log in to a desktop manager using commands typed on a different tty

Question

Say a computer is booted to its desktop manager (SDDM, in this case) and you want to send a command over ssh to make that computer log in as a particular user as if they logged in with the keyboard at the computer. I'm not talking about X forwarding.

The computer in question is a Linux desktop that I allow my kids to use for controlled time periods. I have it set up so I can set time limits and lock and unlock sessions (using loginctl) using commands over ssh from my phone. In order for them to use the computer after boot, my wife or I have to first log in locally at the computer. Only then can we control screen lock. I don't know that loginctl can be used to start a user session--just to switch, lock, and terminate them.

This problem is the same as asking "what command can I type on tty2 to make SDDM on tty1 log in as a specific user on tty1" (or it would also be acceptable to log-in to KDE on another tty as long as focus changed to that tty automatically.) SSH is actually irrelevant, I guess. SSH is just the implementation of the technique that I need, which could also be done locally.

Answer 1

This question is probably related to:

Remotely start session on display :0 and Starting x11vnc remotely when X server is already running

For this answer, I will assume systemd as service manager, SDDM as desktop manager, and x11vnc as VNC server. For different resources, adaptation is not involved.

If you have booted your computer remotely, through wake-on-lan, for example, and have no physical access to your keyboard as to enter the user password on KDE's login screen, you will not be able to open the X display through SSH by simply starting a VNC session, such as

$ x11vnc --display $DISPLAY

The output of the command will be somehow verbose, but reading through it you will find something on the lines of

20/12/2019 19:32:35 *** XOpenDisplay failed ($DISPLAY) *** x11vnc was unable to open the X DISPLAY: "$DISPLAY", it cannot continue. *** 

because there is no X-session authenticated yet.

If we read further through the output, we will find

** If NO ONE is logged into an X session yet, but there is a greeter 
login program like "gdm", "kdm", "xdm", or "dtlogin" running, you
will need to find and use the raw display manager MIT-MAGIC-COOKIE 
file. Some examples for various display managers:

gdm: -auth /var/gdm/:0.Xauth -auth /var/lib/gdm/:0.Xauth
kdm: -auth /var/lib/kdm/A:0-crWk72
     -auth /var/run/xauth/A:0-crWk72
xdm: -auth /var/lib/xdm/authdir/authfiles/A:0-XQvaJk
dtlogin: -auth /var/dt/A:0-UgaaXa

That is what we need to do, find and use the raw display manager MIT-MAGIC-COOKIE file.

Along the output of

$ systemctl status sddm

we will find something like

CGroup: /system.slice/sddm.service
        |-650 /usr/bin/sddm
        `-660 /usr/lib/Xorg -nolisten tcp -auth /var/run/sddm/{$somelongstring} -background none -noreset -displayfd 17 -seat seat0 vt1

Simply fetch x11vnc the aforementioned cookie file,

# x11vnc --display $DISPLAY -auth /var/run/sddm/{$somelongstring}

Note that such operation needs to be executed as root.

Now you will have an X11 VNC server running on your machine, and will be able to unlock the greeter screen from a VNC connection through any device, which may be your smartphone as well.

Perhaps someone can come up with a simpler and/or easier solution, where SSH and VNC connections are not needed, and a line of command would suffice. This approach, however, is rather fast and should solve your problem.

For different service managers, desktop managers, and VNC servers, the commands here have to be adapted accordingly.

UPDATE:

Yesterday I was thinking about this question for some reason, and came across a different approach which might work.

The idea basically consists in ditching the desktop/login managers instead in authenticating from them, and starting X by yourself remotely.

Say your SSH server service is enabled in your desktop. From a remote machine (your phone), stop the desktop manager (SDDM, for example):

# systemctl stop sddm

Now let us suppose you have some other X initialization package installed, like xinit, where a command like startx would suffice. If you were running from a console,

$ startx

would start X according to your configuration files without any problem. I don't know about every Unix-like system, but, from my experience, startx will look after $HOME/.xinitrc or, if the file is nonexistent, /etc/X11/xinitrc, and the X server will start as expected.

Unfortunately, we're not in console, and when trying to run from another shell like the terminal emulator where we're sending commands via SSH, simply sending

$ startx

retrieves

/usr/lib/Xorg.wrap: Only console users are allowed to run the X server

On the other hand, root can initialize the X server remotely from secure shell via a terminal emulator. For instance,

# startx

initializes the X server as expected, following the configuration files from root's home (or /etc/X11/xinitrc, as aforementioned). This makes us think it is about permissions, and not inability to do so.

After a couple minutes of searching, I've stumbled across Error when trying to use Xorg: Only console users are allowed to run the X server?, SSH login shows Only console users are allowed to run the X server, both of which boil down to the same path, edit (or add and edit, if nonexistent) /etc/X11/Xwrapper.config to include the following lines

allowed_users=anybody
needs_root_rights=yes

which indeed allows the startx command to be run by a regular user from the terminal emulator.

A note:

Please verify if your Xresources file is loading accordingly. Remember to correctly add to xinitrc your desktop environment, window manager, xrdb command, and so on.

Relevant:

I am also considering another approach inspired in How to remotely log in with full graphical desktop over X11 but need to think about it a little more. It may serve as inspiration for further solutions and possibly a better or more suitable option.

Answer 2

I made this script several weeks ago and it has been working very well, so I'm posting it here for others' benefit. It employs the method introduced by a-sf-d above. It's not the same as my original request, which was to be able to log in through ssh be being able to type a couple of letters, but it has the added benefit of being able to remotely view and control the computer.

#!/bin/bash
TMPVAR=`systemctl status sddm.service`
echo "TMPVAR = $TMPVAR"
TMPVAR2=$(echo $TMPVAR | cut -d '{' -f 2)
echo "TMPVAR2 = $TMPVAR2"
TMPVAR3=$(echo $TMPVAR2 | cut -d '}' -f 1)
echo "TMPVAR3 = $TMPVAR3"
TMPVAR4="/var/run/sddm/\{$TMPVAR3\}"
echo "TMPVAR4 = $TMPVAR4"
echo "starting VNC server with string: sudo x11vnc -auth $TMPVAR4 -
nopw -ncache 10"
x11vnc -auth $TMPVAR4 -nopw

I call this script at boot through systemd by making this file and enabling it

x11vnc.service

[Unit]
Description=starts x11vnc server with authorization to access sddm
After=sddm.service graphical.target
Wants=display-manager.service

[Service]
ExecStart=/home/daddy/Desktop/sddm_VNC.sh
Restart=always

[Install]
WantedBy=graphical.target

And then, of course,

sudo systemctl enable x11vnc.service

Answer 3

I have a very simple answer: Enable auto login for SDDM, then make a script that calls loginctl to lock all sessions immediately after boot or after 10 seconds. Then you can have the convenience of loginctl while still having a locked state.

Another method is to remotely edit SDDM config to enable auto login, you can either manually edit it using ssh then restart SDDM or reboot or make a script that swaps the config file with the auto login one when called , you can set an alias for it and run it easily. See here for more information.