.\" Man page for xpra .\" .\" Copyright (C) 2008-2009 Nathaniel Smith .\" Copyright (C) 2010-2017 Antoine Martin .\" .\" You may distribute under the terms of the GNU General Public .\" license, either version 2 or (at your option) any later version. .\" See the file COPYING for details. .\" .TH XPRA 1 .SH NAME xpra \- viewer for remote, persistent X applications .\" -------------------------------------------------------------------- .SH SYNOPSIS .PD 0 .HP \w'xpra\ 'u \fBxpra\fP \fBstart\fP [\fI:DISPLAY\fP] | \fBxpra\fP \fBstart\fP \fIssh:HOST:DISPLAY\fP | \fBxpra\fP \fBstart-desktop\fP [\fI:DISPLAY\fP] | \fBxpra\fP \fBstart-desktop\fP \fIssh:HOST:DISPLAY\fP [\fBOPTIONS..\fP] .HP \fBxpra\fP \fBattach\fP [CONNECTIONSTRING] [\fBOPTIONS..\fP] .HP \fBxpra\fP \fBshadow\fP [\fI:DISPLAY\fP] | \fIssh:[USER@]HOST[:DISPLAY]\fP [\fBOPTIONS..\fP] .HP \fBxpra\fP \fBproxy\fP [\fI:DISPLAY\fP] [\fBOPTIONS..\fP] .HP \fBxpra\fP \fBstop\fP | \fBxpra\fP \fBexit\fP | \fBxpra\fP \fBdetach\fP | \fBxpra\fP \fBscreenshot\fP \fIfilename\fP | \fBxpra\fP \fBversion\fP | \fBxpra\fP \fBinfo\fP [CONNECTIONSTRING] [\fBOPTIONS..\fP] .HP \fBxpra\fP \fBcontrol\fP [CONNECTIONSTRING] \fIcommand\fP [\fIarguments..\fP] [\fB\-\-ssh\fP=\fICMD\fP] [\fB\-\-remote\-xpra\fP=\fICMD\fP] [\fB\-\-socket\-dir\fP=\fIDIR\fP] [\fB\-\-socket\-dirs\fP=\fIDIRS\fP] .HP \fBxpra\fP \fBinitenv\fP [\fB\-\-socket\-dir\fP=\fIDIR\fP] .HP \fBxpra\fP \fBlist\fP [\fB\-\-socket\-dir\fP=\fIDIR\fP] .HP \fBxpra\fP \fBshowconfig\fP [\fBOPTIONS..\fP] .HP \fBxpra\fP \fBlist-mdns\fP .HP \fBxpra\fP \fBupgrade\fP \fI:[DISPLAY]\fP [...any options accepted by \fBxpra start\fP...] .PD .\" -------------------------------------------------------------------- .SH DESCRIPTION Xpra is a tool which allows you to run X programs \(em usually on a remote host \(em and then direct their display to your local machine, disconnect from these programs, and reconnect from the same or another machine, all without losing any state. It differs from standard X forwarding in that it allows disconnection and reconnection without disrupting the forwarded application; it differs from VNC and similar remote display technologies in that xpra can run \fIrootless\fP: i.e., applications forwarded by xpra appear on your desktop as normal windows managed by your window manager, rather than being all "trapped in a box together". Xpra also uses a custom protocol that is self-tuning and relatively latency-insensitive, and thus is usable over network connections that are too slow or unreliable for standard X forwarding. Xpra can also be used to shadow an existing X11 display, or in desktop mode where it behaves more like VNC. .P By default the Xpra server announces available sessions (username and display number) via mDNS to the local network. Use \fBmdns=no\fP to disable it. .\" -------------------------------------------------------------------- .SH CONNECTION STRINGS Xpra supports many types of connection strings (some may require extra packages to be installed): .SS :DISPLAY Local displays: this is the simplest form and is only valid for the current local displays of the current user. .SS tcp://[USERNAME@]HOST:PORT[/DISPLAY] TCP mode uses port numbers and not display numbers. If multiple displays are available through a single TCP port (ie: using a proxy server), then one can also specify the display number. .SS ssl://[USERNAME@]HOST:PORT[/DISPLAY] SSL adds a secure socket layer on top of the TCP mode. .SS vsock://[USERNAME[:PASSWORD]@]HOST:PORT Almost identical to the TCP mode, but using AF_VSOCK for transport. .SS ws://[USERNAME[:PASSWORD]@]HOST:PORT/[DISPLAY] Connect using websocket protocol. .SS wss://[USERNAME[:PASSWORD]@]HOST:PORT/[DISPLAY] Connect using secure websocket protocol. (websocket with SSL) .SS ssh://[USERNAME[:PASSWORD]@]HOST[:SSH_PORT]/DISPLAY Further options can be specified using the \fB\-\-ssh\fP command line option. .P For backwards compatibility, SSH mode also supports the syntax: \fBssh:[USERNAME[:PASSWORD]@HOST:DISPLAY\fP but this form does not support specifying the SSH port number. Older versions also used the form \fBprotocol:host:port\fP, but users are encouraged to move to a more standard URI format using \fB://\fP as separator. .P The password need only be specified when the server authentication module requires it. (ie: often when authenticating against MS Windows servers, or with \fBmultifile\fP and \fBsqlite\fP authentication modules) .\" -------------------------------------------------------------------- .SH EXAMPLES .TP \w'xpra\ 'u \fBxpra start\fP \fI:7\fP Start an xpra server using display number \fI:7\fP. Note: using \fBDISPLAY=\fP\fI:7 xterm\fP to start applications against a specific display is not recommended. Always prefer using xpra's \fB\-\-start=\fP command line option instead. See this next example: .TP \fBxpra start\fP \-\-start=firefox\fP Start an xpra server, choosing a display automatically and start firefox on that virtual display. No window will appear until you attach with \fBxpra attach\fP. The start child commands will inherit an environment tailored for running under xpra. .TP \fBxpra start\fP \fIssh:bigbox:7 \-\-start=xterm\fP Start an xpra server on \fIbigbox\fP with an xterm in it, and connect to it. .TP \fBxpra start-desktop \-\-start=xfce4-session\fP Start an xfce session in a nested X11 server on an automatically assigned display number. .TP \fBxpra list\fP Show a list of xpra servers you have running on the current host. .TP \fBxpra\fP \fBlist-mdns\fP Show a list of xpra servers found via mDNS. (local network) .TP \fBxpra showconfig\fP Shows the configuration that would be used with other sub-commands, taking into account the command line arguments. .TP \fBxpra attach\fP \fI:7\fP Attach to the xpra server that is using local display number \fI:7\fP. Any apps running on that server will appear on your screen. .TP \fBxpra attach\fP \fIssh:foo@frodo:7\fP Use ssh to attach to the xpra server that is running on machine \fIfrodo\fP as user \fIfoo\fP and using display \fI:7\fP. Any apps running on that server will appear on your local screen. .TP \fBxpra start :7 --start=screen\fP Start an xpra server and a \fBscreen\fP(1) session. If any of the applications inside screen attempt to use X, they will be directed to the xpra server. .\" -------------------------------------------------------------------- .SH DISPLAYS Understanding the basic idea of displays is critical to using xpra successfully. The idea comes from standard X. If you have multiple X servers running on the same host, then there has to be some way to distinguish them. X does this by assigning each server a small, unique integer called (perhaps confusingly) its "display". In the common case of a desktop machine that has only one X server running, that server uses display ":0" (or sometimes you'll see ":0.0", which is effectively the same). When an application starts under X, it needs to know how to find the right X server to use; it does this by checking the environment variable \fB$DISPLAY\fP. Xpra faces a similar problem \(em there may be multiple xpra servers running on the same host, as well as multiple X servers. It solves this problem by re-using X's solution \(em each xpra server has a display associated with it. This display functions as both an X display (for when xpra is talking to X applications) and as an identifier by which xpra clients (like \fBxpra attach\fP) can locate the xpra server. You may omit the display number when using \fBxpra start\fP: a display will be chosen for you automatically. The display number chosen will be shown in the log output, you should also be able to see it with \fBxpra list\fP. On Microsoft Windows and Mac OSX, the display number should be omitted. Otherwise, when starting an xpra server, you may want to specify the name of the display to use. To do this, simply pick any number you like and stick a colon in front of it. For instance :7, :12, and :3117 are all valid display names. Just keep in mind that: .IP \(bu Every X or xpra server that is running on a single machine must use a different display name. If you