This page describes how to set up a persistent X session that allows for disconnecting and reconnecting without losing your work.

I use my Mac loptop (Powerbook G4) a LOT. I carry it between home and work every day. I read all of my email using Mail.app, browse with Safari, use the Calendar and Address book and for "real" work, I ssh into my linux desktop. If I need to run something graphical (e.g. a web browser or xemacs), I use the Mac's X server and run X clients on my linux box and display them back to my Mac. This all works great and I love the setup. However, when I leave work and disconnect from the network, my ssh sessions die and I lose all of my command history, and all of my X clients disappear. When I get home and reconnect my laptop to my home network, I have to reconstruct my whole environment. Then I disconnect from my network at home and go in to work and have to do it all over again. This start-up is a real pain.

What I really want is a way to disconnect when I leave work and reconnect when I get home and have everything be right where it was when I last used it. There are many ways that this can be done. My first attempt used the 'screen' command to create persistent shell sessions. This worked fine, but I still had the problem of window placement. I solved this with xterm's -geometry command-line argument and some Apple Script hacking. But it still didn't do everything I wanted. For example, I couldn't run an xemacs or any other gui-based program that persisted between disconnects.

Yesterday, I saw this hint on Mac OS X Hints.It didn't do exactly what I wanted, but it was close. I started looking into VNC and discovered a relatively simple solution. Basically, I create a virtual X session on my Linux box at work and then just connect and disconnect to it whenever I want. It is pretty simple. Anyway, I thought I'd describe what I found, just in case there are others out there who aren't aware of this handy little trick.

On your host computer (Linux box named 'alfalfa', in my case), you need to run the VNC server. To do this you run the vncserver command, which is really just a wrapper script around Xvnc. This will prompt you for a password and then save the password into a file in your home directory (~/.vnc/passwd). The file will be read-able and write-able by you only. Here are the results of running vncserver on my machine:

alfalfa(~)106 >vncserver -localhost -NeverShared

You will require a password to access your desktops.

Password:
Verify:

New 'alfalfa.ICSI.Berkeley.EDU:1 (wooters)' desktop is alfalfa.ICSI.Berkeley.EDU:1

Creating default startup script /n/banquet/da/wooters/.vnc/xstartup
Starting applications specified in /n/banquet/da/wooters/.vnc/xstartup
Log file is /n/banquet/da/wooters/.vnc/alfalfa.ICSI.Berkeley.EDU:1.log

By using the -localhost option (see Xvnc man page for a list of all of the options), you prevent any VNC connections from outside. That is, you will have to be logged into the local host (alfalfa in this case) to make a connection. This is a security precaution and will work just fine since we'll be tunneling the VNC connection to alfalfa anyway (see below.)

The -NeverShared option means that only one connection can be active at a time. It will refuse any new client connections if there is already a client connected. So, if someone did manage to log into your machine and they managed to figure out your VNC password, this will prevent them from connecting while you are connected.

Note that if you ever want to change the password, you can just run vncpasswd. You don't need to restart the server if you change the password since the server only looks at the password file when a connection is attempted.

Next, you need to create a secure tunnel from your remote machine (Mac laptop in my case) to the VNC host (alfalfa). There are many ways to create a secure tunnel. One simple way is to use ssh from a terminal window, like this:

wapple(~)102 >ssh -N -L 5901:localhost:5901 alfalfa.icsi.berkeley.edu

The -N tells ssh not to execute a remote command. The -L option tells ssh to set up the tunnel. In this case, we are forwarding port 5901 (the VNC port) of the Mac to port 5901 of the machine called 'localhost' on alfalfa.icsi.berkeley.edu. For more information about the combination of ssh and VNC see this page.

Alternative method of creating a secure tunnel:

You might have noticed that I didn't have to provide a password to log into alfalfa as would normally be required with ssh. The reason is that I'm running sshkeychain on my Mac. This is a handy utility that manages ssh keys and allows me to not have to type my password in each time I ssh into alfalfa. The sshkeychain utility also allows you to set up tunnels so that you won't have to use the above ssh command. (What actually happens is that sshkeychain runs this command for you.) Anyway, I highly recommend using sshkeychain.

Now we are ready to run the VNC viewer. For this, you will need a VNC client. There are many VNC clients available for the Mac. I am using VNCViewer which you can get here. Once you download and install VNCViewer, just start it and choose 'Display->Open...' (or ⌘-O) and you will get a window like this:

For the Hostname, you would just use 'localhost' since we are forwarding port 5901 over to the remote machine (alfalfa). You may want to change the display from '1' if you are running more than one VNC server. But probably you will just leave this at 1. So, just choose "OK". You will then be prompted for your VNC server password:

Now you just enter your password and choose "OK". After this, you should see a rooted X session something like this:

You will probably want to change the default X initialization that was created the first time you ran vncserver. To do this, you can just edit the file ~/.vnc/xstartup. In this file you can add whatever X clients you want to run and choose a different window manager, etc.

November 23, 2004: Initial version.