication
  3. Launch a new X server using Xvfb
  4. Create a session on this server using what was just set up

From there, it magically connects everything through Google's Chrome and mobile apps. All of this is "open source", the executables crd ships with are just Python scripts that are under a BSD license of some sort. If you're interested in this stuff I definitely recommend giving it a look, it's seemingly well written.

I used this for a while for the incredibly important purpose of training my combat stats in RuneScape while walking to and from work, which led me to try and get around some of the default limitations. I could rant about all the different ways I manage to play this game without ever paying a lick of attention to it, but that's a blog for another day.

One major limitation is that through the regular access method (a browser) you can't connect to the machine you're currently on, which I promise can be useful sometimes. Since it's just Xvfb, first we need to find out what the X server display number is.

➜  ~ ps aux | grep Xvfb
Xvfb :20 -auth /home/ruscur/.Xauthority -nolisten tcp -noreset -screen 0 820x570x24

Here we can see that it's :20, which it seems like crd always uses, but better to check anyway. Next, we need a client and a server to actually connect to the thing. Yes, this means you could set up remote access both through Chrome as well as securing VNC, but personally I'd rather put the burden of securing that connection on Google rather than myself since I'm not particularly afraid of the deep state stealing my big stack of raw sharks.

Grab yourself x11vnc and a VNC client of choice, I use TigerVNC.

Run x11vnc -display :20 to set up the server which will run by default on port 5900, then run vncviewer localhost:5900 or use the GUI and you're set.

And just like that, I can live the dream. Let's say I have a game running. I'm in an instance and if I logged out I would lose it. I can use the client through TigerVNC on my desktop, and then continue it from the Chrome Remote Desktop app on my phone while I make tea or poo. All securely, and if you're on WiFi the quality is pretty damn good too.

What a time to be alive.