pick a number that is already in use then xpra will not work. .IP \(bu The first few numbers (0, 1, 2) are commonly used by real X servers. .IP \(bu Everyone who connects to a given machine using \fBssh\fP(1) with X forwarding enabled will also use a display number; ssh generally picks numbers near ten (10, 11, 12, ...). .PP When specifying an xpra server to a client program like \fBxpra attach\fP, \fBxpra detach\fP, \fBxpra stop\fP, \fBxpra exit\fP, \fBxpra version\fP, \fBxpra info\fP, \fBxpra list\fP or \fBxpra screenshot\fP then you can use a display of the form \fB:\fP\fIDISPLAY\fP to refer to a server on the local host, or one of the form \fBssh:\fP\fI[USER@]HOST\fP\fB:\fP\fIDISPLAY\fP to refer to a server on a remote host; xpra will automatically connect to the remote host using \fBssh\fP(1). Generally, if you have only one xpra session running on a machine (which you can verify by running \fBxpra list\fP on that machine), then you can omit the number entirely; \fBxpra attach\fP alone will attach to the lone xpra server on the current machine regardless of its number, \fBxpra attach ssh:frodo\fP will similarly attach to the lone xpra session on a remote machine. Connecting using the display number assumes that the client and server use the same configuration for socket directories, or at least that the client can find at least one of the directories used by the unix domain sockets (see \fIbind\fP, \fIsocket\-dir\fP and \fIsocket\-dirs\fP). If the xpra server was given the \fB\-\-bind\-tcp\fP, \fB\-\-bind\-ssl\fP \fB\-\-bind\-udp\fP=\fI[HOST]:PORT\fP, \fB\-\-bind\-ws\fP, \fB\-\-bind\-wss\fP or \fB\-\-bind\-vsock\fP option when started then you can also connect to it using a display of the form \fBtcp://HOST:PORT\fP, \fBudp://HOST:PORT\fP, \fBssl://HOST:PORT\fP, \fBws://HOST:PORT\fP, \fBwss://HOST:PORT\fP or \fBvsock://HOST:PORT\fP. (Notice that \fBssh:\fP takes an optional \fIdisplay\fP number, while those take a required \fIport\fP number.) .\" -------------------------------------------------------------------- .SH SUBCOMMANDS .SS xpra start This command starts a new xpra server, including any necessary setup. (When starting a remote server with the \fBssh:HOST:DISPLAY\fP syntax, the new session will also be attached.) .SS xpra start-desktop Starts a nested X11 server, all child commands will be started in the nested X11 server. .SS xpra attach This command attaches to a running xpra server, and forwards any applications using that server to appear on your current screen. .SS xpra detach Detaches the given xpra display. .SS xpra screenshot Takes a screenshot and saves it to the filename specified. Note: screenshots can only be taken when a client is attached. .SS xpra version Queries the server version and prints it out. Note: older servers may not support this feature. .SS xpra info Queries the server for version, status and statistics. Note: older servers may not support this feature. .SS xpra control Modify the server at runtime by issuing commands. The list of commands can be obtained by specifying "help" as command. Some of those commands may support a "help" mode themselves. .SS xpra initenv This internal command creates the \fBrun-xpra\fP script used with ssh connections. .SS xpra stop This command attaches to a running xpra server, and requests that it terminates immediately. This generally causes any applications using that server to terminate as well. .SS xpra exit This command attaches to a running xpra server, and requests that it terminates immediately. Unlike \fBxpra stop\fP, the Xvfb process and its X11 clients (if any) will be left running. .SS xpra showconfig This commands shows the configuration which would be used given the arguments provided. You can also specify as extra arguments the specific options that should be displayed, or use the special value \fIall\fP to display all the options including the ones which are normally not displayed because they are not relevant on the given system. .SS xpra list This command finds all xpra servers that have been started by the current user on the current machine, and lists them. .SS xpra upgrade This command starts a new xpra server, but instead of creating it from scratch, it attaches to another existing server, tells it to exit, and takes over managing the applications that it was managing before. As the name suggests, the main use case is to replace a server running against an older version of xpra with a newer version, without having to restart your session. Any currently-running \fBxpra attach\fP command will exit and need to be restarted. .SS xpra shadow This command shadows an existing X11 display. If there is only one X11 display active and its number is below 10, it can be auto-detected. Note that this mode of operation uses screenscraping which is far less efficient. Using a video encoder (h264 or vp8) is highly recommended for this mode of operation. .SS xpra proxy This command allows a single server to proxy connections for multiple others, potentially serving as a load balancing or authentication entry point for many sessions. The proxy server will spawn a new process for each proxy connection, this proxy process will create an unauthenticated new unix domain socket which can be used with the subcommands \fBinfo\fP, \fBversion\fP and \fBstop\fP. .SS Important Note Some platforms and package managers may choose to only build the client and not the server. In this case, only the \fBattach\fP subcommand will be available. .\" -------------------------------------------------------------------- .SH OPTIONS .SS General options .TP \fB\-\-version\fP Displays xpra's version number. .TP \fB\-h, \-\-help\fP Displays a summary of command line usage. .TP \fB\-d\fP \fIFILTER1,FILTER2,...\fP, \fB\-\-debug\fP=\fIFILTER1,FILTER2,...\fP Enable debug logging. The special value \fBall\fP enables all debugging. .TP \fB\-\-mmap\fP=\fIyes\fP|\fIno\fP|\fIABSOLUTEFILENAME\fP Enable or disable memory mapped pixel data transfer. By default it is normally enabled automatically if the server and the client reside on the same filesystem namespace. This method of data transfer offers much lower overheads and reduces both CPU consumption and local network traffic. When attaching, you can also specify an absolute path where the mmap file will be created. .TP \fB\-\-windows\fP=\fIyes\fP|\fIno\fP Enable or disable the forwarding of windows. This is usually the primary use for xpra and should be enabled. .TP \fB\-\-readonly\fP=\fIyes\fP|\fIno\fP Read only mode ignores all keyboard and mouse activity. .TP \fB\-\-clipboard\fP=\fIyes\fP|\fIno|clipboard\-type\fP Enable or disable clipboard synchronization. If disabled on the server, no clients will be able to use clipboard synchronization at all. If turned off on the client, only this particular connection will ignore clipboard data from the server. This can also be used to specify a different clipboard implementation. The clipboard types available will vary from platform to platform and also depend on build time environment and options so this is best left on \fBauto\fP. Other clipboard types available may include: .RS .IP \fBtranslated\fP Clipboard which can translate from one type of selection to another .IP \fBGDK\fP The most complete clipboard implementation, includes full X11 support .IP \fBdefault\fP Fallback clipboard, with limited X11 support .IP \fBOSX\fP OSX specific clipboard .RE .TP \fB\-\-clipboard\-direction\fP=\fIto\-server\fP|\fIto\-client\fP|\fIboth\fP|\fIdisabled\fP Choose the direction of the clipboard synchronization. .TP \fB\-\-pulseaudio\fP=\fIyes\fP|\fIno\fP Enable or disable the starting of a pulseaudio server with the session. .TP \fB\-\-pulseaudio\-command\fP=\fISERVER\-START\-COMMAND\fP Specifies the pulseaudio command to use to start the pulseaudio server, unless disabled with \fBpulseaudio=no\fP. .TP \fB\-\-session\-name\fP=\fIVALUE\fP Sets the name of this session. This value may be used in notifications, utilities, tray menu, etc. Setting this value on the server provides a default value which may be overridden on the client. .TP \fB\-\-encoding\fP=\fIENCODING\fP