VNCServer and Vino, a Mini Guide
1-Install and configure VNC-Server
2-Install and configure vncviewer
3-Install and configure Vino
4-Install additional desktop
5-Access VNC-Server via browser
6-Encrypted connection via ssh tunnel * New *
I recommend step 1 (VNC-server approach) over step 3 (Vino approach).
Step 2 is instruction to install vncviewer for client machine.
Step 4 may be required if you need to install additional desktop.
Step 5 is for accessing VNC-server via browser. Useful for occasional access from cyber cafe.
Step 6 is for ssh tunnel encrypted connection. Vncviewer free edition does not offer encryption.
Command prompt:
# denotes root login ( $ su - )
$ denotes non-root login
Editor: although "vi" is indicated, use any of your favorite text editor
1. Installing and configuring VNC-Server:
With this approach, a VNC session will be created independent of console X session.
Can be used at init runlevel 3 or 5, means you don't have to run desktop at console. Very handy for server especially at remote location.
Install VNC-server
Code:
# yum install vnc-server
Configure VNC-server
I recommend running VNC-server as system service. Edit /etc/sysconfig/vncservers, the configuration file used by vncserver service.
Code:
# vi /etc/sysconfig/vncservers
......
VNCSERVERS="1:user1"
#comment next line if only 1 user required.
VNCSERVERS="1:user1 2:user2"
# specify geometry to taste (can be anything you like. eg 1200x720)
VNCSERVERARGS[1]="-geometry 1280x1024"
VNCSERVERARGS[2]="-geometry 1024x768"
......
Stop vncserver service in case already started.
Code:
# /sbin/service vncserver stop
User configuration
Now login or "su" as individual user for user configuration.
Code:
# su - user1
$ vncserver :1 -geometry 1280x1024
Password: xxxxx
After the last command, vncserver process will be started for user1.
It should have created .vnc directory under user1 home directory.
~/.vnc (/home/user1/.vnc) directory should contain following files:
Code:
$ ls -l ~/.vnc
-rw------- user1 group1 passwd {vnc server access password xxxxx}
-rw-rw-r-- user1 group1 host.domain.com:1.log
-rw-rw-r-- user1 group1 host.domain.com:1.pid
-rwxr-xr-x user1 group1 xstartup {need to be edited for start up option}
Make sure xstartup access mode is -rwxr-xr-x (755), if not
Code:
$ chmod 755 ~/.vnc/xstartup
Now stop vncserver to edit the xstartup file
Code:
$ vncserver -kill :1
$ vi ~/.vnc/xstartup
......
# uncomment the following 2 lines
unset SESSION_MANAGER
exec /etc/X11/xinitrc/xinitrc
......
To change vnc process login password
Code:
$ vncpasswd
Password: xxxxxx
$ exit
#
Repeat User Configuration for user2, replacing :1 to :2
Firewall
Configure firewall to append or insert into INPUT chain, or use system-config-firewall in gui mode.
Code:
# vi /etc/sysconfig/iptables
......
# 5901 corresponds to :1, 5902 for :2 and so on.
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5901:5902 -j ACCEPT
......
Restart firewall (iptables service)
Code:
# /sbin/service iptables restart
Before we start vncserver service, select desktop GNOME, KDE or XFCE.
Desktop Selection
Default desktop being GNOME.
To change desktop used to KDE, create or edit /etc/sysconfig/desktop:
Code:
DESKTOP=KDE
# DESKTOP=GNOME
To use XFCE desktop, make following changes to ~/.vnc/xstartup, and follow step 4 to install XCFE later.
Code:
# Leave the following two lines commented
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
.....
# twm &
startxfce4 &
Now you are ready to enable and start vncserver service.
Code:
# /sbin/chkconfig vncserver on
# /sbin/service vncserver restart
2. Install and running vncviewer
Install vncviewer at client machine
To access from other Fedora machine, install vnc package there.
To access from Windows/XP, install one of the following vncviewers:
TightVNC http://www.tightvnc.com/download.html
RealVNC http://www.realvnc.com/products/download.html
UltraVNC http://www.uvnc.com/download/
Start vncviewer at client machine
Start vncviewer,
specify hostname:1 to attach as user1 -or- hostname:2 to attach as user2
specify hostname:0 to connect to Vino. (See step 3 later)
When prompted, enter the vncpasswd, and you are set.
Good luck!
3. Install and configure Vino:
With this approach, client's vncviewer will attach to the running console X session at server.
