[size=4]Connecting VNC Manager to vncserver on Linux[/size]
NOTE: This is a work in progress. Feel free to comment, correct, or add to it. Try it if you are unfamiliar with vncserver on Linux; report your success or failure; and offer suggestions for improvement, clarity, etc.
The intent of this document is to provide clear instructions on connecting VNC Manager to a vncserver running on Linux. Most Linux distributions have a packaged version of vncserver, although it is certainly possible to add a particular version of the vncserver, such as the TightVNC server. Redhat, Fedora, and derivatives (Centos, Whitebox) install vncserver when you install a GUI desktop (X11, Gnome, KDE, etc). As I can, I will try to add other Linux flavors (Gushing-Grape, Sticky-Pineapple, Panama-w/Purple-Hat-Band, and Mentos).
VNC behaves differently on Linux than it does on Windows. In Windows you can have multiple, simultaneous connections to a Windows VNC server, but each viewer sees the same desktop. Linux, on the other hand, can have multiple VNC sessions, each one viewing a different desktop. In this respect, vncserver behaves much like Windows in Terminal Server mode. On Linux, you can start vncserver in two different ways, just like you can in Windows — as a service or as a desktop application that you must start after each login. I will go through both methods.
If you have direct access to the computer that you want to control and are using a graphical Desktop, such as KDE or Gnome, you can use them to do your setup. If you are doing setup remotely or feel comfortable in a terminal session, use SSH to login and set up the vncserver.
You can do everything remotely using SSH. In fact, it is usually much quicker and easier. Editing any of the server configuration files, enabling or starting services, and changing the firewall requires root access. You also can use menu-based utilities to configure and adjust many of the Linux services.
A good way to begin is starting simply, and slowly adding complexity, as you gain understanding.
[size=4]LAUNCHING vncserver as an APPLICATION[/size]
Launching vncserver as an application with no firewall enabled is the simplest way to become familiar with connecting VNC Manager with vncserver on Linux.
Make sure that no firewall is enabled. It is usually enabled by default. In Redhat or Fedora, you can quickly disable the firewall:
First, login to the Linux computer.
In a terminal window or shell prompt, type
service iptables stop
To launch vncserver, Open a terminal window, and type,
vncserver
Response should be a password prompt, followed by a repeat password prompt.
After responding to the repeat the password prompt, you should see something like the following lines:
New 'server1.mydomain.com:1 (zarthan)' desktop is server1.mydomain.com:1
Starting applications specified in /home/zarthan/.vnc/xstartup
Log file is /home/zarthan/.vnc/server1.mydomain.com:1.log
Obviously, if you logged in as you, you will see your name instead of zarthan, and your computer is probably not server1.mydomain.com. The most important thing to notice is the “:1” after the server name. Depending on how many vncserver sessions you have launched, the number will change (like if you forgot to shut it down last login). You will need the number, when you connect from VNC Manager. “:1” corresponds to port 5901, “:2” to 5902, and so on.
If you have enough understanding, and you have left the Linux firewall turned on (it is on by default), you will also need to open a corresponding inbound port.
vncserver defaults to the X11 Desktop but can launch any installed desktop. If you have KDE installed, you also have X11 installed. If you want to change the default X11 Desktop, you must edit the xstartup file.
Assuming you have KDE installed and want it to start instead of X11, launch an editor, and open the .vnc/xstartup file. In the above example, vnc/xstartup file is in /home/zarthan/.vnc/xstartup (your location will be different depending on your home directory).
The last line in the default file is
twn &
Change the line to read
startkde &
To launch the Gnome Desktop, change the last line in the xstartup file to read
gnome-session &
With any change, you must stop the vncserver session and start it again
vncserver -kill:1
will stop the first vncserver session.
Execute vncserver to start it again.
[size=4]Launching vncserver As a Service[/size]
Current Redhat/Fedora/Centos/Whitebox, etc., distributions make it very easy to start vncserver as a service. Once configured, it will automatically start each time you start the computer. You should start with the manual method, as described above.
To have vncserver start each time, you must edit the configuration file. Launch an editor, and open the file, /etc/sysconfig/vncservers
You should see something similar to the following lines:
# The VNCSERVERS variable is a list of display:user pairs.
#
# Un-comment the line below to start a VNC server on display :1
# as my 'myusername' (adjust this to your own). You will also
# need to set a VNC password; run 'man vncpasswd' to see how
# to do that.
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted! For a secure way of using VNC, see
# .
#VNCSERVERS="1:myusername"
#VNCSERVERARGS[1]="-geometry 800x600"
I recommend that you add the following two lines to the bottom of the file:
VNCSERVERS="1:zarthan"
VNCSERVERARGS[1]="-geometry 1024x768"
or
VNCSERVERS="2:bobsmith"
VNCSERVERARGS[2]="-geometry 800x600"
Making sure to change the usernames to match your login names.
You can add additional vncserver sessions to this file. Make sure that each one uses a separate port. The 1:zarthan says, start a vncserver session on port 5901.
Note that the # symbol marks the line as, "ignore this line", so make sure it isn't at the beginning of the lines you add. Also note the caution about vnc being unsafe on an untrusted network. Consider all networks as untrusted. Fortunately, VNC Manager allows you to tunnel in through ssh, which makes vncserver very safe.
Once you have edited the file, you can start vncserver as a service. First, make sure you have stopped any existing vncserver sessions that may be running.
In a terminal window execute the following command:
vncserver -kill:all
This will stop any running vncserver session started from the command line.
To start vncserver as a service from the terminal window, execute the following command:
service vncserver start
To enable the vncserver service every time you start the computer from the terminal window, execute the following command:
chkconfig vncserver on
From the VNC Manager Manager Menu, select
Register New ComputerIn the Computer address textbox, type in the IP address or the name if it can be resolved by the DNS server.
Click the VNC Client Settings Button. Enter the password you entered, when you started vncserver, or you can leave it blank, and enter when prompted, as you connect. On this page you will need to change the port number to 5901 or the port your setup requires.
Click OK, and OK to complete the addition. You should be finished.
Double click on the computer you just added.
You should now be in a GUI session.
[size=4]ADDING SSH TUNNELING[/size]
VNC is very insecure as it comes, so use ssh tunneling to protect your VNC session. This will also let you re-enable the firewall. The ssh server is normally enabled and started, and ssh forwarding is also usually enabled.
Assuming that you already have made a successful connection to this server using earlier steps, you now are just adding the ssh tunneling. Performing all configuration on VNC Manager. Do the following steps to add ssh tunneling:
In VNC Manager, right-click on the server you want to configure.
Select, Properties.Under VNC Client Setting, click on the Settings button.
On the Firewall/Proxy/ssh tab, select ssh Tunneling.
In the Type: drop down box, enter the ssh server IP address or name. This MUST be identical to the Computer Address you entered for this connection.
Enter your login information, or leave it blank, and enter when prompted.
Now complete, you can OK everything.
Launch the connection. If all went well, you should be able to re-enable your firewall on the Linux server.