How-to : Setup a VNC server & client

vnc

Introduction

This post is a guideline to setup a complete vnc infrastructure, for both client and server.

 

 

1 Setup a vncserver

  1. Install required packages (i use tigervnc, so the following instructions will be using this application, but those may also work for others if adapted)
    yum install tigervnc-server.$(/bin/arch)
  2. Setup vncserver configuration (add a vncserver definition as see the lines 55 and 57 at the bottom of the following excerpt)
    vi /etc/sysconfig/vncservers
    # The VNCSERVERS variable is a list of display:user pairs.#
    
    # Uncomment the lines below to start a VNC server on display :2
    
    # as my 'myusername' (adjust this to your own). You will also
    
    # need to set a VNC password; run 'man vncpasswd' to see how
    
    # to do that.
    
    #
    
    # DO NOT RUN THIS SERVICE if your local area network is
    
    # untrusted! For a secure way of using VNC, you should
    
    # limit connections to the local host and then tunnel from
    
    # the machine you want to view VNC on (host A) to the machine
    
    # whose VNC output you want to view (host B)
    
    #
    
    # [user@hostA ~]$ ssh -v -C -L 5900:localhost:5900 hostB
    
    #
    
    # this will open a connection on port 590N of your hostA to hostB's port 5900
    
    # (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
    
    # See the ssh man page for details on port forwarding)
    
    #
    
    # You can then point a VNC client on hostA at vncdisplay N of localhost and with
    
    # the help of ssh, you end up seeing what hostB makes available on port 5900
    
    # Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
    
    # Use "-localhost" to prevent remote VNC clients connecting except when
    
    # doing so through a secure tunnel. See the "-via" option in the
    
    # `man vncviewer' manual page.
    
    # VNCSERVERS="2:myusername"
    
    # VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -localhost"
    
    ##### EDITED PART START #####################################
    
    VNCSERVERS="1:user"
    
    VNCSERVERARGS[1]="-geometry 800x600 -nolisten tcp"
    
    ##### EDITED PART END #######################################

    Note : In the above 2 lines the <DISPLAY>:<username> field set the display number and the username used for the vncserver, the VNCSERVERARGS[<DISPLAY>] line setup the parameters for the matching <DISPLAY>:<username> couple from the VNCSERVERS line.

    If you want to setup different display parameters you may provide another <DISPLAY>:<username> couple and provide a new VNCSERVERARGS[<DISPLAY>]line with required parameters, here is an example:

    ##### EDITED PART START #####################################
    
    VNCSERVERS="1:user 2:user2"
    
    VNCSERVERARGS[1]="-geometry 800x600 -nolisten tcp"
    
    VNCSERVERARGS[2]="-geometry 1024x768 -nolisten tcp"
    
    ##### EDITED PART END #######################################
  3. Setup the password that will be used to connect to the server, do this by using the vncpasswdbinary (enter and verify the passwd)
    su <vnc_user>
    vncpasswd

    Note : You may want to create a new user for your vncserver, or you could use an existing user. Using the later configuration you will have a windows-like vncviewer, which means that you will be able to see, for example, the desktop of the existing user.

  4. Start the vncserver service
    su -c "/etc/init.d/vncserver start

    Note : Do not forget to edit your firewall rules, for testing purposes and if you are on a trusted network, you may disable you firewall, when your configuration is working create specific rules for your vncserver.

 

2 Changing default listening (server side) / connecting (client side)  port

2.1 Server side

By default a vncserver listen on the port “5900 + the display number” (if the display number is 1, then the listening port would be 5901), therefore a vncclient will try (by default) to connect to the 5901 port number, if you wish to change the default listening port (which may be a good security action), follow those guidelines.

 

  • Edit the /usr/bin/vncserver file by changing the $vncPort = <port_num> + $displayNumber;(should be around line 185), replace the default port number (5900) by one of your choice.NOTE: do not forget to edit your firewall rules!

 

2.2 Client side

  • If you changed the default port as seen above, you may now be facing two differents cases, depending the way you are using your vnc client, they are both really simple to modify in order to match your new vnc server configuration (as the vnc client will try to connect to server using the default port 5900+display, you now need to explicitely specify the server port to which the client must request a connection):
    1. You are using the CLI command to launch the vnc client: just replace your usual :display option by a ::<port_num>option
      vncviewer host::<new_port_num>
    2. You are using a shortcut to directly connect your vnc client to a pre-defined vnc server, in this case just do as for the case N°1, but edit the command line that is called by your shortcut. (right clic, properties and edit the command-line parameter).

 

3 FAQ

3.1 Vnc Server

If any problems occurs (such as being unable to start the vncserver…) the log files and pid files may give you useful infos, they are both located in the home dir of the user that runs the vnc server.

The vncserver binary can give you some info when used with useful options :

  • Print the running server(s)
    vncserver -list
  • Start a new server (you may add some useful option such as -geometry <width>x<height> or :<number>), and will also check and print the already running server(s))
    vncserver
  • Stop (send SIGTERM) to a specific server (identified by its display number
    vncserver -kill :<Display>

 

3.2 Miscellaneous issues

  • I can only access a really basic desktop / X session when connecting from my vnc client ?
    You might need to un-comment the first two lines of the ~/.vnc/xstartup dir (“~” being the home of the user that is running the vncserver, the one specified in the /etc/sysconfig/vncserver file), as :

    [root@test ~]# cat /data/installation/.vnc/xstartup
    #!/bin/sh
    
    # Uncomment the following two lines for normal desktop:
    unset SESSION_MANAGER
    exec /etc/X11/xinit/xinitrc
    [...]

 

 

4 Connecting to a Linux VNC server from a windows client

TODO!

Tagged on: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site supports SyntaxHighlighter via WP SyntaxHighlighter. It can highlight your code.
How to highlight your code: Paste your code in the comment form, select it and then click the language link button below. This will wrap your code in a <pre> tag and format it when submitted.