Must be init runlevel 5 and login, and I think it only works for gnome. (???)
Installing vino
Configure and start vino
Login console desktop, in your gnome-terminal, execute the following:
Code:
$ vino-preferences
[x] Allow other users to view your desktop
[x] Allow other users to control your desktop
When a user tries to view or control your desktop
[ ] Ask you for confirmation
[x] Require the user to enter this password
Password: xxxxxx
When "Close," vino will start a vnc session at port 5900, (firewall need to open port 5900). IMO, don't check "Ask you for confirmation", but use "password" option instead, unless you will be at console to answer "Y" when connecting remotely.
Follow Step 2 to install vncviewer.
To connect remotely, use vncviewer to open hostname:0
Do not use vncviewer within gnome session to connect to yourself, or you will have "nested" windows.
4. Install additional Desktop
To Install Gnome, KDE or XFCE
Firstly, check desktop group names:
The following are valid for F9.
Code:
# yum groupinstall "GNOME Desktop Environment"
or
# yum groupinstall "KDE (K Desktop Environment)"
or
# yum groupinstall XFCE
5. Access vncserver via browser
Disable browser access
Browser Java access is enabled by default. To disable Java access, add -nohttpd option in /etc/sysconfig/vncserver
Code:
...
VNCSERVERARGS[1]="-geometry 1280x1024 -nohttpd"
...
Installing missing Java classes for F9 and F10
Vnc-server package on F9/F10 is missing the Java classes for browser access.
If you are using F9/F10, goto http://www.realvnc.com/
Download vnc-4_1_3-x86_linux.tar.gz (free linux x86 version)
Create following directory
Code:
# mkdir -p /usr/share/vnc/classes
Extract the downloaded tarball
Code:
# tar xvf vnc-4_1_3-x86_linux.tar.gz
# cp -v vnc-4_1_3-x86_linux/java/* /usr/share/vnc/classes/
You should now have 3 files in /usr/share/vnc/classes directory
Code:
index.vnc
logo150x150.gif
vncviewer.jar
Restart your vncserver. You should now see following message during startup:
Code:
# /sbin/service vncserver restart
.....
New 'host.domain.com:1 (userid)' desktop is host.domain.com:1
Accessing Via Browser
To access via browser, specify port 580x in URL (ports need to be opened in iptables)
http://host.domain.com:5801 to connect as user1 and so on.
6. Encrypted connection via ssh tunnel
Linux Client
In a terminal session, establish a connection and login to server with following option:
Code:
$ ssh -L 5901:hostname:5901 userid@hostname
In another terminal session or via menu, start vncviewer and specify localhost:1 to connect.
Code:
$ vncviewer localhost:1
Windows Client
Free edition of vncviewer does not offer encryption connection.
To enable encrypted connection, download PuTTY, ssh client for Windows.
http://www.chiark.greenend.org.uk/~s.../download.html
Go for "A Windows installer for everything except PuTTYtel"
Install and start PuTTY, at the configuration page:-
On the left pane: Connection->SSH->Tunnels
On the right pane: Enter following information and click "Add". hostname is the domain name or ip address of vnc-server.
Code:
Source Port: 5901
Destination: hostname:5901
[x] Local [ ] Remote [ ] Dynamic
Add additional ports, 5902 and so on, as needed.
Select "Session" on left pane, enter hostname, ssh port#, session name and "Save" session.
Open connection via PuTTY and login to server.
Start vncviewer, specify localhost:1 to connect. VNC session will be connected via ssh secured tunnel.
EDIT: If you get gray screen using GNOME desktop.
****F9 Gnome may need some fixing up in dbus configuration before it can be used. Edit /etc/dbus-1/system.d/gdm.conf , insert the 2 lines in red. Restart messagebus service (may kill gnome session), or simply reboot. gui response in Gnome may be a bit sluggish. Your mileage varies.
Code:
<policy user="gdm">
<allow send_interface="org.gnome.DisplayManager.Manager"/>
<allow send_interface="org.gnome.DisplayManager.Display"/>
<allow send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/>
<allow send_interface="org.gnome.DisplayManager.Settings"/>
<allow send_interface="org.gnome.DisplayManager.Slave"/>
<allow send_interface="org.gnome.DisplayManager.Session"/>
<allow send_destination="org.gnome.DisplayManager"
send_interface="org.gnome.DBus.Properties" />
</policy>
Code:
# /sbin/service messagebus restart