Enable Remote X Connections to the X Server

By default, Xdcv prevents the use of X forwarding, because of inherent security risks. NICE DCV inherits this behavior from the newer versions of the Xorg server. The NICE DCV server implements the following default mitigations to minimize the security risks:

The X server prevents X connections from the network. The X server is configured to start with -nolisten tcp command line option. However, it is possible to change the default behavior to enable remote X connections to the X server. For more information about this workaround, see Enable Remote X Connections to the X Server.
The X server disables GLX indirect contexts. Because of conflicts with DCV-GL, there is currently no workaround to enable GLX indirect contexts.

For more information about the security risks and the mitigations, see the X.Org Security Advisory.

Enable Remote X Connections to the X Server

By default, Xdcv is configured to start with the -nolisten tcp command line option to reduce exposure to the security risks. However, it is possible to change the default behavior to enable X forwarding.

To enable X forwarding

Open /etc/dcv/dcv.conf using your preferred text editor. Add the following to the end of the file:

To enable X forwarding over IPv4 and IPv6


[session-management]
virtual-session-xdcv-args="-listen tcp"

To enable X forwarding over IPv4 only


[session-management]
virtual-session-xdcv-args="-listen tcp -nolisten inet6"

Note

Enabling X forwarding does not affect existing sessions, but only the new sessions started after it's enabled.

To test the X forwarding

Connect the NICE DCV session.
Confirm that the NICE DCV server is listening on a port in the range between 6000-6063.
```
$ netstat -punta | grep 600
```
Add the remote server to the NICE DCV server host access list.
```
$ xhost +remote_server
```

Retrieve the NICE DCV session display number.


$ dcv describe-session session_name | grep display

SSH into the remote server on which the application is hosted.
```
$ ssh user@remote_server
```
From the remote server, export the display environment variable to point to the X server of the NICE DCV session.
```
$ export DISPLAY=dcv_server_ip:display_number
```
From the remote server, run an application to test the X forwarding functionality. For example:
```
xterm
```
The test application, in this case xterm, should appear in NICE DCV server's desktop environment.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Find and Stop Idle Sessions

Embed the NICE DCV web browser client inside an iFrame