Professional Documents
Culture Documents
com
http://bobpeers.com/linux/vnc
The screen is pretty self explanatory but basically when set up this way another computer can connect to your computer using the command listed on the dialog. There are a few important things to note, you must open port 5900 on the server for this to work since by default the Gnome Remote Desktop (called vino) listens on this port, also the person connecting will see the same session that you are currently logged in as. This means that any programs you have open will also be visible to the client, of course this is very useful if you are helping someone remotely. A more flexible way to use VNC is to install the VNC server and client software via yum, these are rpm's based on RealVNC
(http://www.realvnc.com) .
Add a user(s)
Next we need to add at least 1 VNC user, open the file /etc/sysconfig/vncservers as root and add the information shown: $ vi /etc/sysconfig/vncservers # The VNCSERVERS variable is a list of display:user pairs. #
1 of 5
10/8/2011 10:50 AM
http://bobpeers.com/linux/vnc
# # # # # # # #
Uncomment the lines below to start a VNC server on display :2 as my 'myusername' (adjust this to your own). You will also need to set a VNC password; run 'man vncpasswd' to see how to do that. DO NOT RUN THIS SERVICE if your local area network is untrusted! For a secure way of using VNC, see <URL:http://www.uk.research.att.com/archive/vnc/sshvnc.html>.
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP. # Use "-nohttpd" to prevent web-based VNC clients connecting. # Use "-localhost" to prevent remote VNC clients connecting except when # doing so through a secure tunnel. See the "-via" option in the # `man vncviewer' manual page. VNCSERVERS="1:bobpeers" VNCSERVERARGS[1]="-geometry 1024x768 -depth 16" The important part is the VNCSERVERS="1:bobpeers", this sets up a users for the vnc server, you can add as many as you like here. The VNCSERVERARGS[1] line refers to the arguments for user 1, in this case the only user. Geometry sets the size and depth sets the colour depth, you can adjust these to suit your preferences but in my case the client machine has a resolution of 1024x768 and the depth 16 makes the connection a bit faster since the less information that needs to be sent the more responsive the session will feel.
Setting a password
To add some security we need to add a password that must be given before a connection can be established, open a terminal and type: $ vncpasswd Password: Verify: This creates a hidden folder called .vnc in your home folder containing the password file.
2 of 5
10/8/2011 10:50 AM
http://bobpeers.com/linux/vnc
#!/bin/sh # Uncomment the following two lines for normal desktop: unset SESSION_MANAGER exec /etc/X11/xinit/xinitrc [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic & xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" & twm & As the file says make sure the two lines at the top are uncommented by removing the leading # sign. Next we need to restart vncserver to pick up the changed we just made. To restart the vncserver we need to kill the process and start a new one as root: $ vncserver -kill :1 Killing Xvnc process ID 13728 $ vncserver :1 Starting VNC server: 1:bobpeers New 'linux.bobpeers:1 (bobpeers)' desktop is linux.bobpeers:1 Starting applications specified in /home/bobuser/.vnc/xstartup Log file is /home/bobuser/.vnc/linux.bobpeers:1.log [ OK ]
Using vncviewer
To start the viewer type: $ vncviewer localhost:5901 This open a dialog as shown for us to enter our password we set earlier, enter the password and you should now see a copy of your desktop. Note that unlike the Gnome Remote Desktop this has started a new session of X so any applications open on the host machine are not visible to the new session, it's basically a whole new logon running at the same time. If you just type 'vncviewer' at the prompt then you will asked for the host to connect to, then you can type localhost:5901 for example. Remember to use the correct port number when connecting, if you set your VNCSERVERS to be 2000:myname then you would need to connect on localhost:7900.
3 of 5
10/8/2011 10:50 AM
http://bobpeers.com/linux/vnc
So far we have only connected to our own computer using localhost so we have not needed to open any ports in the firewall, however if we want to allow remote connection we will have to do the following. This can either be done from the command line or using system-config-security if you have it installed.
Click on other ports at the bottom and enter the port you wish to open, 5901 in my case, select tcp, then click OK and OK again to save your settings. That's all there is to it, but remember to close the port again when you are finished.
4 of 5
10/8/2011 10:50 AM
http://bobpeers.com/linux/vnc
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT Finally we need to restart the iptables service to reload the changes. $ sudo /sbin/service iptables restart Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ] Applying iptables firewall rules: [ OK ] Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]
5 of 5
10/8/2011 10:50 AM