any1/wayvncPublic

NotificationsYou must be signed in to change notification settings
Fork74
Star1.3k

A VNC server for wlroots based Wayland compositors

License

ISC license

1.3k stars 74 forks Branches Tags Activity

Star

Notifications

You must be signed in to change notification settings

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 678 Commits
.builds		.builds
.github		.github
examples		examples
include		include
protocols		protocols
src		src
test		test
util		util
.gitignore		.gitignore
CONTRIBUTING.md		CONTRIBUTING.md
COPYING		COPYING
FAQ.md		FAQ.md
FUNDING.yml		FUNDING.yml
README.md		README.md
meson.build		meson.build
meson_options.txt		meson_options.txt
wayvnc.pam		wayvnc.pam
wayvnc.scd		wayvnc.scd
wayvncctl.scd		wayvncctl.scd

Repository files navigation

wayvnc

Introduction

This is a VNC server for wlroots-based Wayland compositors (:no_entry: Gnome,KDE and Weston arenot supported). It attaches to a running Wayland session,creates virtual input devices, and exposes a single display via the RFBprotocol. The Wayland session may be a headless one, so it is also possibleto run wayvnc without a physical display attached.

Please check theFAQ for answers to common questions. For furthersupport, join the #wayvnc IRC channel on libera.chat, or ask your questions on theGitHubdiscussion forum for theproject.

Building

Runtime Dependencies

aml
drm
gbm (optional)
libxkbcommon
neatvnc
pam (optional)
pixman
jansson

Build Dependencies

GCC
meson
ninja
pkg-config

For Arch Linux

pacman -S base-devel libglvnd libxkbcommon pixman gnutls jansson

For Fedora 37

dnf install -y meson gcc ninja-build pkg-config egl-wayland egl-wayland-devel \mesa-libEGL-devel mesa-libEGL libwayland-egl libglvnd-devel \libglvnd-core-devel libglvnd mesa-libGLES-devel mesa-libGLES \libxkbcommon-devel libxkbcommon libwayland-client \pam-devel pixman-devel libgbm-devel libdrm-devel scdoc \libavcodec-free-devel libavfilter-free-devel libavutil-free-devel \turbojpeg-develwayland-devel gnutls-devel jansson-devel

For Debian (unstable / testing)

apt build-dep wayvnc

For Ubuntu

apt install meson libdrm-dev libxkbcommon-dev libwlroots-dev libjansson-dev \libpam0g-dev libgnutls28-dev libavfilter-dev libavcodec-dev \libavutil-dev libturbojpeg0-dev scdoc

Additional build-time dependencies

The easiest way to satisfy the neatvnc and aml dependencies is to link to themin the subprojects directory:

git clone https://github.com/any1/wayvnc.gitgit clone https://github.com/any1/neatvnc.gitgit clone https://github.com/any1/aml.gitmkdir wayvnc/subprojectscd wayvnc/subprojectsln -s ../../neatvnc .ln -s ../../aml .cd -mkdir neatvnc/subprojectscd neatvnc/subprojectsln -s ../../aml .cd -

Configure and Build

meson buildninja -C build

To run the unit tests:

meson test -C build

To run theintegration tests:

./test/integration/integration.sh

Running

Wayvnc can be run from the build directory like so:

./build/wayvnc

☢️ The server only accepts connections from localhost by default. Toaccept connections via any interface, set the address to0.0.0.0 like this:

./build/wayvnc 0.0.0.0

⚠️ Do not do this on a public network or the internet withoutuser authentication enabled. The best way to protect your VNC connection is touse SSH tunneling while listening on localhost, but users can also beauthenticated when connecting to wayvnc.

Encryption & Authentication

VeNCrypt (TLS)

For TLS, you'll need a private X509 key and a certificate. A self-signed keywith a certificate can be generated like so:

cd ~/.config/wayvncopenssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -sha384 \-days 3650 -nodes -keyout tls_key.pem -out tls_cert.pem \-subj /CN=localhost \-addext subjectAltName=DNS:localhost,DNS:localhost,IP:127.0.0.1cd -

Replacelocalhost and127.0.0.1 in the command above with your public facinghost name and IP address, respectively, or just keep them as is if you'retesting locally.

Create a config with the authentication info and load it using the--configcommand line option or place it at the default location$HOME/.config/wayvnc/config.

use_relative_paths=trueaddress=0.0.0.0enable_auth=trueusername=luserpassword=p455w0rdprivate_key_file=tls_key.pemcertificate_file=tls_cert.pem

RSA-AES

The RSA-AES security type combines RSA with AES in EAX mode to provide secureauthentication and encryption that's resilient to eavesdropping and MITM. Itsmain weakness is that the user has to verify the server's credentials on firstuse. Thereafter, the client software should warn the user if the server'scredentials change. It's a Trust on First Use (TOFU) scheme as employed by SSH.

For the RSA-AES to be enabled, you need to generate an RSA key. This can beachieved like so:

ssh-keygen -m pem -f ~/.config/wayvnc/rsa_key.pem -t rsa -N ""

You also need to tell wayvnc where this file is located, by setting setting thersa_private_key_file configuration parameter:

use_relative_paths=trueaddress=0.0.0.0enable_auth=trueusername=luserpassword=p455w0rdrsa_private_key_file=rsa_key.pem

You may also add credentials for TLS in combination with RSA. The client willchoose.

wayvncctl control socket

To facilitate runtime interaction and control, wayvnc opens a unix domain socketat$XDG_RUNTIME_DIR/wayvncctl (or a fallback of /tmp/wayvncctl-$UID). Aclient can connect and exchange json-formatted IPC messages to query and controlthe running wayvnc instance.

Use thewayvncctl utility to interact with this control socket from thecommand line.

See thewayvnc(1) manpage for an in-depth description of the IPC protocol andthe available commands, andwayvncctl(1) for more on the command lineinterface.

There is also a handy event-loop mode that can be used to run commands whenvarious events occur in wayvnc. Seeexamples/event-watcher for more details.