setup vnc server in linux


Step 1: Installing Vncviewer, Vncserver

#yum install vnc

Step 2: Configuring resolution, port & user

The default location of server configuration file for vncserver is ‘/etc/sysconfig/’. To configure the resolution, user and port open ‘/etc/sysconfig/vncservers’ and add two lines per user configuration shown ..

VNCSERVERS=”:”

VNCSERVERARGS[]=”-geometry x <windowWidth>x<windowHeight>”

Example

VNCSERVERS=”3:alex”

VNCSERVERARGS[3]=”-geometry 1000×700″

Step 3: Configuring Desktop Environment

The user specific configuration files of vncviewer resides in ‘.vnc’ directory in user’s home directory. (e.g. ‘/home/saini/.vnc/’). Open ‘.vnc/xstartup’ in your favorite editor and edit as below

#!/bin/sh

 

# Uncomment the following two lines for normal desktop:

unset SESSION_MANAGER

exec /etc/X11/xinit/xinitrc

 [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup

[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources

#xsetroot -solid grey

#vncconfig -iconic &

#xterm -geometry 80×24+10+10 -ls -title “$VNCDESKTOP Desktop” &

#twm &

startx &

Step 4: Configuring password

For setting up vncviewer password for user ‘xyz’, login as user ‘xyz’ and issue ‘vncpasswd’ command on a terminal/konsole (or whatever). Enter password twice and you are done with password setting.

#vncpasswd

  Password:

  Verify:

Step 5: Starting Vncserver

To start vncserver, login as root and issue ’service vncserver start’ command. If service started successfully, you are ready to use vncviewer on a remote/local machine.

#service vnc start

Step 6: Accessing through Vncviewer

# vncviewer IP_Address:displayPort

VNC encrypted through an ssh tunnel

You will be connecting through an ssh tunnel. You will need to be able to ssh to a user on the machine. For this example, the user on the vncserver machine is Larry.

Edit /etc/sysconfig/vncservers, and add the option -localhost.

[root@server~]# vim /etc/sysconfig/vncservers

VNCSERVERS=”1:larry 2:moe 3:curly”

VNCSERVERARGS[1]=”-geometry 640×480 -localhost”

VNCSERVERARGS[2]=”-geometry 640×480 -localhost”

VNCSERVERARGS[1]=”-geometry 800×600 -localhost”

[root@server~]# service vncserver restart

Go to another machine with vncserver and test the VNC.

    1. vncviewer -via larry@192.168.0.10 localhost:1
    2. vncviewer -via moe@192.168.0.10 localhost:2
    3. vncviewer -via curly@192.168.0.10 localhost:3

By default, many vncviewers will disable compression options for what it thinks is a “local” connection. Make sure to check with the vncviewer man page to enable/force compression. If not, performance may be very poor!

Recovery from a logout ( Not implemented for CentOS 6 )

If you logout of your desktop manager, it is gone!

We added a line to xstartup to give us an xterm where we can restart our window manager.

    • For gnome, enter gnome-session.
    • For kde, enter startkde.

Remote login with vnc-ltsp-config

To allow remote login access via a vnc-client to the Centos system, the RPM packages named vnc-ltsp-config and xinetd can be installed. When a vnc-client connects to one of the configured ports, the user will be given a login screen. The sessions will *not* be persistent. When a user logs out, the session is gone.

Note: There are no major dependencies for the package so the vnc-ltsp-config*.rpm could easily be downloaded and installed without the need for enabling the EPEL repository.

Install, as root via:

[root@server~]#yum install xinetd vnc-ltsp-config

[root@server~]#chkconfig xinetd on

[root@server~]#chkconfig vncts on

[root@server~]#service xinetd restart

Next, as root edit the file “/etc/gdm/custom.conf”.

  • To the next blank line below the “[security]” section add “DisallowTCP=false”
  • To the next blank line below the “[xdmcp]” section add “Enable=true”
  • Make sure you are in a position to either run “gdm-restart” for default Gnome installs or just reboot the CentOS box.

