Step 1: Installing Vncviewer, Vncserver
#yum install vnc
Step 2: Configuring resolution, port & user
The default location of server configuration file for vncserver is ‘/etc/sysconfig/’. To configure the resolution, user and port open ‘/etc/sysconfig/vncservers’ and add two lines per user configuration shown ..
VNCSERVERARGS=”-geometry x <windowWidth>x<windowHeight>”
Step 3: Configuring Desktop Environment
The user specific configuration files of vncviewer resides in ‘.vnc’ directory in user’s home directory. (e.g. ‘/home/saini/.vnc/’). Open ‘.vnc/xstartup’ in your favorite editor and edit as below
# Uncomment the following two lines for normal desktop:
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
#xsetroot -solid grey
#vncconfig -iconic &
#xterm -geometry 80×24+10+10 -ls -title “$VNCDESKTOP Desktop” &
Step 4: Configuring password
For setting up vncviewer password for user ‘xyz’, login as user ‘xyz’ and issue ‘vncpasswd’ command on a terminal/konsole (or whatever). Enter password twice and you are done with password setting.
Step 5: Starting Vncserver
To start vncserver, login as root and issue ’service vncserver start’ command. If service started successfully, you are ready to use vncviewer on a remote/local machine.
#service vnc start
Step 6: Accessing through Vncviewer
# vncviewer IP_Address:displayPort
VNC encrypted through an ssh tunnel
You will be connecting through an ssh tunnel. You will need to be able to ssh to a user on the machine. For this example, the user on the vncserver machine is Larry.
Edit /etc/sysconfig/vncservers, and add the option -localhost.
[root@server~]# vim /etc/sysconfig/vncservers
VNCSERVERS=”1:larry 2:moe 3:curly”
VNCSERVERARGS=”-geometry 640×480 -localhost”
VNCSERVERARGS=”-geometry 640×480 -localhost”
VNCSERVERARGS=”-geometry 800×600 -localhost”
[root@server~]# service vncserver restart
Go to another machine with vncserver and test the VNC.
- vncviewer -via firstname.lastname@example.org localhost:1
- vncviewer -via email@example.com localhost:2
- vncviewer -via firstname.lastname@example.org localhost:3
By default, many vncviewers will disable compression options for what it thinks is a “local” connection. Make sure to check with the vncviewer man page to enable/force compression. If not, performance may be very poor!
Recovery from a logout ( Not implemented for CentOS 6 )
If you logout of your desktop manager, it is gone!
We added a line to xstartup to give us an xterm where we can restart our window manager.
- For gnome, enter gnome-session.
- For kde, enter startkde.
Remote login with vnc-ltsp-config
To allow remote login access via a vnc-client to the Centos system, the RPM packages named vnc-ltsp-config and xinetd can be installed. When a vnc-client connects to one of the configured ports, the user will be given a login screen. The sessions will *not* be persistent. When a user logs out, the session is gone.
Note: There are no major dependencies for the package so the vnc-ltsp-config*.rpm could easily be downloaded and installed without the need for enabling the EPEL repository.
Install, as root via:
[root@server~]#yum install xinetd vnc-ltsp-config
[root@server~]#chkconfig xinetd on
[root@server~]#chkconfig vncts on
[root@server~]#service xinetd restart
Next, as root edit the file “/etc/gdm/custom.conf”.
- To the next blank line below the “[security]” section add “DisallowTCP=false”
- To the next blank line below the “[xdmcp]” section add “Enable=true”
- Make sure you are in a position to either run “gdm-restart” for default Gnome installs or just reboot the CentOS box.
This will add the ability to get the following default vnc-client based session connections:
A major advantage of using the vnc-ltsp-config setup is the reduction of system resource utilization compared to the standard “per-user setup”. No user processes will be started or memory consumed until a user actually logs into the system. Also, no pre-thought for user setup is needed (eg skip all of the manual individual user setup for vnc-server).
The downside to the vnc-ltsp-config setup is that *any* user with the ability to login will likely have the ability to log into the system via a vnc-client with full gui unless steps are taken to limit that type of access. Also, there is no session persistance! Once the vnc-client closes, the vnc-ltsp-config session will terminate (by default) and all running processes will be killed.
This option can be combined with ssh tunnelling using a slightly modified version of the “vncviewer -via” command noted above:
vncviewer -via remoteUser@remoteHost localhost:vncSinglePortNumber
For the default vnc-ltsp-config install, the “vncSinglePortNumber” is the last digit only of the port number. Port 5900 (1024×768 16bit) would just be “0”, for example.
VNC-Server for an already logged in GUI console session – 2 options
Often you will need remote access to an already logged in GUI session on a “real” console. Or you will need to help another user remotely with an GUI or visual issue. You will need either “vnc-server” or “x11vnc”. The vnc-server option will be a module added to X11 for “allways on” vnc support, while x11vnc will allow for adhoc vnc support.
vnc-server install will require no third party repos or source building.
x11vnc is a way to view remotely and interact with real X displays (i.e. a display corresponding to a physical monitor, keyboard, and mouse) with any VNC viewer. In this way it plays the role for Unix/X11 that WinVNC plays for Windows.
x11vnc adhoc option
1. Download the latest rpm to the host you want the vnc-client to connect to:
2. Install, as root, via the yum or rpm programs on the host you want the vnc-client to connect to:
[root@server~]#yum install x11vnc-0.9.3-1.el5.rf.i386.rpm
3. Start the x11vnc process on the host you want the vnc-client to connect to. Please take a long look at the possible options from the x11vnc website. A very simple/insecure example for a trusted network setup (local network or VPN) is to have the user with the GUI console issue the command:
[root@server~]#x11vnc -nopw -display :0.0
Then connect (without password) via a vnc-client to the IP/hostname and port noted by the x11vnc command. By default, x11vnc will allow connections from all interfaces. Host based firewall settings may need to be modified.
You can combine this with ssh tunneling:
ssh -C -t -L 5900:localhost:5900 [remote ip] ‘x11vnc -usepw -localhost -display :0’
Note that the -C flag is for compression, so may not be required
vnc-server X11 “always on” option
1. On the the system you want to run vnc-server, install vnc-server as noted above.
2. Edit /etc/X11/xorg.conf, as root, and add/create a ‘Module’ Section and add ‘Load “vnc”‘:
3. For standard vnc authentication, edit /etc/X11/xorg.conf, as root, and add to the ‘Screen’ Section:
Option “SecurityTypes” “VncAuth”
Option “UserPasswdVerifier” “VncAuth”
Option “PasswordFile” “/root/.vnc/passwd”
4. As root, run ‘vncpasswd” to create the password noted above.
5. Restart X11 (<Ctrl>+<Alt>+<BS> will work if on the console already)
6. You should be able to connect with a vncviewer client as normal.