This specifies the image encoding to use, there are a number of encodings supported: \fBjpeg\fP, \fBpng\fP, \fBpng/P\fP, \fBpng/L\fP, \fBwebp\fP, \fBrgb\fP, \fBvp8\fP, \fBvp9\fP, \fBh264\fP and \fBh265\fP (some may not be available in your environment). The default option is \fBauto\fP which allows the server to select the best encoding automatically. .RS .IP \fBauto\fP default mode: the built-in heuristics will choose the most appropriate encoding .IP \fBpng\fP compressed and lossless, can be quite slow. .IP \fBpng/P\fP compressed and lossy: it uses a colour palette, which means better compression but still slow. .IP \fBpng/L\fP compressed and lossy: grayscale only using a palette. .IP \fBrgb\fP a raw pixel format (lossless) compressed with lz4, lzo or zlib (see \fIcompressors\fP) the compression ratio is lower, but it is by far the fastest encoding available. .IP \fBwebp\fP can be used in lossy or lossless mode, useful for graphical applications, it compresses better than jpeg and is reasonably fast except at high resolutions. .IP \fBjpeg\fP can be useful for graphical applications, it is lossy and usually very fast. .IP \fBvp8\fP lossy video encoding which always uses colour subsampling. Fast at encoding and decoding. .IP \fBvp9\fP Video encoding which supports both lossy and lossless modes, available if your ffmpeg library version is recent enough. .IP \fBh264\fP One of the best encoding available: it is fast, efficient and tunable via the quality and speed options. .IP \fBh265\fP Far too slow at encoding, avoid. .RE The default encoding which is automatically selected if you do not specify one will depend on what options are available on both the server and the client: \fBrgb\fP is always available (builtin), \fBjpeg\fP and \fBpng\fP require the Python Imaging Library, \fBvp8\fP, \fBvp9\fP, \fBwebp\fP, \fBh264\fP and \fBh265\fP all require their respective shared libraries, as well as the xpra codec that uses them. Note: when selecting a video encoding (usually \fBh264\fP, \fBvp8\fP or \fBvp9\fP), it will only be used if the screen is updating quickly enough, some of the smaller screen updates will also be sent using one of the other non-video encodings. .TP \fB\-\-video\-scaling\fP=\fIon\fP|\fIoff\fP|\fISCALING\fP How much automatic video downscaling should be used, from 1 (rarely) to 100 (aggressively), 0 to disable. Video scaling is normally used with video regions or very large windows (especially full screen windows) to try to maintain a decent framerate. Video downscaling negatively affects visual quality and will cause automatic refreshes (if enabled), it is most useful on video content where it saves a considerable amount of bandwidth. .TP \fB\-\-socket\-dir\fP=\fIDIR\fP Location where to write and look for the Xpra socket files. The default location varies from platform to platform ("~/.xpra" on most Posix systems). If unspecified, the first value from \fBsocket-dirs\fP will be used. It may also be specified using the XPRA_SOCKET_DIR environment variable. When using the socket-dir option, it is generally necessary to specify \fBsocket\-dir\fP or \fBsocket\-dirs\fP on all following commands, for xpra to work with the open sessions. By specifying a shared directory this can be coupled with the \fImmap\-group\fP or \fIsocket\-permissions\fP option to connect Xpra sessions across user accounts. .TP \fB\-\-socket\-dirs\fP=\fIDIR\fP Specifies the directories where to look for existing sockets if a specific one was not set using \fBsocket\-dir\fP. You may specify each directory using a new \fB\-\-socket\-dirs\fP command line argument, or joined together by the path separator (\fB:\fP on Posix). The paths will be expanded. (ie: \fI\-\-socket-dirs=~/.xpra:/tmp\fP) .TP \fB\-\-file\-transfer\fP=\fIon\fP|\fIoff\fP Enable file transfers. .TP \fB\-\-open\-files\fP=\fIon\fP|\fIoff\fP This option may be used to allow the remote end to automatically open files after they have been uploaded. This may be a security risk if you are using xpra to constrain what the clients can execute on the server. .TP \fB\-\-forward\-xdg\-open\fP=\fIon\fP|\fIoff\fP Intercept execution of \fIxdg\-open\fP and forward the request to the client. .TP \fB\-\-open\-command\fP=\fICOMMAND\fP The command to use for opening files and URLs. .TP \fB\-\-bandwidth\-limit\fP=\fIBITSPERSECOND\fP Restrict bandwidth usage to below the limit given. The client's value cannot raise the limit of the server. The value may be specified using standard units, ie: \fI1Mbps\fP or \fI500K\fP. In \fIauto\fP mode, the client will set the bandwidth limit value to 80% of the maximum speed of the network interface it is using to connect to the server. .TP .SS Options for start, start-desktop, upgrade, proxy and shadow .TP \fB\-\-daemon\fP=\fIyes\fP|\fIno\fP By default, the xpra server puts itself into the background, i.e. 'daemonizes', and redirects its output to a log file. This can be used to prevent that behavior (useful mostly for debugging). .TP \fB\-\-chdir\fP=\fIDIR\fP Change to this directory after daemonizing. .TP \fB\-\-uid\fP=\fIUID\fP and \fB\-\-gid\fP=\fIGID\fP When launching the server as root, these options can be used to drop privileges to the given UID / GID. .TP \fB\-\-pidfile\fP=\fIFILENAME\fP Writes the server process ID to this file on startup. If the file has not been replaced, it will be deleted when the server exits. .TP \fB\-\-bind\fP=\fIBIND_LOCATION\fP Create a local Unix domain socket (on Unix) or named-pipe (on MS Windows) for each \fBbind\fP option specified. This option can be specified multiple times to specify multiple socket locations. These sockets support local connections with the \fB:7\fP-style display address, and remote connections with the \fBssh:frodo:7\fP-style display address. Local sockets may also process HTTP / Websocket connections if the \fBhtml\fP switch is enabled. The location can take the form: .RS .IP \fBnone\fP do not create a socket .IP \fBauto\fP backwards compatible default which uses the current \fIsocket\-dir\fP .IP \fBDIRECTORY/\fP create a socket in the directory specified, if the directory does not exist then it will be created - you should include the trailing slash to prevent the confusion with the \fIPATH\fP form: .IP \fBPATH\fP create the socket using the path specified .RE .PP .TP \fB\-\-bind\-tcp\fP=\fI[HOST]:PORT\fP Create a TCP socket for each \fB\-\-bind\-tcp\fP option specified. If the host portion is omitted, then 127.0.0.1 (localhost) will be used. If you wish to accept connections on all interfaces, pass 0.0.0.0 for the host portion. Using this switch without using the \fItcp\-auth\fP option is not recommended, and is a major security risk (especially when passing 0.0.0.0)! Anyone at all may connect to this port and access your session. TCP sockets may also process HTTP / Websocket connections if the \fBhtml\fP switch is enabled. TCP sockets may also be upgraded to SSL sockets if the \fBssl\fP switch is enabled. .TP \fB\-\-bind\-udp\fP=\fI[HOST]:PORT\fP Create a UDP socket for each \fB\-\-bind\-udp\fP option specified. If the host portion is omitted, then 127.0.0.1 (localhost) will be used. If you wish to accept connections on all interfaces, pass 0.0.0.0 for the host portion. Using this switch without using the \fIudp\-auth\fP option is not recommended, and is a major security risk (especially when passing 0.0.0.0)! Anyone at all may connect to this port and access your session. UDP sessions are trivial to hijack for anyone able to sniff even just a single packet, it should only be used in very specific use-cases, and never over unsecured networks. .TP \fB\-\-bind\-ws\fP=\fI[HOST]:PORT\fP Create an HTTP / Websocket listener. See \fBbind\-tcp\fP for host restrictions, you should use the \fBauth\-ws\fP to secure access. .TP \fB\-\-bind\-wss\fP=\fI[HOST]:PORT\fP Create an HTTPS / Secure Websocket listener. See \fBbind\-tcp\fP for host restrictions, you should use the \fBauth\-wss\fP to secure access. .TP \fB\-\-bind\-ssl\fP=\fI[HOST]:PORT\fP Just like \-\-bind\-tcp\fP but for SSL sockets. See \fIssl\-auth\fP and the other SSL options. .TP \fB\-\-bind\-rfb\fP=\fI[HOST]:PORT\fP Listens for RFB connections on the given port. These sockets are only supported with the \fBstart\-desktop\fP and \fBshadow\fP modes. .TP \fB\-\-bind\-vsock\fP=\fICID:PORT\fP Create a VSOCK socket for each \fB\-\-bind\-vsock\fP option specified. .TP \fB\-\-auth\fP=\fIMODULE[:OPTION=VALUE]\fP Specifies the authentication module to use for unix domain sockets created using the \fBbind\fP switch. Authentication modules can validate a username and password against a variety of backend modules: .RS .IP \fBallow\fP always allows authentication - this is dangerous and should only be used for testing .IP \fBfail\fP always fails authentication, useful for testing .IP \fBenv\fP matches against the environment variable specified by the \fIname\fP option (which defaults to \fBXPRA_PASSWORD\fP). ie: \fB--auth=env:name=SOME_OTHER_ENV_VAR_NAME\fP. .IP \fBpassword\fP matches against the password specified using the \fIvalue\fP option. ie: \fB--auth=password:value=YOURPASSWORD\fP. Note: this command line option may be exposed to other processes on the same system. .IP \fBfile\fP checks the password against the password data found in the file specified using the \fBfilename\fP option. ie: \fB--auth=file:filename=./password.txt\fP. The contents of this file will be treated as binary data, there are no restrictions on character encodings or file size. .IP \fBmultifile\fP checks the username and password against the file specified using the filename option. The file must contain each user credentials on one line of the form: \fIusername|password|uid|gid|displays|env_opts|session_opts\fP It is not possible to have usernames or password that contain the pipe character \fI|\fP which is used as delimiter, or newlines and carriage returns. .IP \fBsqlite\fP checks the username and password against the sqlite database file specified using the filename option. The authentication will be processed using the following query (which is configurable using the "password_query" option): \fISELECT password FROM users WHERE username=(?)\fP The sessions available for each user will be querying using: (this is configurable using the "sessions_query" option): \fISELECT uid, gid, displays, env_options, session_options FROM users WHERE username=(?)\fP Multiple displays may be specified as a comma separated list. .IP \fBhosts\fP checks the host using the system's \fItcp-wrappers\fP library. (Posix only, and not available on Mac OS) See \fIhosts.allow\fP and \fIhosts.deny\fP for details. .IP \fBexec\fP Executes the command specified using the \fIcommand\fP attribute, the arguments to this command are: a description of the access request and the \fItimeout\fP value. (also configurable) If the command is not specified, the system will try to locate and use the \fIauth_dialog\fP utility which is shipped with xpra. The command should return 0 to allow access, any other value will deny access. .IP \fBpeercred\fP checks the unix domain socket peer credentials using \fISO_PEERCRED\fP. This authentication module is only available on some Posix compliant operating systems. This module will verify that the operating system provides the uid and gid of the process that initiated the connection. Access can be restricted by supplying in CSV format the list of valid \fIuid\fPs and \fIgid\fPs that are allowed to connect. Those id values may be specified using numerical values or using the usernames / group names. This module is different from the others in that it will not require the client to supply a username or password, as those are ignored. Environment variables and pseudo-environment variables may also be used as values, ie: \fB--auth=peercred:uid=\\$UID\fP. .IP \fBpam\fP validates the username and password using the PAM system .IP \fBwin32\fP validates the username and password using Microsoft Windows authentication (only available on this platform) .IP \fBsys\fP chooses the appropriate system authentication module automatically (either \fBpam\fP or \fBwin32\fP) .IP \fBkerberos\-password\fP validates the username and password using kerberos authentication. Warning: this module does not use kerberos tickets and the password will be sent in plain text to the server. This should only be used for testing. .IP \fBkerberos\-ticket\fP validates a kerberos ticket obtained by the client. .IP \fBgss\fP validates a GSS ticket obtained by the client. .IP \fBu2f\fP requests a U2F token from the client. .IP \fBldap\fP validates the username and password against an LDAP server, using the \fIpython\-ldap\fP library. .IP \fBldap\fP validates the username and password against an LDAP server, using the python \fIldap3\fP library. .RE .PP .TP \fB\-\-tcp\-auth\fP=\fIMODULE\fP Just like the \fBauth\fP switch, except this one only applies to TCP sockets (sockets defined using the \fBbind\-tcp\fP switch). .TP \fB\-\-udp\-auth\fP=\fIMODULE\fP Just like the \fBtcp\-auth\fP switch, except this one only applies to UDP sockets (sockets defined using the \fBbind\-udp\fP switch). .TP \fB\-\-ws\-auth\fP=\fIMODULE\fP Just like the \fBauth\fP switch, except this one only applies to ws sockets: sockets defined using the \fBbind\-ws\fP switch, or TCP sockets upgraded to websockets. (if the \fBhtmlfP option is enabled). .TP \fB\-\-wss\-auth\fP=\fIMODULE\fP Just like the \fBauth\fP switch, except this one only applies to wss sockets: sockets defined using the \fBbind\-wss\fP switch, ws sockets upgraded to SSL (if the \fBssl\fP option is enabled) or TCP sockets upgraded to SSL and then to wss. (if both the \fBssl\fP and \fBhtml\fP options are enabled). .TP \fB\-\-ssl\-auth\fP=\fIMODULE\fP Just like the \fBauth\fP switch, except this one only applies to SSL sockets: sockets defined using the \fBbind\-ssl\fP switch, or TCP sockets upgraded by \fBssl=auto\fP or \fBssl=on\fP. .TP \fB\-\-rfb\-auth\fP=\fIMODULE\fP Authentication module to use for the \fBbind\-rfb\fP sockets. .TP \fB\-\-vsock\-auth\fP=\fIMODULE\fP Just like the \fBauth\fP switch, except this one only applies to VSOCK sockets (sockets defined using the \fBbind\-vsock\fP switch). .TP \fB\-\-challenge\-handlers\fP=\fIMODULES\fP Configures which challenge handlers are used by the client and in which order. The default value is: \fIall\fP which corresponds to: \fIuri,file,env,kerberos,gss,u2f,prompt\fP. Note: some of these modules will fall through to others if they are enable to supply the challenge requested (\fIuri\fP, \fIfile\fP, \fIkerberos\fP and \fIgss\fP), others do not (\fIenv\fP and \fIprompt\fP). .RS .IP \fBuri\fP Use the password specified on the connection string, if any. .IP \fBfile\fP Loads the password from the file specified with the \fPpassword\-file switch. .IP \fBenv\fP Use the password specified using the \fIXPRA_PASSWORD\fP environment variable. .IP \fBkerberos\fP Request a kerberos token for the service specified. .IP \fBgss\fP Request a gss token for the service specified. .IP \fBu2f\fP Requests a token from a U2F device. .IP \fBprompt\fP Prompt the user for the value. Terminal clients prompt using text input, GUI clients use a dialog. .RE .PP .TP \fB\-\-min\-port\fP=\fIPORT\fP The minimum port number allowed when creating UDP and TCP sockets. You can use a lower value to allow unprivileged users to bind to privileged ports when starting sessions via the system wide proxy server. The default value is 1024 which is the standard value for privileged ports. .TP \fB\-\-mdns\fP=\fIyes\fP|\fIno\fP Enable or disable the publication of new sessions via mDNS. .TP \fB\-\-dbus\-launch\fP=\fICOMMAND\fP|\fIno\fP Start the session within a dbus-launch context, you can specify the dbus launch command to use, or turn it off completely. Some features may not be available without a dbus context. .TP \fB\-\-dbus\-proxy\fP=\fIyes\fP|\fIno\fP Allows the client to forward dbus calls to the server. .TP \fB\-\-dbus\-control\fP=\fIyes\fP|\fIno\fP Start a dbus server which can be used to interact with the server process. .TP .SS Options for start, start-desktop, upgrade .TP \fB\-\-start\fP=\fICMD\fP After starting the server, runs the command \fICMD\fP using the default