I have setup a very basic Debian build (I used the image with MATE). Basically, I have done nothing on this server but:
- Installed TimeShift and taken a snapshot immediately on install completion.
- Then, added my user 'boss' to the sudoers group.
- Neither iptables or ufw are installed. I then try to install SSH, VNC, XRDP:
sudo apt update && sudo apt upgrade -y
sudo apt install -y openssh-server xrdp tightvncserver
# SSH
sudo systemctl enable ssh
sudo systemctl start ssh
# XRDP
echo "mate-session" > ~/.xsession
sudo systemctl restart xrdp
sudo systemctl enable xrdp
# VNC
vncpasswd
# I set simplistic passwords: 00000000 for full access, and 11111111 for view-only.
# Kill and configure TightVNC session
# Create the xstartup
echo "#!/bin/sh" > ~/.vnc/xstartup
echo "export XDG_SESSION_TYPE=x11" >> ~/.vnc/xstartup
echo "mate-session &" >> ~/.vnc/xstartup
chmod +x ~/.vnc/xstartup
vncserver -kill :1
vncserver :1
I try to connect from Windows using TightVNC client to the Debian system and get error
Error in TightVNC Viewer: No connection could be made because the target machine actively refused it
$ ps aux | grep vnc
boss 60787 2.1 0.2 12432 9892 ? S 10:13 0:59 Xtightvnc :1 -desktop X -auth /home/boss/.Xauthority -geometry 1024x768 -depth 24 -rfbwait 120000 -rfbauth /home/boss/.vnc/passwd -rfbport 5901 -fp /usr/share/fonts/X11/misc/,/usr/share/fonts/X11/Type1/,/usr/share/fonts/X11/75dpi/,/usr/share/fonts/X11/100dpi/ -co /etc/X11/rgb
boss 160972 0.0 0.0 6332 2012 pts/0 S+ 11:01 0:00 grep vnc
$ netstat -tuln | grep 590
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
I can get a new error Authentication reason: Authentication failed maybe this was due to restarting VNC or when I completely removed the vncpasswd file and regenerated it.
I have setup /etc/ssh/sshd_config
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
and sudo systemctl restart ssh
Around here, I can get a screen being drawn, but with the error Could not acquire name on session bus
I've tried things like:
export DISPLAY=:1
export XAUTHORITY=$HOME/.Xauthority
rm ~/.Xauthority
xauth generate :1 . trusted
I have found that with xterm, I can get a connection, i.e. xstartup with:
export XDG_SESSION_TYPE=x11
export XAUTHORITY=$HOME/.Xauthority
export DISPLAY=:1
xterm &
This is the most that I have achieved. Some other things tried:
boss@hp2:~/.vnc$ ls -l ~/.Xauthority -rw------- 1 boss boss 146 Dec 2 08:16 /home/boss/.Xauthority boss@hp2:~/.vnc$ xauth generate :1 . trusted xauth: (argv):1: couldn't query Security extension on display ":1" boss@hp2:~/.vnc$ xauth generate :0 . trusted Authorization required, but no authorization protocol specified xauth: (argv):1: unable to open display ":0". boss@hp2:~/.vnc$ xauth list hp2.WORKGROUP:1 MIT-MAGIC-COOKIE-1 a88caa26b603ed5c705c4ce7405e9709 hp2/unix:1 MIT-MAGIC-COOKIE-1 a88caa26b603ed5c705c4ce7405e9709 hp2/unix:10 MIT-MAGIC-COOKIE-1 b843b75c08de4094a345ce4e1f55d021 boss@hp2:~/.vnc$ cat ~/.Xauthority 1MIT-MAGIC-COOKIE-1&\p\L@^ hp21MIT-MAGIC-COOKIE-1&\p\L@^ hp210MIT-MAGIC-COOKIE-1C@ENU!boss@hp2:~/.vnc$ vi xstartup boss@hp2:~/.vnc$ cat xstartup #!/bin/sh export XDG_SESSION_TYPE=x11 export XAUTHORITY=$HOME/.Xauthority mate-session & boss@hp2:grep -e X11Forwarding -e X11UseLocalhost /etc/ssh/sshd_config
boss@hp2:~/.vnc$ !123 grep -e X11Forwarding -e X11UseLocalhost /etc/ssh/sshd_config X11Forwarding yes X11UseLocalhost yes # X11Forwarding no boss@hp2:~/.vnc$ sudo systemctl restart ssh [sudo] password for boss:
boss@hp2:~/.vnc$ export DISPLAY
boss@hp2:~/.vnc$ export DISPLAY=:1
boss@hp2:~/.vnc$ export XAUTHORITY
boss@hp2:~/.vnc$ export XAUTHORITY=$HOME/.Xauthority
boss@hp2:~/.vnc$ vncserver -kill :1
vncserver :1
Killing Xtightvnc process ID 5802
New 'X' desktop is hp2:1
Starting applications specified in /home/boss/.vnc/xstartup
Log file is /home/boss/.vnc/hp2:1.log
I've tried this that I found suggested online:
export XDG_SESSION_TYPE=x11
export XAUTHORITY=$HOME/.Xauthority
export DISPLAY=:1
# Start dbus if not already running
if ! pgrep -x "dbus-daemon" > /dev/null; then
eval "$(dbus-launch --sh-syntax)"
echo "DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS" >> ~/.dbus/Xdbus
echo "DBUS_SESSION_BUS_PID=$DBUS_SESSION_BUS_PID" >> ~/.dbus/Xdbus
fi
# Source dbus environment
if [ -f ~/.dbus/Xdbus ]; then
source ~/.dbus/Xdbus
fi
mate-session > ~/.vnc/mate-session.log &
Fails, same session dbus error as before, but I can get log info from that:
