Using VNC Securely in The Oracle Cloud - A-Team Chronicles-Ole6

10/30/2020 Using VNC securely in the Oracle Cloud | A-Team Chronicles
A-Team Chronicles A-Team Chronicles
Best Practices from Oracle Development's A‑Team
TECHNOLOGIES / COMPUTE ... view more
April 29, 2016
Using VNC securely in the Oracle

Cloud
Roland Koenn
CONSULTING SOLUTION ARCHITECT
file:///D:/Doyensys EBS training documents/Using VNC securely in the Oracle Cloud _ A-Team Chronicles ole6.10.html 1/19
Introduction
Having access to a VM in the Cloud via VNC can be very useful in many
situations – e.g. most customers want to install software using GUI
based installer, e.g. Oracle Database etc. Using VNC the installation can
continue, even without being connected. The easiest way to achieve this
with a reliable and secure mechanism is to use VNC via a SSH Tunnel. In
this example a simple Oracle Compute Cloud VM is used to con gure a
Gnome Desktop & VNC Server. It has been created as shown in the
tutorial here. Most other VMs in the Oracle Cloud that run Oracle Linux
can be con gured in the same way, e.g. DBaaS VMs.
This tutorial is for Oracle Cloud Infrastructure - Classic. For Oracle Cloud
Infrastructure please
visit: h ps://cloud.oracle.com/iaas/whitepapers/run_graphical_apps_securely_on_oci.pdf
Configure SSH Tunnel

The SSH Tunnel is established using the Pu y Tool – alternatives will be
discussed later in this tutorial. Use the public IP address of the created
VM and give it the session a name.
Next expand the session tree on the left hand side and select the
category “Data” in the “Connection” branch. Per default Oracle Cloud
VMs are con gured with the user opc. For easier login enter “opc” in the
Auto-login username eld.
Expand the “SSH” branch and select “Tunnels”. Here enter 5901 as
source port and the Public IP of the VM in the format 1.1.1.1:5901. Here
5901 is the destination port. Click add.
All VNC tra c is routed through this SSH tunnel on Port 22, hence no
additional port needs to be opened via Security Lists. See this MOS
Note should you want to use iptables Doc ID 2102424.1.
Next navigate to “Auth” in the “SSH” branch and point to the private key
that has the authentication information as provided during the
provisioning of the VM. See this tutorial, if you are unsure which key to
use: SSH Keys
Finally navigate back to the “Session” category. Press the “Save” Bu on

and then press “Open” to establish the connection.
Configure VNC Server

If everything is con gured correctly you will be greeted by the usual
prompt.
Install the GNOME desktop via yum. To achieve this switch to the root
user and then use the groupinstall function for Oracle Linux 6:
sudo su -
yum -y groupinstall "Desktop"
For Oracle Linux 7 use:
sudo su - yum groups install "Server with GUI" --skip-broken
If you have issue with yum – follow this simple tutorial. If you have
problems try to disable or remove all existing yum repositories by
running:
rm -rf /etc/yum.repos.d/* yum clean all
Then rerun the steps in the tutorial.
Alternatively KDE desktop can be installed on OL6 using:
yum -y groupinstall kde-desktop
Make sure that there are no errors and look for the “Complete!”
message once everything is installed.
Install additional tools to help with your activities, like a browser (here
Firefox) or even an O ce Suite. Make sure to install the mesa-libGL
package to avoid a number of known issues. Most importantly install
“tigervnc-server” to allow access to the desktop.
yum -y install tigervnc-server
yum -y install firefox
yum -y install mesa-libGL
yum -y groupinstall "General Purpose Desktop"
After all packages are installed simply issue:
vncserver
This will start the VNC server with the default se ings, e.g. port 5901 for
display :1 etc. These se ings can be changed in the con guration le:
/home/opc/.vnc/xstartup.
Should you want to use iptables for a direct connection to the VM later,
also run:
iptables -I INPUT -m state --state NEW -p tcp --destination-port 5901 -j

ACCEPT
Connect to the VNC Server

Next start your local VNC viewer on your local client. The SSH tunnel
redirects the VNC output of your VM to your localhost on port 5901.
Hence enter localhost:5901 in the VNC Server eld and press “Connect”.
The rst time you connect you will be issued a warning, that the
connection is not encrypted. As we are using a SSH tunnel to encrypt
the tra c this warning can be ignored.
Enter the password you have selected for the VNC Server.
This will connect you to the Desktop. This Desktop will be active, even if
you disconnect the Pu y Session – this allows to resume work
comfortably.
To stop the VNC Server simply connect via pu y or open a terminal and
enter:
vncserver –kill :1
If you prefer to have a di erent resolution simply start the vncserver

using the geometry ag and the prefered resolution.
vncserver –kill :1
vncserver -geometry 1600x1200
Note that the Desktop has a timeout, after which the screen locks and
you have to authenticate via password, to set the password run:
sudo passwd opc
Further Reading
Con gure tigervnc-server on Oracle Linux 7 (Doc ID 2102424.1)
Access VNC Server Through A Web Browser (Doc ID 1555696.1)
Be the rst to comment
Comments ( 0 )
Recent Content
IDENTITY, ACCESS MANAGEMENT & IAAS IAAS

SECURITY Integrate Oracle Cloud Guard with Deploy machine
Push Cloud Guard Problems to External Systems Using OCI Events environment in
Splunk HEC with OCI SDK and Functions
I found myself c
Introduction Cloud Guard is an OCI Oracle Cloud Guard service was and tearing dow
Service for Security Posture released recently. It helps customers my machine lea
Management. Cloud Guard’s monitor their OCI resources and Each time, I wo
functionality is to assess, alert and maintain a strong security posture.
act on... For...
Site Map Legal Notices Terms of Use Privacy Cookie Preferences Ad Choices Oracle Content Marketing Login

Using VNC Securely in The Oracle Cloud - A-Team Chronicles-Ole6

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Using VNC Securely in The Oracle Cloud - A-Team Chronicles-Ole6

Uploaded by

Copyright:

Available Formats

10/30/2020 Using VNC securely in the Oracle Cloud | A-Team Chronicles

A-Team Chronicles A-Team Chronicles

Best Practices from Oracle Development's A‑Team

TECHNOLOGIES / COMPUTE ... view more

April 29, 2016

Using VNC securely in the Oracle

Configure SSH Tunnel

Finally navigate back to the “Session” category. Press the “Save” Bu on

Configure VNC Server

yum -y groupinstall "Desktop"

For Oracle Linux 7 use:

sudo su - yum groups install "Server with GUI" --skip-broken

rm -rf /etc/yum.repos.d/* yum clean all

Then rerun the steps in the tutorial.

Alternatively KDE desktop can be installed on OL6 using:

yum -y groupinstall kde-desktop

yum -y install tigervnc-server

yum -y install firefox

yum -y install mesa-libGL

yum -y groupinstall "General Purpose Desktop"

After all packages are installed simply issue:

iptables -I INPUT -m state --state NEW -p tcp --destination-port 5901 -j

Connect to the VNC Server

If you prefer to have a di erent resolution simply start the vncserver

vncserver -geometry 1600x1200

sudo passwd opc

Access VNC Server Through A Web Browser (Doc ID 1555696.1)

Be the rst to comment

IDENTITY, ACCESS MANAGEMENT & IAAS IAAS

You might also like