shell. The command is run with its \fB$DISPLAY\fP set to point to the newly-started server. This option may be given multiple times to start multiple commands. .TP \fB\-\-start\-child\fP=\fICMD\fP Identical to \fB\-\-start\fP, except that the commands are taken into account by \fB\-\-exit\-with\-children\fP. .TP \fB\-\-start\-after\-connect\fP=\fICMD\fP Wait for the first client to connect before starting the command. .TP \fB\-\-start\-child\-after\-connect\fP=\fICMD\fP Wait for the first client to connect before starting the child command. See \fIstart\-child\fP. .TP \fB\-\-start\-on\-connect\fP=\fICMD\fP Execute this command every time a client connects. .TP \fB\-\-start\-child\-on\-connect\fP=\fICMD\fP Execute this child command every time a client connects. See \fIstart\-child\fP. .TP \fB\-\-terminate\-children\fP=\fIyes\fP|\fIno\fP On server \fBstop\fP, terminate all the child commands that have been started by the server. This does not affect server \fBexit\fP. Most child commands are tied to the display so they are normally forced to shutdown anyway, but this gives them more time to cleanup properly and can be used to stop background commands that aren't tied to a display. .TP \fB\-\-exit\-with\-children\fP=\fIyes\fP|\fIno\fP This option may only be used if \fB\-\-start\-child\fP is also given. If it is given, then the xpra server will monitor the status of the children started by \fB\-\-start\-child\fP, and will automatically terminate itself when the last of them has exited. .TP \fB\-\-exit\-with\-client\fP=\fIyes\fP|\fIno\fP The server will terminate when the last client disconnects. .TP \fB\-\-env\fP=\fIKEY=VALUE\fP Extra environment variables which will only affect commands started using fB\-\-start\fP or \fB\-\-start\-child\fP. .TP \fB\-\-start\-new\-commands\fP=\fIyes\fP|\fIno\fP Allow clients to ask the server to execute new commands. (this can also be used via the control channel) .TP \fB\-\-start\-via\-proxy\fP=\fIyes\fP|\fIno\fP|\fIauto\fP If enabled, the \fBstart\fP and \fBstart\-desktop\fP subcommands will be delegated to the system wide proxy server instance. With \fIauto\fP mode, this delegation will only occur if the system wide proxy server is found. .TP \fB\-\-systemd\-run\fP=\fIyes\fP|\fIno\fP|\fIauto\fP Wrap server start commands with systemd-run. .TP \fB\-\-systemd\-run\-args\fP=\fIARGS\fP Command line arguments passed to systemd-run. .TP \fB\-\-use\-display\fP Use an existing display rather than starting one with xvfb. You are responsible for starting the display yourself. This can also be used to rescue an existing display whose xpra server instance crashed or for running xpra against an accelerated X11 server. .TP \fB\-\-displayfd\fP=\fIFD\fP The xpra server will write the display number back on this file descriptor as a newline-terminated string. This is most useful when the display number is not specified with the xpra \fIstart\fP or \fIstart\-desktop\fP subcommands. .TP \fB\-\-xvfb\fP=\fICMD\fP When starting a seamless server, xpra starts a virtual X server to run the clients on. If your Xvfb is installed in a funny location, or you want to use some other virtual X server, then this switch allows you to specify how to run your preferred X server executable. The default value used depends on your platform. For more information, see: https://xpra.org/Xdummy.html .TP \fB\-\-sync\-xvfb\fP=\fIDELAY\fP The windows are normally only displayed on the client(s), they are not painted on the virtual display. Some applications like screen recorders may want to capture the window contents, you can use this option to enable painting with a configurable delay (in milliseconds). Warning: this extra painting is expensive and quite slow, which is why it is not enabled by default. .TP \fB\-\-attach\fP=\fIyes\fP|\fIno\fP|\fIauto\fP Once the server has started, immediately connect a client to it. With the value \fBauto\fP, a client is started for remote servers only. (servers specified via a network URI) .TP .SS Options for start, start-desktop, upgrade, shadow .TP \fB\-\-tcp\-proxy\fP=\fIHOST:PORT\fP Specifies the address to which non-xpra packets will be forwarded. This can be used to share the same TCP port with another TCP servers, usually a web server. xpra clients will connect as usual, but any client that does not speak the xpra protocol will be forwarded to the alternative server. .TP \fB\-\-html\fP=\fIon\fP|\fIoff\fP|\fIauto\fP|\fIwebrootpath\fP Respond to HTTP requests on the TCP port(s) and local sockets. This requires \fBwebsockify\fP to be installed and at least one TCP or local socket to be configured using the matching \fBbind\fP option. The \fBauto\fP mode will enable support if all the components are available. By default the server will provide access to the HTML5 client. You can also specify your own web root path as argument. .TP \fB\-\-rfb\-upgrade\fP=\fIDELAY\fP Allows RFB clients (ie: VNC) to connect to a plain TCP socket. If no data is received after \fIDELAY\fP seconds, the server will send a RFB handshake. This option is only applicable to servers started in \fIstart-desktop\fP or \fIshadow\fP modes. .TP \fB\-\-video\-encoders\fP=\fIENCODERS\fP Specifies the video encoders to try to load. By default, all of them are loaded, but one may want to specify a more restrictive list of encoders. Use the special value 'help' to get a list of options. Use the value 'none' to not load any video encoders. .TP \fB\-\-csc\-modules\fP=\fIMODULES\fP Specifies the colourspace conversion modules to try to load. By default, all of them are loaded, but one may want to specify a more restrictive list of modules. Use the special value 'help' to get a list of options. Use the value 'none' to not load any colourspace conversion modules. .TP \fB\-\-mmap\-group\fP Sets the mmap file's gid to match the socket file's gid and sets the mmap file's permissions to 660. This is necessary to share the mmap file across user accounts. .TP \fB\-\-socket\-permissions\fP=\fIACCESS\-MODE\fP Specifies the permissions on the server socket. Defaults to 600. This is ignored when \fImmap\-group\fP is enabled. .TP .SS Options for start, start-desktop, upgrade and attach .TP \fB\-\-encryption\fP=\fICIPHER\fP Specifies the cipher to use for securing the connection from prying eyes. This option requires the use of the \fB\-\-encryption\-keyfile\fP option. The only cipher supported at present is \fIAES\fP, if the client requests encryption it will be used by both the client and server for all communication after the initial password verification, but only if the server supports this feature too. Note: this feature has not been extensively reviewed and as it is it should not be considered safe from determined attackers. .TP \fB\-\-tcp\-encryption\fP=\fICIPHER\fP Just like the \fBencryption\fP switch, except this one only applies to TCP sockets (sockets defined using the \fBbind\-tcp\fP switch). .TP \fB\-\-encryption\-keyfile\fP=\fIFILENAME\fP Specifies the key to use with the encryption cipher specified with \fB\-\-encryption\fP. The client and server must use the same keyfile contents. .TP \fB\-\-tcp\-encryption\-keyfile\fP=\fIFILENAME\fP Just like the \fBencryption\-keyfile\fP switch, except this one only applies to TCP sockets (sockets defined using the \fBbind\-tcp\fP switch). .TP \fB\-\-idle\-timeout\fP=\fIIDLETIMEOUT\fP The connection will be terminated if there is no user activity (mouse clicks or key presses) for the given amount of time (in seconds). Use the value 0 to disable this timeout. .TP \fB\-\-server\-idle\-timeout\fP=\fIIDLETIMEOUT\fP The server will exit if there are no active connections for the given amount of time (in seconds). Use the value 0 to disable this timeout. .TP \fB\-\-clipboard\-filter\-file\fP=\fIFILENAME\fP Name of a file containing regular expressions, any clipboard data that matches one of these regular expressions will be dropped. Note: at present this only applies to copying from the machine where this option is used, not to it. .TP \fB\-\-dpi\fP=\fIVALUE\fP The 'dots per inch' value that client applications should try to honour. This numeric