boss@hp2:~/.vnc$ cat hp2:1.log 02/12/24 10:13:35 Xvnc version TightVNC-1.3.10 02/12/24 10:13:35 Copyright (C) 2000-2009 TightVNC Group 02/12/24 10:13:35 Copyright (C) 1999 AT&T Laboratories Cambridge 02/12/24 10:13:35 All Rights Reserved. 02/12/24 10:13:35 See http://www.tightvnc.com/ for information on TightVNC 02/12/24 10:13:35 Desktop name 'X' (hp2:1) 02/12/24 10:13:35 Protocol versions supported: 3.3, 3.7, 3.8, 3.7t, 3.8t 02/12/24 10:13:35 Listening for VNC connections on TCP port 5901 mate-session-is-accelerated: No composite extension. mate-session-check-accelerated: GL Helper exited with code 256 mate-session-check-accelerated: GLES Helper exited with code 512 mate-session[60795]: WARNING: Failed to acquire org.gnome.SessionManager
02/12/24 10:13:55 Got connection from client 192.168.1.29 02/12/24 10:13:55 Using protocol version 3.8 02/12/24 10:13:55 Enabling TightVNC protocol extensions 02/12/24 10:13:58 View-only authentication passed by 192.168.1.29 02/12/24 10:13:58 Using tight encoding for client 192.168.1.29 02/12/24 10:13:58 rfbProcessClientNormalMessage: ignoring unknown encoding 16 02/12/24 10:13:58 Using image quality level 6 for client 192.168.1.29
02/12/24 10:13:58 rfbProcessClientNormalMessage: ignoring unknown encoding -223
02/12/24 10:13:58 Enabling LastRect protocol extension for client 192.168.1.29
02/12/24 10:13:58 Enabling cursor position updates for client 192.168.1.29
02/12/24 10:13:58 Enabling full-color cursor updates for client 192.168.1.29
02/12/24 10:14:03 Client 192.168.1.29 gone
02/12/24 10:14:03 Statistics:
02/12/24 10:14:03 key events received 1, pointer events 166
02/12/24 10:14:03 framebuffer updates 1, rectangles 18, bytes 5776
02/12/24 10:14:03 LastRect markers 1, bytes 12
02/12/24 10:14:03 cursor shape updates 1, bytes 1068
02/12/24 10:14:03 cursor position updates 1, bytes 12
02/12/24 10:14:03 tight rectangles 15, bytes 4684
02/12/24 10:14:03 raw bytes equivalent 3145740, compression ratio 671.592656
02/12/24 10:14:09 Got connection from client 192.168.1.29
02/12/24 10:14:09 Using protocol version 3.8
02/12/24 10:14:09 Enabling TightVNC protocol extensions
02/12/24 10:14:11 Full-control authentication passed by 192.168.1.29
02/12/24 10:14:11 Using tight encoding for client 192.168.1.29
02/12/24 10:14:11 rfbProcessClientNormalMessage: ignoring unknown encoding 16
02/12/24 10:14:11 Using image quality level 6 for client 192.168.1.29
02/12/24 10:14:11 rfbProcessClientNormalMessage: ignoring unknown encoding -223
02/12/24 10:14:11 Enabling LastRect protocol extension for client 192.168.1.29
02/12/24 10:14:11 Enabling cursor position updates for client 192.168.1.29
02/12/24 10:14:11 Enabling full-color cursor updates for client 192.168.1.29
mate-session[60795]: Gtk-CRITICAL: gtk_main_quit: assertion 'main_loops != NULL' failed
mate-session[60795]: WARNING: GSIdleMonitor: IDLETIME counter not found
mate-session[60795]: GLib-GObject-CRITICAL: Custom constructor for class GSIdleMonitor returned NULL (which is invalid). Please use GInitable instead.
discover_other_daemon: 1mate-session[60795]: WARNING: Unable to find provider '' of required component 'dock'
** (mate-settings-daemon:60815): WARNING **: 10:14:13.999: Failed to acquire org.mate.SettingsDaemon
** (mate-settings-daemon:60815): WARNING : 10:14:13.999: Could not acquire name
Window manager warning: Log level 128: unsetenv() is not thread-safe and should not be used after threads are created
Window manager warning: Log level 32: could not find XKB extension.
Cannot register the panel shell: there is already one running.
discover_other_daemon: 1discover_other_daemon: 1discover_other_daemon: 1Failure: Module initialization failed
Window manager warning: Missing composite extension required for compositing
(mate-volume-control-status-icon:60844): WARNING **: 10:14:14.798: Status icon is already running, exiting
** (light-locker:60856): ERROR **: 10:14:14.966: Environment variable XDG_SESSION_PATH not set. Is LightDM running?
** (mate-screensaver:60849): WARNING **: 10:14:15.305: screensaver already running in this session
(mate-power-manager:60852): PowerManager-ERROR **: 10:14:15.509: Error in dbus - GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Permission denied
This is the most basic configuration I can attempt with VNC, a completely bare Debian, freshly installed and updated and it's a flat fail on everything (except xterm!). Hopefully there is enough information here to indicate a solution for this. Am I missing some important components (but I would have thought that VNC would install critical components as dependencies)? Can anyone advise on how to fix this please?
