Install and Config VNC
RHEL / Oralce Linux / CentOS
Installation
Check if the package is installed.
rpm -qa | grep vnc-server
or
rpm -q vnc-server
If not, install it by using YUM.
yum install vnc-server
Configuration
Open the ports
- Click on System->Administration->Security Level and Firewall.
- Click on "Other ports" below.
- Click "Add" button.
- Enter 5000-5999 tcp to the "Port(s)" box.
- Click OK.
- Click Apply.
Alternatively, add the rules manually using iptables
iptables -A INPUT -p tcp-m tcp -m state --state NEW --dport 5900:5999 -j ACCEPT
Or simply disable Firewall. It also can be done by stopping the init script.
/etc/init.d/iptables stop
Enabling Remote Visual Access
Open the ~/.vnc/xstartup with a text editor and uncomment the following lines, also make sure the user has read and write permission:
#unset SESSION_MANAGER #exec /etc/X11/xinit/xinitrc
Sample:
#!/bin/sh # Uncomment the following two lines for normal desktop: unset SESSION_MANAGER exec /etc/X11/xinit/xinitrc [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic & -geometry 1024x768 -ls -title "$VNCDESKTOP Desktop"& gnome-session &
Starting VNC Server as a service ( xvnc daemon)
Edit
/etc/sysconfig/vncserver
Add
VNCSERVERS="1:root" VNCSERVERARGS[1]="-geometry 1024x768 -nolisten tcp -nohttpd -localhost"
Create a soft link in the rcX.d folder:
ln -s /etc/init.d/vncserver /etc/rc3.d/S35vncserver
Or simply use the chkconfig command
chkconfig --level 345 vncserver on
Check the /etc/rcX.d folder and you'll find the soft links created in the specified run level folders.
Alternatively (NOT recommended), add the following line in ~/.vnc/xstartup and chmod the file to 755:
vncserver :1
or alternatively, you can apply the following command in a root terminal:
echo "vncserver :1" >> /root/.vnc/xtartup
Open the /etc/init.d/vncserver with a text editor and add the users you want to activate the access to into VNCSERVERS parameter:
VNCSERVERS="1:root"
Starting the Server
Running the VNC Server manually
vncserver :1
This command will ask you to set an access password. You can later change this initial password with vncpasswd command.
Restart the VNC Server
service vncserver restart
Note that this will terminate all the active listeners.
Connect to the VNC Server
vncviewer :1
Change Password
vncpasswd
Kill a VNC Session
vncserver -kill :1
~/.vnc/xstartup Sample
#!/bin/sh # Uncomment the following two lines for normal desktop: unset SESSION_MANAGER exec /etc/X11/xinit/xinitrc [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic & -geometry 1024x768 -ls -title "$VNCDESKTOP Desktop"& gnome-session &
Start VNC Automatically
VNC start script resides in /etc/init.d/vncserver
Edit
/etc/sysconfig/vncserver
Add
VNCSERVERS="1:root" VNCSERVERARGS[1]="-geometry 1024x768 -nolisten tcp -nohttpd -localhost"
Connect using VNC viewer, for example tightvnc viewer: hostname/IP.
Sample /etc/sysconfig/vncserver which starts vnc server on hostname:2 - port 5902 as user oracle
# The VNCSERVERS variable is a list of display:user pairs. # # Uncomment the lines below to start a VNC server on display :2 # as my 'myusername' (adjust this to your own). You will also # need to set a VNC password; run 'man vncpasswd' to see how # to do that. # # DO NOT RUN THIS SERVICE if your local area network is # untrusted! For a secure way of using VNC, see # <URL:http://www.uk.research.att.com/archive/vnc/sshvnc.html>. # Use "-nolisten tcp" to prevent X connections to your VNC server via TCP. # Use "-nohttpd" to prevent web-based VNC clients connecting. # Use "-localhost" to prevent remote VNC clients connecting except when # doing so through a secure tunnel. See the "-via" option in the # `man vncviewer' manual page. # VNCSERVERS="2:myusername" # VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -nohttpd -localhost" VNCSERVERS="2:oracle"
Start VNC Server at boot time
chkconfig --level 345 vncserver on
x11vnc
VNC (Virtual Network Computing) is a very useful network graphics protocol (applications running on one computer but displaying their windows on another) in the spirit of X, however, unlike X, the viewing-end is very simple and maintains no state. It is a remote framebuffer (RFB) protocol.