value should be in the range 10 to 500 to be useful. Many applications will only read this value when starting up, so connecting to an existing session started with a different DPI value may not have the desired effect. .TP \fB\-\-pixel\-depth\fP=\fIVALUE\fP When starting a server, this switch controls the bits per pixel of the virtual framebuffer. Possible values: 0 (auto), 16, 24, 30. When starting a client, this switch controls the picture rendering with the opengl backend: values higher than 24 will enable deep color, the value 24 enables regular true color rendering. Use the value 0 to let the client decide if the rendering will benefit from using deep color. (this is only supported on some Posix clients) Other values should not be used. .TP \fB\-\-cursors\fP=\fIyes\fP|\fIno\fP Enable or disable forwarding of custom application mouse cursors. Client applications may change the mouse cursor at any time, which will cause the new cursor's pixels to be sent to the client each time. This disables the feature. .TP \fB\-\-notifications\fP=\fIyes\fP|\fIno\fP Enable or disable forwarding of system notifications. System notifications require the xpra server to have its own instance of a dbus daemon, if it is missing a warning will be printed on startup. This switch disables the feature entirely, and avoids the warning. .TP \fB\-\-input\-method\fP=\fIMETHOD\fP Specify which input method to configure. This sets a number of environment variables which should be honoured by applications started with the \fBstart\-child\fP option. .br The following \fIMETHOD\fPs are currently supported: .RS .IP \fBnone\fP Disable input methods completely and prevent it from interfering with keyboard input. This is the default. .IP \fBkeep\fP Keeps the environment unchanged. You are responsible for ensuring it is correct. .IP \fBxim\fP Enables the X Input Method. .IP \fBIBus\fP Enables the Intelligent Input Bus. .IP \fBSCIM\fP Enables the Smart Common Input Method. .IP \fBuim\fP Enables the Universal Input Method. .RE .PP Any other value will also be set up, but will trigger a warning. .TP \fB\-\-xsettings\fP=\fIyes\fP|\fIno\fP Enable or disable xsettings synchronization. Xsettings are only forwarded from posix clients connecting to real posix servers (not shadows). .TP \fB\-\-system\-tray\fP=\fIyes\fP|\fIno\fP Enable or disable forwarding of system tray icons. This feature requires client support and may not be available on all platforms. .TP \fB\-\-bell\fP=\fIyes\fP|\fIno\fP Enable or disable forwarding of the system bell. .TP \fB\-\-webcam\fP=\fIyes\fP|\fIno\fP Enable or disable webcam forwarding. .TP \fB\-\-mousewheel\fP=\fIon\fP|\fIoff\fP|\fIinvert\fP|\fIinvert-x\fP|\fIinvert-y\fP|\fIinvert-z\fP Mouse wheel handling: can be used to disable mouse wheel forwarding or to invert some or all axes. .TP \fB\-\-remote\-logging\fP=\fIyes\fP|\fIno\fP|\fIboth\fP Allow the client to forward its log output to the server. The client can specify the value \fIboth\fP to both send it to the server and keep it locally. .TP \fB\-\-av\-sync\fP=\fIyes\fP|\fIno\fP Enable or disable audio-video synchronization. The video data will be delayed so that it is displayed in sync with the audio. Note: this only applies to video regions, either auto-detected via the builtin heuristics or specified using the dbus interface. .SS Options for attach .TP \fB\-\-password\-file\fP=\fIFILENAME\fP Supply the password to be used for connecting to a server that uses authentication. See \fIauth\fP, \fItcp\-auth\fP, \fIssl\-auth\fP and \fIvsock\-auth\fP for details. Alternatively, you may use the \fIXPRA_PASSWORD\fP environment variable. .TP \fB\-\-opengl\fP=(\fIyes\fP|\fIno\fP|\fIauto\fP)[:\fIbackend\fP] Use OpenGL accelerated rendering on the client. The default is to detect if the graphics card and drivers are supported (\fIauto\fP mode), but one can also disable OpenGL (\fIno\fP) or force it enabled (\fIyes\fP). On some platforms, it is also possible to specify which backends should be used, only \fIgtk\fP and \fInative\fP are currently supported and only on X11 platforms. ie: \fIopengl=yes:native\fP, or \fIopengl=auto:gtk,native\fP. .TP \fB\-\-webcam\fP=\fIyes\fP|\fIno\fP|\fI/dev/deviceXXX\fP|\fIDEVICEID\fP Enable or disable webcam forwarding. The webcam device to use can also be specified. .TP \fB-z\fP\fILEVEL\fP, \fB\-\-compress\fP=\fILEVEL\fP Select the level of compression xpra will use when transmitting data over the network. With the \fBlz4\fP and \fBlzo\fP compressors, there are only two possible values: 0 (meaning no compression) and 1 (compression enabled). The \fBzlib\fP compressor supports values between 0 (meaning no compression) and 9, inclusive. It should only be used when \fBlz4\fP and \fBlzo\fP are not available. This compression is not used on pixel data (except when using the \fBrgb\fP encoding). .TP \fB\-\-quality\fP=\fIVALUE\fP This option sets a fixed image compression quality for lossy encodings (\fBjpeg\fP, \fBwebp\fP, \fBh264\fP/\fBh265\fP and \fBvp8\fP/\fBvp9\fP). First, one of those lossy encodings must be enabled with \fB\-\-encoding\fP. Values range from 1 (lowest quality, high compression - generally unusable) to 100 (highest quality, low compression). Specify a value of zero to let the system tune the quality dynamically to achieve the best bandwidth usage possible. It is usually best not to use this option and use \fBmin\-quality\fP instead. .TP \fB\-\-min\-quality\fP=\fIMIN\-QUALITY\fP This option sets the minimum encoding quality allowed when the quality option is set to automatic mode. .TP \fB\-\-speed\fP=\fISPEED\fP This option sets the encoding speed. Slower compresses more, faster will give better latency. The system normally uses a variable speed, this option forces a fixed speed setting to be used instead. It is usually best not to use this option and use \fBmin\-speed\fP instead. .TP \fB\-\-min\-speed\fP=\fIMIN\-SPEED\fP This option sets the minimum encoding speed allowed when the speed option is set to automatic mode. .TP \fB\-\-auto\-refresh\-delay\fP=\fIDELAY\fP This option sets a delay after which the windows are automatically refreshed using a lossless frame. The delay is a floating-point number and is in seconds. This option is enabled by default with a delay of 0.25 seconds. This option is only relevant when using a lossy encoding. .TP \fB\-\-shortcut\-modifiers\fP=\fIMODIFIERS\fP Defines the default shorcut modifers required by the \fIkey\-shortcuts\fP, these modifiers can then be referred to as \fI#\fP. The default value is 'auto' which evaluates to \fIMeta+Shift\fP on most platforms. .TP \fB\-\-key\-shortcut\fP=\fIKEY:ACTION\fP Can be specified multiple times to add multiple key shortcuts. These keys will be caught by the client and trigger the action specified and the key presses will not be passed on to the server. The \fIKEY\fP specification may include keyboard modifiers in the form \fB[modifier\+]*key\fP, for example: \fIShift+F10\fP or \fIShift+Control+B\fP. You can refer to the \fIshorcut-modifers\fP option value using \fI#\fP, ie: \fI#+F1\fP. If no shortcuts are defined on the command line, the default builtin list will be used. Some of the actions may allow arguments (ie: the \fIlog\fP action does), in which case they are specified in the usual programming style syntax: \fIACTION(ARG1, ARG2, etc)\fP .br String arguments must be quoted (both single and double quotes are supported) and numeric arguments must not be quoted. Beware the the parenthesis and quotes must usually be escaped when used from a shell command line. Example: \fI--key-shortcut=Meta+Shift+F7:log\\(\\'hello\\'\\)\fP .br The following \fIACTION\fPs are currently defined: .RS .IP \fBquit\fP Disconnect the xpra client. .IP \fBlog("MESSAGE")\fP Sends \fIMESSAGE\fP to the log. .IP \fBshow_session_info[("TabName")]\fP Shows the session information window. The optional \fITabName\fP allows the information tab shown to be selected. Use the value \fIhelp\fP to get the list of options. .IP \fBshow_menu\fP Shows the menu normally found in the system tray. .IP \fBshow_start_new_command\fP Shows the start new command