How to Setup VcXSrv for use with WSL2 [closed]

Question

How do you setup VcXSrv.exe on Windows 10 to work with WSL2 without disabling access control? Every description on the internet shows to disable the access control, but this allows any program on the local network to log your keystrokes and mouse movements among other things.

Answer 1

Rather than disabling access control on VcXSrv, you should use the .Xauthority file to share keys between your X11 clients and the VcXSrv X11 server. The .Xauthority contains a collection of authorization keys indexed by the DISPLAY . You'll need to setup this file with a key for your particular Windows host and share that file between the VcXSrv and your X11 clients running on your WSL2 distro. To setup this, follow these steps:

Run your WSL2 distro (Assuming this is a debian based one) and install xauth, md5sum and gawk or awk. We'll also install some X11 client to test our setup. In this case, we'll install gnome-terminal but you can install something else if you want. On an Ubuntu distro, you can do:

sudo apt install -y xauth coreutils gawk gnome-terminal 
xauth list # this should be an empty list
magiccookie=$(echo '{some-pass-phrase}'|tr -d '\n\r'|md5sum|gawk '{print $1}')
xauth add host.docker.internal:0 . $magiccookie
cp ~/.Xauthority /mnt/c/Users/{WindowsUserName}

Add the following to either your ~/.bashrc in your WSL2 distro home dir

     export DISPLAY=host.docker.internal:0

We need to create either an XLaunch configuration file (i.e. config.xlaunch ) or a shortcut to VcXSrv.exe with the desired command line args. XLaunch is a simple launcher that assists in setting up the arguments and in turn calls vcxsrv.exe. We'll ignore using XLaunch and just create our own shortcut with the appropriate arguments. We want to run VcXSrv.exe with these args:

vcxsrv.exe -multiwindow -clipboard -wgl -auth {.XAuthority file} -logfile {A Log file} -logverbose {int log level}

From above, we copied the .Xauthority file to /mnt/c/Users/{WindowsUserName}/.Xauthority which means our desired command line is:

vcxsrv.exe -multiwindow -clipboard -wgl -auth "c:\users\{WindowsUserName}\.Xauthority" -logfile "c:\users\{WindowsUserName}\VcXSrv.log" -logverbose 5

Feel free to omit the logfile and logverbose options if you're not debugging any issues. So you can just do:

vcxsrv.exe -multiwindow -clipboard -wgl -auth "c:\users\{WindowsUserName}\.Xauthority"

Remember to replace {WindowsUserName} with the name of your folder under c:\Users.

To create the shortcut, navigate to where VcXSrv.exe is installed. The default location of this is

C:\Program Files\VcXSrv\VcXSrv.exe

In the explorer file window, right click on the VcXSrv.exe and click "Create Shortcut" . This will create a shortcut on your desktop.

Right click over the created shortcut icon, and select properties.

In the Shortcut tab, append the arguments above after the executable . It should look something like:

"C:\Program Files\VcXSrv\VcXSrv.exe" -multiwindow -clipboard -wgl -auth "c:\users\{WindowsUserName}\.Xauthority"

In the General tab of the Properties dialog, change the name to be "VcXSrv with XAuthority".

Click ok.

Now you can start the X11 server by double clicking on the shortcut.

If you wish to have the X11 server started at startup, follow the instructions here: https://support.microsoft.com/en-us/windows/add-an-app-to-run-automatically-at-startup-in-windows-10-150da165-dcd9-7230-517b-cf3c295d89dd

Now back in the WSL distro terminal, you should be able to run the gnome-terminal or other X11 client and have it display securely on the VcXSrv X11 server running on the Windows host.

export DISPLAY=host.docker.internal:0
gnome-terminal

This should result in the gnome-terminal being displayed on your X11 Server. Further, the xauthority file will be used to allow only authorized clients to connect to your X11 server.