Some VNC implementations: RealVNC, tightvnc, UltraVNC.
x11vnc is a VNC server for real X displays, it allows one to view remotely and interact with real X displays (i.e. a display corresponding to a physical monitor, keyboard, and mouse) with any VNC viewer. In this way it plays the role for Unix/X11 that WinVNC plays for Windows.
Difference between x11vnc and traditional VNC (vncserver)
- For Unix, the traditional VNC implementation includes a "virtual" X11 server Xvnc (usually launched via the vncserver command) that is NOT associated with a physical display, but provides a "fake" one (display) which X11 clients (xterm, firefox, etc.) can attach to. A remote user then connects to Xvnc via the VNC client vncviewer from anywhere on the network to view and interact with the whole virtual X11 desktop.
- x11vnc - interact with real X displays (i.e. a display corresponding to a physical monitor, keyboard, and mouse) with any VNC viewer.
NOTE: Ubuntu desktop, which by default uses either GNOME or Unity runs vino by default, which requires an active GNOME desktop session. DO NOT use it.
Ubuntu / Debian
Install x11vnc
sudo apt-get install x11vnc
Create VNC password
x11vnc -storepasswd
NOTE: defaults to ~/.vnc/passwd file. Alternatively, use vncpasswd or
-storepasswd pass file
Store password pass as the VNC password in the file file. Once the password is stored the program exits. Use the password via "-rfbauth file". If called with no arguments, "x11vnc -storepasswd", the user is prompted for a password and it is stored in the file ~/.vnc/passwd. Called with one argument, that will be the file to store the prompted password in.
Start x11vnc
# Start x11vnc using ~/.vnc/passwd x11vnc -safer -forever -display :0 -rfbauth /home/terry/.vnc/passwd # redirect stdout and stderr to log file x11vnc -safer -forever -display :0 -rfbauth ~terry/.vnc/passwd > /tmp/x11vnc.log 2>&1 & # less output to stderr -q -quiet # this does not eliminate all informational output, it only reduces it x11vnc -safer -forever -display :0 -rfbauth /home/terry/.vnc/passwd -q # eliminate all output x11vnc -safer -forever -display :0 -rfbauth /home/terry/.vnc/passwd 2>/dev/null 1>&2
Change the VNC port to listen on
-rfbport
The VNC port to listen on (a LibVNCServer option), e.g. 5900, 5901, etc. If specified as "-rfbport PROMPT" then the x11vnc -gui is used to prompt the user to enter the port number.
x11vnc -rfbport 5901
This force x11vnc to use port 5901 (this is VNC display :1.)
If something else is using that port x11vnc will exit immediately. If you do not supply the -rfbport option, it will autoprobe starting at 5900 and work its way up to 5999 looking for a free port to listen on.
In that case, watch for the PORT=59xx line to see which port it found, then subtract 5900 from it for the VNC display number to enter into the VNC Viewer(s).
The "-N" option will try to match the VNC display number to the X display (e.g. X11 DISPLAY of :5 (port 6005) will have VNC display :5 (port 5905).)
Also see the "-autoport n" option to indicated at which value the auto probing should start at.
Send x11vnc to background
x11vnc -safer -forever -display :0 -rfbauth /home/terry/.vnc/passwd -bg
Go into the background after screen setup. Messages to stderr are lost unless -o logfile is used. Something like this could be useful in a script
port='ssh -t $host "x11vnc -display :0 -bg" | grep PORT' port='echo "$port" | sed -e 's/PORT=//'' port='expr $port - 5900' vncviewer $host:$port
Use SSH to tunnel VNC connection
ssh -t -L 5900:localhost:5900 far-host 'x11vnc -localhost -display :0'
VNC password file
The option "-rfbauth .vnc/passwd" provides additional protection by requiring a VNC password for every VNC viewer that connects. The vncpasswd or storepasswd programs, or the x11vnc -storepasswd option can be used to create the password file. x11vnc also has the slightly less secure -passwdfile and "-passwd XXXXX" options to specify passwords.
Very Important: It is up to YOU to tell x11vnc to use password protection (-rfbauth or -passwdfile), it will NOT do it for you automatically or force you to (use -usepw if you want to be forced to.) The same goes for encrypting the channel between the viewer and x11vnc: it is up to you to use ssh, stunnel, -ssl mode, a VPN, etc. (use the Enhanced TightVNC Viewer (SSVNC) GUI if you want to be forced to use SSL or SSH.) For additional safety, also look into the -allow and -localhost options and building x11vnc with tcp_wrappers support to limit host access.
Reference
http://www.karlrunge.com/x11vnc/
http://www.karlrunge.com/x11vnc/faq.html
https://help.ubuntu.com/community/VNC