dialog. .IP \fBmagic_key\fP Placeholder which can be used by some client toolkits. .IP \fBvoid\fP Does not do anything, and can therefore be used to prevent certain key combinations from ever being sent to the server. .IP \fBrefresh_window\fP Force the currently focused window to be refreshed. .IP \fBrefresh_all_windows\fP Force all windows to be refreshed. .IP \fBtoggle_keyboard_grab\fP The keyboard will be grabbed / ungrabbed by the current window. .IP \fBtoggle_pointer_grab\fP The pointer will be grabbed and confined to the current window. .IP \fBtoggle_fullscreen\fP Make the current window fullscreen / unfullscreen. .IP \fBtoggle_debug\fP Turn debugging on or off. .IP \fBscaleup\fP Increase the current value of \fBdesktop-scaling\fP. .IP \fBscaledown\fP Decrease the current value of \fBdesktop-scaling\fP. .IP \fBscalereset\fP Reset the \fBdesktop-scaling\fP to its original value. .IP \fBscalingoff\fP Turn off \fBdesktop-scaling\fP. .IP \fBincrease_quality\fP Increase the \fBmin\-quality\fP or \fBquality\fP setting (whichever one is currently in use). .IP \fBdecrease_quality\fP Decrease the \fBmin\-quality\fP or \fBquality\fP setting (whichever one is currently in use). .IP \fBincrease_speed\fP Increase the \fBmin\-speed\fP or \fBspeed\fP setting (whichever one is currently in use). .IP \fBdecrease_speed\fP Decrease the \fBmin\-speed\fP or \fBspeed\fP setting (whichever one is currently in use). .RE .PP .TP \fB\-\-sharing\fP=\fIyes\fP|\fIno\fP|\fIauto\fP Sharing allows more than one client to connect to the same session. This must be enabled on both the server and all co-operating clients to function. When used server-side, the default value \fIauto\fP allows the clients to decide if they are willing to share the session. When used client-side, the default value \fIauto\fP evaluates to \fIno\fP. .TP \fB\-\-lock\fP=\fIyes\fP|\fIno\fP|\fIno\fP Locking allows a client to refuse to hand over the session to a new client. The session may still be shared with multiple clients (see the \fIsharing\fP option), but otherwise the server will reject new clients. When used server-side, the default value \fIauto\fP allows the clients to decide if they want to lock the session. When used client-side, the default value \fIauto\fP evaluates to \fIno\fP. .TP \fB\-\-keyboard\-sync\fP=\fIyes\fP|\fIno\fP Normally the key presses and key release events are sent to the server as they occur so that the server can maintain a consistent keyboard state. Disabling synchronization can prevent keys from repeating unexpectedly on high latency links but it may also disrupt applications which access the keyboard directly (games, etc.). .TP \fB\-\-keyboard\-raw\fP=\fIyes\fP|\fIno\fP Tells the server to process all keyboard input untranslated. Both the client and the server must be using the same type of keyboard interface. (ie: both using X11) .TP \fB\-\-keyboard\-layout\fP=\fILAYOUTSTRING\fP The keyboard layout is normally detected automatically. This option overrides it. .TP \fB\-\-keyboard\-layouts\fP=\fILAYOUTS\fP The list of keyboard layouts to enable. .TP \fB\-\-keyboard\-variant\fP=\fIVARIANT\fP Override for the keyboard layout variant. .TP \fB\-\-keyboard\-variants\fP=\fIVARIANTS\fP Override for the keyboard layout variants. .TP \fB\-\-keyboard\-options\fP=\fIOPTIONS\fP Override for the keyboard options sent to the server. .TP \fB\-\-swap\-keys\fP=\fIYES|NO\fP This option only applies to MacOS clients, it swaps the \fIcommand\fP and \fIcontrol\fP keys and is enabled by default. .TP \fB\-\-sound\-source\fP=\fIPLUGIN\fP Specifies the GStreamer sound plugin used for capturing the sound stream. This affects "speaker forwarding" on the server, and "microphone" forwarding on the client. To get a list of options use the special value 'help'. It is also possible to specify plugin options using the form: \fI\-\-sound\-source= pulse\:device=device.alsa_input.pci\-0000_00_14.2.analog\-stereo\fP .TP \fB\-\-speaker\fP=\fIon\fP|\fIoff\fP|\fIdisabled\fP and \fB\-\-microphone\fP=\fIon\fP|\fIoff\fP|\fIdisabled\fP|\fIon:DEVICE\fP|\fIoff:DEVICE\fP Sound input and output forwarding support: \fIon\fP will start the forwarding as soon as the connection is established, \fIoff\fP will require the user to enable it via the menu, \fIdisabled\fP will prevent it from being used and the menu entry will be disabled. With microphone forwarding, you may also be able to specify which device to use. .TP \fB\-\-speaker\-codec\fP=\fICODEC\fP and \fB\-\-microphone\-codec\fP=\fICODEC\fP Specify the codec(s) to use for sound output (speaker) or input (microphone). This parameter can be specified multiple times and the order in which the codecs are specified defines the preferred codec order. Use the special value 'help' to get a list of options. When unspecified, all the available codecs are allowed and the first one is used. .TP \fB\-\-title\fP\=\fIVALUE\fP Sets the text shown as window title. The string supplied can make use of remote metadata placeholders which will be populated at runtime with the values from the remote server. The default value used is "@title@ on @client-machine@". The following placeholders are defined: .RS .IP \fB\@title\@\fP Will be replaced by the remote window's title. .IP \fB\@client-machine\@\fP Will be replaced by the remote server's hostname. .RE .PP .TP \fB\-\-border\fP=\fIBORDER\fP Specifies the color and size of the border to draw inside every xpra window. This can be used to easily distinguish xpra windows running on remote hosts from local windows. The \fIBORDER\fP can be specified using standard color names (ie: \fIred\fP, or \fIorange\fP) or using the web hexadecimal syntax (ie: \fI#F00\fP or \fI#FF8C00\fP). The special color name "\fIauto\fP" will derive the color from the server target address (the connection string) so that connecting to the same target should always give the same color. You may also specify the size of the border in pixels, ie: \fI\-\-border\fP=\fIyellow,10\fP. .TP \fB\-\-window\-icon\fP=\fIFILENAME\fP Path to the default image which will be used for all windows. This icon may be shown in the window's bar, its iconified state or task switchers. This depends on the operating system, the window manage and the application may override this too. .TP \fB\-\-window\-close\fP=\fIACTION\fP Choose what action to take when the window is closed by the client. The following actions can be used: .RS .IP \fBauto\fP The client will figure out what is best based on the window type. This is the default. ie: it will use \fIdisconnect\fP shadow sessions, \Iforward\fP for seamless windows. .IP \fBforward\fP The event will be forwarded to the server. .IP \fBignore\fP Do nothing. .IP \fBdisconnect\fP Disconnect from the server. .IP \fBshutdown\fP Shutdown the server. .RE .PP .TP \fB\-\-desktop\-scaling\fP=\fIoff\fP|\fIon\fP|\fIauto\fP|\fIVALUE\fP Desktop scaling allows the windows to be scaled by the client. Downscaling will mostly waste bandwidth, upscaling allows the window's pixels to be sent over the wire at a lower resolution, saving bandwidth and CPU time. This option can also be used to request a specific scaling value. For best results, use \fBopengl\fP client rendering, the other display backends may show visual artifacts when scaling. Note: the scaling may also be adjusted at runtime through keyboard shortcuts if those are configured. The \fIdesktop\-scaling\fP value can take the form: .RS .IP \fBoff\fP scaling will be disabled .IP \fBon\fP scaling will be allowed, but it will start unscaled .IP \fBauto\fP scaling will be allowed and a scaling value will be automatically chosen if the client's desktop is large (bigger desktops will use higher scaling values) .IP \fBscaling\-value\fP scaling will be enabled and use the given value, specified as a number, fraction or percentage. ie: \fB2\fP, \fB3/2\fP or \fB150%\fP. .IP \fBpair\fP the scaling will be enabled and use a different value for the X and Y axis. ie: \fB3x2\fP or \fB3/2x4/3\fP .IP \fBdesktop\-size\fP the scaling will be enabled and the server will render to the given size. ie: \fB1600x1200\fP .RE .PP \fB\-\-tray\fP=\fIyes\fP|\fIno\fP Enable or disable the system tray. Not available on OSX since the dock icon is always shown. .TP \fB\-\-delay\-tray\fP Waits for the first window or notification to appear before showing the system tray. (posix only) .TP \fB\-\-tray\-icon\fP=\fIFILENAME\fP Specifies the icon shown in the dock/tray. By default it uses a simple default 'xpra' icon. (On Microsoft Windows, the icon must be in \fBico\fP format.) .TP \fB\-\-enable\-pings\fP The client and server will exchange ping and echo packets which are used to gather latency statistics. Those statistics can be seen using the \fBxpra info\fP command. .SS Options for attach, stop, info, screenshot, version .TP \fB\-\-ssh\fP\=\fICMD\fP When you use an \fBssh:\fP address to connect to a remote display, xpra runs \fBssh\fP(1) to make the underlying connection. By default, it does this by running the command "ssh". If your ssh program is in an unusual location, has an unusual name, or you want to pass special options to change ssh's behavior, then you can use the \fB\-\-ssh\fP switch to tell xpra how to run ssh. For example, if you want to use arcfour encryption, then you should run .