Terry : Install and Config VNC Server

Install and Config VNC

RHEL / Oralce Linux / CentOS

Installation

Check if the package is installed.

rpm -qa | grep vnc-server

or

rpm -q vnc-server

If not, install it by using YUM.

yum install vnc-server

Configuration

Open the ports
  1. Click on System->Administration->Security Level and Firewall.
  2. Click on "Other ports" below.
  3. Click "Add" button.
  4. Enter 5000-5999 tcp to the "Port(s)" box.
  5. Click OK.
  6. Click Apply.

Alternatively, add the rules manually using iptables

iptables -A INPUT -p tcp-m tcp -m state --state NEW --dport 5900:5999 -j ACCEPT

Or simply disable Firewall. It also can be done by stopping the init script.

/etc/init.d/iptables stop
Enabling Remote Visual Access

Open the ~/.vnc/xstartup with a text editor and uncomment the following lines, also make sure the user has read and write permission:

#unset SESSION_MANAGER
#exec /etc/X11/xinit/xinitrc

Sample:

#!/bin/sh

# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
-geometry 1024x768 -ls -title "$VNCDESKTOP Desktop"& gnome-session
&
Starting VNC Server as a service ( xvnc daemon)

Edit

/etc/sysconfig/vncserver

Add

VNCSERVERS="1:root"
VNCSERVERARGS[1]="-geometry 1024x768 -nolisten tcp -nohttpd -localhost"

Create a soft link in the rcX.d folder:

ln -s /etc/init.d/vncserver /etc/rc3.d/S35vncserver

Or simply use the chkconfig command

chkconfig --level 345 vncserver on

Check the /etc/rcX.d folder and you'll find the soft links created in the specified run level folders.

Alternatively (NOT recommended), add the following line in ~/.vnc/xstartup and chmod the file to 755:

vncserver :1

or alternatively, you can apply the following command in a root terminal:

echo "vncserver :1" >> /root/.vnc/xtartup

Open the /etc/init.d/vncserver with a text editor and add the users you want to activate the access to into VNCSERVERS parameter:

VNCSERVERS="1:root"

Starting the Server

Running the VNC Server manually
vncserver :1

This command will ask you to set an access password. You can later change this initial password with vncpasswd command.

Restart the VNC Server
service vncserver restart

Note that this will terminate all the active listeners.

Connect to the VNC Server
vncviewer :1
Change Password
vncpasswd
Kill a VNC Session
vncserver -kill :1
~/.vnc/xstartup Sample
#!/bin/sh

# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
-geometry 1024x768 -ls -title "$VNCDESKTOP Desktop"& gnome-session
&

Start VNC Automatically

VNC start script resides in /etc/init.d/vncserver

Edit

/etc/sysconfig/vncserver

Add

VNCSERVERS="1:root"
VNCSERVERARGS[1]="-geometry 1024x768 -nolisten tcp -nohttpd -localhost"

Connect using VNC viewer, for example tightvnc viewer: hostname/IP.

Sample /etc/sysconfig/vncserver which starts vnc server on hostname:2 - port 5902 as user oracle

# The VNCSERVERS variable is a list of display:user pairs.
#
# Uncomment the lines below to start a VNC server on display :2
# as my 'myusername' (adjust this to your own).  You will also
# need to set a VNC password; run 'man vncpasswd' to see how
# to do that.  
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted!  For a secure way of using VNC, see
# <URL:http://www.uk.research.att.com/archive/vnc/sshvnc.html>.

# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.

# Use "-nohttpd" to prevent web-based VNC clients connecting.

# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel.  See the "-via" option in the
# `man vncviewer' manual page.

# VNCSERVERS="2:myusername"
# VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -nohttpd -localhost"
VNCSERVERS="2:oracle"

Start VNC Server at boot time

chkconfig --level 345 vncserver on 

x11vnc

VNC (Virtual Network Computing) is a very useful network graphics protocol (applications running on one computer but displaying their windows on another) in the spirit of X, however, unlike X, the viewing-end is very simple and maintains no state. It is a remote framebuffer (RFB) protocol.

Some VNC implementations: RealVNC, tightvnc, UltraVNC.

x11vnc is a VNC server for real X displays, it allows one to view remotely and interact with real X displays (i.e. a display corresponding to a physical monitor, keyboard, and mouse) with any VNC viewer. In this way it plays the role for Unix/X11 that WinVNC plays for Windows.

