Xvfb is an in-memory display server commonly used to execute programs that require a UI in a server which does not have a screen output. Using Xvfb is very convenient when your automated tests are executed in a remote server and orchestrated by a Continuous Integration system.
While having a VNC server running in production instances is not always a great idea due to the potential security flaws, opening port 5900 on this server to allow external connections sounds even worse. This post will guide you through the steps required to access a remote VNC server via an SSH tunnel, without opening any additional ports.
Assuming that Xvfb is already running in your server and the display has been exported to :99, the next step is to install x11vnc:
sudo yum install -y x11vnc
IMPORTANT: Connections to remote x11vnc servers are not password protected by default which leaves your server accessible to potential attackers. Make sure x11vcn is always started with the argument ‘-rfbauth ‘.
We will now establish the tunnel to access the x11vnc server through SSH. This needs to be done in your workstation:
ssh -i [SSH key] -l [username] -L 5900:localhost:5900 [server hostname] ‘x11vnc -display :99 -localhost -rfbauth [VNC server password file]’
You are now ready to access your remote server screen by using a VNC client in your workstation and connecting to localhost:5900