This will add the ability to get the following default vnc-client based session connections:

resolution

color-depth

port

1024×768

16

5900/tcp

800×600

16

5901/tcp

640×480

16

5902/tcp

1024×768

8

5903/tcp

800×600

8

5904/tcp

640×480

8

5905/tcp

A major advantage of using the vnc-ltsp-config setup is the reduction of system resource utilization compared to the standard “per-user setup”. No user processes will be started or memory consumed until a user actually logs into the system. Also, no pre-thought for user setup is needed (eg skip all of the manual individual user setup for vnc-server).

The downside to the vnc-ltsp-config setup is that *any* user with the ability to login will likely have the ability to log into the system via a vnc-client with full gui unless steps are taken to limit that type of access. Also, there is no session persistance! Once the vnc-client closes, the vnc-ltsp-config session will terminate (by default) and all running processes will be killed.

This option can be combined with ssh tunnelling using a slightly modified version of the “vncviewer -via” command noted above:

vncviewer -via remoteUser@remoteHost localhost:vncSinglePortNumber

For the default vnc-ltsp-config install, the “vncSinglePortNumber” is the last digit only of the port number. Port 5900 (1024×768 16bit) would just be “0”, for example.

VNC-Server for an already logged in GUI console session – 2 options

Often you will need remote access to an already logged in GUI session on a “real” console. Or you will need to help another user remotely with an GUI or visual issue. You will need either “vnc-server” or “x11vnc”. The vnc-server option will be a module added to X11 for “allways on” vnc support, while x11vnc will allow for adhoc vnc support.

vnc-server install will require no third party repos or source building.

x11vnc is a way to view remotely and interact with real X displays (i.e. a display corresponding to a physical monitor, keyboard, and mouse) with any VNC viewer. In this way it plays the role for Unix/X11 that WinVNC plays for Windows.

x11vnc adhoc option

1. Download the latest rpm to the host you want the vnc-client to connect to:

[root@server~]#wget http://dag.wieers.com/rpm/packages/x11vnc/x11vnc-0.9.3-1.el5.rf.i386.rpm

2. Install, as root, via the yum or rpm programs on the host you want the vnc-client to connect to:

[root@server~]#yum install x11vnc-0.9.3-1.el5.rf.i386.rpm

3. Start the x11vnc process on the host you want the vnc-client to connect to. Please take a long look at the possible options from the x11vnc website. A very simple/insecure example for a trusted network setup (local network or VPN) is to have the user with the GUI console issue the command:

[root@server~]#x11vnc -nopw -display :0.0

Then connect (without password) via a vnc-client to the IP/hostname and port noted by the x11vnc command. By default, x11vnc will allow connections from all interfaces. Host based firewall settings may need to be modified.

You can combine this with ssh tunneling:

ssh -C -t -L 5900:localhost:5900 [remote ip] ‘x11vnc -usepw -localhost -display :0’

Note that the -C flag is for compression, so may not be required

vnc-server X11 “always on” option

1. On the the system you want to run vnc-server, install vnc-server as noted above.

2. Edit /etc/X11/xorg.conf, as root, and add/create a ‘Module’ Section and add ‘Load “vnc”‘:

Section “Module”

Load “vnc”

EndSection

3. For standard vnc authentication, edit /etc/X11/xorg.conf, as root, and add to the ‘Screen’ Section:

 Option “SecurityTypes” “VncAuth”

 Option “UserPasswdVerifier” “VncAuth”

 Option “PasswordFile” “/root/.vnc/passwd”

4. As root, run ‘vncpasswd” to create the password noted above.

5. Restart X11 (<Ctrl>+<Alt>+<BS> will work if on the console already)

6. You should be able to connect with a vncviewer client as normal.

About Alex Hunt

Hi All I am Manish Kumar Jha aka Alex Hunt. I am currently working in VMware Software India Pvt Ltd as Operations System Engineer (vCloud Air Operations). I have around 5 Years of IT experience and have exposure on VMware vSphere, vCloud Director, RHEL and modern data center technologies like Cisco UCS and Cisco Nexus 1000v and NSX. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.
This entry was posted in Server Configuration. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s