\" I'm sure this is completely the wrong thing to do here, but it .\" produces fine output in the terminal, at least: .RS .RS \fBxpra attach \-\-ssh\fP=\fI"ssh \-c arcfour" ssh:frodo:7\fP .RE \fINote:\fP Don't bother to enable ssh compression; this is redundant with xpra's own compression, and will just waste your CPU. See also xpra's \fB\-\-compress\fP switch. On MS Windows, where backslashes are used to separate path elements and where spaces are often used as part of paths, you need to add quotes around paths. (ie: \fBssh="C:\\Program Files\\Xpra\\Plink.exe" \-ssh \-agent\fP) .RE .TP \fB\-\-exit\-ssh\fP=\fIyes\fP|\fIno\fP Choose whether the SSH client process should be forcibly terminated when xpra disconnects from the server. If you are using SSH connection sharing, you may want to avoid stopping the SSH master process instance spawned by xpra as it may be used by other SSH sessions. Note: the \fBexit\-ssh=no\fP detaches the SSH process from the terminal which prevents the SSH process from interacting with the terminal input, this disables the keyboard interaction required for password input, host key verification, etc.. .TP \fB\-\-remote\-xpra\fP=\fICMD\fP When connecting to a remote server over ssh, xpra needs to be able to find and run the xpra executable on the remote host. If this executable is in a non-standard location, or requires special environment variables to be set before it can run, then accomplishing this may be non-trivial. If running \fBxpra attach ssh:something\fP fails because it cannot find the remote xpra, then you can use this option to specify how to run xpra on the remote host. That said, this option should not be needed in normal usage, as xpra tries quite hard to work around the above problems. If you find yourself needing it often, then that may indicate a bug that we would appreciate hearing about. .SS SSL Options .TP \fB\-\-ssl\fP=\fIon\fP|\fIauto\fP|\fIoff\fP|\fItcp\fP|\fIwww\fP Whether to enable SSL on TCP sockets and for what purpose. The TCP sockets will automatically be upgraded to SSL when SSL packets are received. .RS .IP \fBauto\fP The server will try to guess what protocol to use for each new SSL connection: either xpra's native protocol or https / websocket (wss) .IP \fBtcp\fP The SSL sockets will only be used for xpra's native protocol .IP \fBwww\fP The SSL sockets will only be used for https and websocket (wss) .RE If SSL is enabled, then a \fBssl\-cert\fP is required. Authentication, if required, will use the \fBssl\-auth\fP module specified, and fallback to \fBtcp-auth\fP or \fBauth\fP unless the value \fInone\fP is specified. The remaining options mirror the Python ssl module attributes. Please refer to that documentation and bear in mind that configuring SSL for security is not trivial, and definitely not just a matter of \fIenabling SSL\fP. See: https://docs.python.org/2/library/ssl.html Some options may not be available with older versions of Python. Summary: \fB\-\-ssl\-key\fP=\fIKEYFILE\fP The key file to use. .TP \fB\-\-ssl\-cert\fP=\fCERTFILEORDIR\fP Certificate file, required for server SSL support. .TP \fB\-\-ssl\-protocol\fP=PROTOCOLVERSION\fP Specifies which version of the SSL protocol to use. .TP \fB\-\-ssl\-ca\-certs\fP=CACERTSFILE\fP The ca_certs file contains a set of concatenated 'certification authority' certificates. If a directory is specified, it should contain the certificates. .TP \fB\-\-ssl\-ca\-data\fP=\fCERTDATA\fP Certificate data. .TP \fB\-\-ssl\-ciphers\fP=CIPHERS\fP Sets the available ciphers, it should be a string in the OpenSSL cipher list format. .TP \fB\-\-ssl\-client-verify-mode\fP=\fInone\fP|\fIoptional\fP|\fIrequired\fP Whether to try to verify the client's certificates and how to behave if verification fails. .TP \fB\-\-ssl\-server-verify-mode\fP=\fInone\fP|\fIoptional\fP|\fIrequired\fP Whether to try to verify the server's certificates and how to behave if verification fails. .TP \fB\-\-ssl\-verify-flags\fP=\fIFLAGS\fP The flags for certificate verification operations. .TP \fB\-\-ssl\-check-hostname\fP=\fIyes\fP|\fIno\fP Whether to match the peer cert's hostname. .TP \fB\-\-ssl\-options\fP=\fIoptions\fP Set of SSL options enabled on this context. .TP .\" -------------------------------------------------------------------- .SH ENVIRONMENT .TP \fBDISPLAY\fP \fBxpra start \-\-start\-child\fP=\fI...\fP sets this variable in the environment of the child to point to the xpra display. \fBxpra attach\fP, on the other hand, uses this variable to determine which display the remote applications should be shown on. fIXPRA_PASSWORD\fP may be used with \fBxpra attach\fP instead of the \fBpassword\-file\fP option. .\" -------------------------------------------------------------------- .SH FILES \fIxpra.conf\fP stores default values for most options. There is a global configuration file in \fI/etc\fP or \fI/usr/local/etc\fP, and each user may override those defaults by creating the file \fI.xpra/xpra.conf\fP. You can also split the options into multiple files by placing them in a \fIconf.d\fP directory with the \fI.conf\fP extension. Xpra uses the directory \fI~/.xpra\fP to store a number of files. (The examples below are given for the display \fI:7\fP.) .TP \fI~/.xpra/:7\fP The unix domain socket that clients use to contact the xpra server, if the system configuration uses this directory. .TP \fI~/.xpra/:7.log\fP When run in daemon mode (the default), the xpra server directs all output to this file. This includes all debugging output, if debugging is enabled. .TP \fI~/.xpra/run-xpra\fP A shell script that, when run, starts up xpra with the correct python interpreter, PYTHONPATH, PATH, location of the main xpra script, etc. Automatically generated by \fBxpra initenv\fP, \fBxpra start\fP and used by \fBxpra attach\fP (see also the discussion of \fB\-\-remote\-xpra\fP). .\" -------------------------------------------------------------------- .SH BUGS Xpra has no test suite. Xpra does not fully handle all aspects of the X protocol; for instance, fancy input features like pressure-sensitivity on tablets, some window manager hints, and probably other more obscure parts of the X protocol. It does, however, degrade gracefully, and patches for each feature would be gratefully accepted. The xpra server allocates an over-large framebuffer when using Xvfb; this wastes memory. If the Xvfb does not support RandR this can also cause applications to misbehave (e.g. by letting menus go off\-screen). This is not a problem when using Xdummy, see the \fB\-\-xvfb\fP= switch for details. Conversely, if the framebuffer is ever insufficiently large, clients will misbehave in other ways (e.g., input events will be misdirected). .\" -------------------------------------------------------------------- .SH REPORTING BUGS Send any questions or bugs reports to http://xpra.org/trac/ .\" -------------------------------------------------------------------- .SH SEE ALSO \fBscreen\fP(1) \fBwinswitch_applet\fP(1)