How do you setup VcXSrv.exe on Windows 10 to work with WSL2 without disabling access control? Every description on the internet shows to disable the access control, but this allows any program on the local network to log your keystrokes and mouse movements among other things.
How to Setup VcXSrv for use with WSL2
Asked Answered
This also worked fine in Windows 11 with some very tiny tweaking –
Bagpipes
Rather than disabling access control on VcXSrv, you should use the .Xauthority file to share keys between your X11 clients and the VcXSrv X11 server. The .Xauthority contains a collection of authorization keys indexed by the DISPLAY . You'll need to setup this file with a key for your particular Windows host and share that file between the VcXSrv and your X11 clients running on your WSL2 distro. To setup this, follow these steps:
Run your WSL2 distro (Assuming this is a debian based one) and install xauth, md5sum and gawk or awk. We'll also install some X11 client to test our setup. In this case, we'll install gnome-terminal but you can install something else if you want. On an Ubuntu distro, you can do:
sudo apt install -y xauth coreutils gawk gnome-terminal
xauth list # this should be an empty list
magiccookie=$(echo '{some-pass-phrase}'|tr -d '\n\r'|md5sum|gawk '{print $1}')
xauth add host.docker.internal:0 . $magiccookie
cp ~/.Xauthority /mnt/c/Users/{WindowsUserName}
Add the following to either your ~/.bashrc in your WSL2 distro home dir
export DISPLAY=host.docker.internal:0
We need to create either an XLaunch configuration file (i.e. config.xlaunch ) or a shortcut to VcXSrv.exe with the desired command line args. XLaunch is a simple launcher that assists in setting up the arguments and in turn calls vcxsrv.exe. We'll ignore using XLaunch and just create our own shortcut with the appropriate arguments. We want to run VcXSrv.exe with these args:
vcxsrv.exe -multiwindow -clipboard -wgl -auth {.XAuthority file} -logfile {A Log file} -logverbose {int log level}
From above, we copied the .Xauthority file to /mnt/c/Users/{WindowsUserName}/.Xauthority which means our desired command line is:
vcxsrv.exe -multiwindow -clipboard -wgl -auth "c:\users\{WindowsUserName}\.Xauthority" -logfile "c:\users\{WindowsUserName}\VcXSrv.log" -logverbose 5
Feel free to omit the logfile and logverbose options if you're not debugging any issues. So you can just do:
vcxsrv.exe -multiwindow -clipboard -wgl -auth "c:\users\{WindowsUserName}\.Xauthority"
Remember to replace {WindowsUserName} with the name of your folder under c:\Users.
To create the shortcut, navigate to where VcXSrv.exe is installed. The default location of this is
C:\Program Files\VcXSrv\VcXSrv.exe
In the explorer file window, right click on the VcXSrv.exe and click "Create Shortcut" . This will create a shortcut on your desktop.
Right click over the created shortcut icon, and select properties.
In the Shortcut tab, append the arguments above after the executable . It should look something like:
"C:\Program Files\VcXSrv\VcXSrv.exe" -multiwindow -clipboard -wgl -auth "c:\users\{WindowsUserName}\.Xauthority"
In the General tab of the Properties dialog, change the name to be "VcXSrv with XAuthority".
Click ok.
Now you can start the X11 server by double clicking on the shortcut.
If you wish to have the X11 server started at startup, follow the instructions here: https://support.microsoft.com/en-us/windows/add-an-app-to-run-automatically-at-startup-in-windows-10-150da165-dcd9-7230-517b-cf3c295d89dd
Now back in the WSL distro terminal, you should be able to run the gnome-terminal or other X11 client and have it display securely on the VcXSrv X11 server running on the Windows host.
export DISPLAY=host.docker.internal:0
gnome-terminal
This should result in the gnome-terminal being displayed on your X11 Server. Further, the xauthority file will be used to allow only authorized clients to connect to your X11 server.
I don't have enough reputation points to answer #61111103 –
Stettin
Works nicely - I just edited one missing "." on the xauth add command, per @drcyclotron's answer/comment below –
Martensite
Something odd happened. After rebooting and some upgrades to my system, I couldn't connect:
Authorization required, but no authorization protocol specified when I launched an X program. When I ran xauth list I see that there's no longer an entry for host.docker.internal:0, but rather it's an entry for $HOSTNAME:0 (where $HOSTNAME is my PC's name). I re-did the steps from xauth add ... and it's working again. Not sure how it happened... –
Martensite Thank you so much for this answer! For me the key was not using the IP and instead using
host.docker.internal. @Stettin Your writeup of this answer is superb! A real time saver, especially the breakdown of param requirements, that helped me get going quick, and later make the shortcut. Thank you! –
Bagpipes You may want
export LIBGL_ALWAYS_INDIRECT=1 to ~/.bashrc for slightly better performance –
Hejaz I tried with access control but it seems the
.Xauthority file was invalidated with each reboot probably due to the dynamic IP address. –
Mccaskill Unfortunately,
host.docker.internal doesn't work for me with 22621.457. I get the message xauth: (argv):1: bad display name "host.docker.internal:0" in "add" command when I try to add it. –
Informant @ChrisCharabaruk it's because you dont have docker desktop installed, instead:
xauth add "$(grep "nameserver" /etc/resolv.conf | awk '{print $2}'):0" . $magiccookie' –
Jun I only seem to be getting this error:
# Error constructing proxy for org.gnome.Terminal:/org/gnome/Terminal/Factory0: Error spawning command line “dbus-launch --autolaunch=42ccda32846b42e3ba2b86267338236b --binary-syntax --close-stderr”: Child process exited with code 1 when running gnome-terminal –
Aerophagia A) Had Docker Desktop running and still got "export:
host.docker.internal:0': not a valid identifier" B) how long does it take gnome-terminal` to actually come up? It appears to just hang. :( –
Cunctation This worked for me; Updating the WSL with wsl --update and restarting WSL with wsl --shutdown that will force the WSL to restart and after the update to check run the following command:
echo $DISPLAYyou will have this value:0xhost +you will see
access control disabled, clients can connect from any host
if you still experience problems restart your windows and try again. you can go through this github trend on this issue to learn more.
© 2022 - 2024 — McMap. All rights reserved.