Difference between x11vnc and traditional VNC (vncserver)

  • For Unix, the traditional VNC implementation includes a "virtual" X11 server Xvnc (usually launched via the vncserver command) that is NOT associated with a physical display, but provides a "fake" one (display) which X11 clients (xterm, firefox, etc.) can attach to. A remote user then connects to Xvnc via the VNC client vncviewer from anywhere on the network to view and interact with the whole virtual X11 desktop.
  • x11vnc - interact with real X displays (i.e. a display corresponding to a physical monitor, keyboard, and mouse) with any VNC viewer.

NOTE: Ubuntu desktop, which by default uses either GNOME or Unity runs vino by default, which requires an active GNOME desktop session. DO NOT use it.

Ubuntu / Debian

Install x11vnc

sudo apt-get install x11vnc

Create VNC password

x11vnc -storepasswd

NOTE: defaults to ~/.vnc/passwd file. Alternatively, use vncpasswd or

-storepasswd pass file

Store password pass as the VNC password in the file file. Once the password is stored the program exits. Use the password via "-rfbauth file". If called with no arguments, "x11vnc -storepasswd", the user is prompted for a password and it is stored in the file ~/.vnc/passwd. Called with one argument, that will be the file to store the prompted password in.

Start x11vnc

# Start x11vnc using ~/.vnc/passwd
x11vnc -safer -forever -display :0 -rfbauth /home/terry/.vnc/passwd
# redirect stdout and stderr to log file
x11vnc -safer -forever -display :0 -rfbauth ~terry/.vnc/passwd > /tmp/x11vnc.log 2>&1 &
# less output to stderr -q -quiet
# this does not eliminate all informational output, it only reduces it
x11vnc -safer -forever -display :0 -rfbauth /home/terry/.vnc/passwd -q
# eliminate all output
x11vnc -safer -forever -display :0 -rfbauth /home/terry/.vnc/passwd 2>/dev/null 1>&2

Change the VNC port to listen on

-rfbport

The VNC port to listen on (a LibVNCServer option), e.g. 5900, 5901, etc. If specified as "-rfbport PROMPT" then the x11vnc -gui is used to prompt the user to enter the port number.

x11vnc -rfbport 5901

This force x11vnc to use port 5901 (this is VNC display :1.)

If something else is using that port x11vnc will exit immediately. If you do not supply the -rfbport option, it will autoprobe starting at 5900 and work its way up to 5999 looking for a free port to listen on.

In that case, watch for the PORT=59xx line to see which port it found, then subtract 5900 from it for the VNC display number to enter into the VNC Viewer(s).

The "-N" option will try to match the VNC display number to the X display (e.g. X11 DISPLAY of :5 (port 6005) will have VNC display :5 (port 5905).)

Also see the "-autoport n" option to indicated at which value the auto probing should start at.

Send x11vnc to background

x11vnc -safer -forever -display :0 -rfbauth /home/terry/.vnc/passwd -bg

Go into the background after screen setup. Messages to stderr are lost unless -o logfile is used. Something like this could be useful in a script

port='ssh -t $host "x11vnc -display :0 -bg" | grep PORT'
port='echo "$port" | sed -e 's/PORT=//''
port='expr $port - 5900'
vncviewer $host:$port

Use SSH to tunnel VNC connection

ssh -t -L 5900:localhost:5900 far-host 'x11vnc -localhost -display :0'

VNC password file

The option "-rfbauth .vnc/passwd" provides additional protection by requiring a VNC password for every VNC viewer that connects. The vncpasswd or storepasswd programs, or the x11vnc -storepasswd option can be used to create the password file. x11vnc also has the slightly less secure -passwdfile and "-passwd XXXXX" options to specify passwords.

Very Important: It is up to YOU to tell x11vnc to use password protection (-rfbauth or -passwdfile), it will NOT do it for you automatically or force you to (use -usepw if you want to be forced to.) The same goes for encrypting the channel between the viewer and x11vnc: it is up to you to use ssh, stunnel, -ssl mode, a VPN, etc. (use the Enhanced TightVNC Viewer (SSVNC) GUI if you want to be forced to use SSL or SSH.) For additional safety, also look into the -allow and -localhost options and building x11vnc with tcp_wrappers support to limit host access.

Reference

http://www.karlrunge.com/x11vnc/

http://www.karlrunge.com/x11vnc/faq.html

https://help.ubuntu.com/community/VNC

http://kbase.redhat.com/faq/FAQ_79_3976.shtm

http://www.tightvnc.com