** Preface **
Two common remote management tools in Linux: CLI-based SSH and GUI-based VNC
** Basic concepts of remote management **
For the computers we use, if it is a personal computer, there is no remote management concept. We can use it when we want to use it, but for our servers, the difference is that the servers are generally placed in our IDC, and we usually cannot directly access the server hardware. If we want to operate the servers, we can only control our servers through remote management.
{{{
Currently, our common remote management and control methods are as follows:
1. RDP (remote desktop protocol) protocol remote desktop protocol. Our common windows operating system is remote desktop management based on this protocol. For more information about RDP protocol, see Baidu Baike RDP.
2. The remote management tool on the telnet CLI interface has a long history and is available in almost all operating systems. (telnet transmits data in plaintext, no encryption, so almost no telnet is used for remote management.) telnet
3. SSH (Secure Shell) remote management tools on the CLI interface are available in almost all operating systems (Unlike telnet, SSH encrypts data during data transmission, SSH is a secure protocol. Almost all UNIX-like operating systems use SSH for remote management (such as Linux, BSD, and Mac OS ). SSH
4. RFB (Remote FrameBuffer) graphical Remote management protocol. VNC (Virtual Network Computing) is based on this protocol, the SSH mentioned above is a common remote management method on the CLI interface in UNIX-like mode. Therefore, graphical remote management tools are also available in UNIX-like operating systems, VNC is a common graphical remote management tool in UNIX-like systems.
}}}
** SSH **
The SSH (Secure Shell) protocol is the most common remote CLI management protocol for Linux, Unix, Mac, and other network devices, during SSH data transmission, asymmetric encryption algorithms are used to encrypt data to ensure the security of remote data management.
SSH2 is a widely used ssh version. The SSH protocol is TCP, and the port number occupied is 22.
In most Linux versions, openssh is used by default.
** VNC **
VNC (Virtual Network Computing) is a common graphical remote management tool in Linux systems (such as BSD and Mac). It uses RFB protocol.
Like SSH, VNC is also divided into clients and servers. We install the VNC server on the server to be remotely accessed, and connect the client program for installing VNC on other computers.
In CentOS 6/RHEL 6, tigervnc is used as the built-in VNC tool. By default, this tool is not installed. If we want to use the VNC service, follow these steps:
① First, we need to install tigervnc through yum.
{{{
[Root @ localhost ~] # Yum install tigervnc-server
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* Base: centos.ustc.edu.cn
* Extras: ipv01.idc.hinet.net
* Updates: centos.ustc.edu.cn
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package tigervnc-server.x86_64. 1.0-5. el6_4.1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
========================================================== ==========================================================
Package Arch Version Repository Size
========================================================== ==========================================================
Installing:
Tigervnc-server x86_64 1.1.0-5. el6_4.1 updateles 1.1 M
Transaction Summary
========================================================== ==========================================================
Install 1 Package (s)
Total download size: 1.1 M
Installed size: 2.9 M
Is this OK [y/N]: y
Downloading Packages:
Tigervnc-server-1.1.0-5.el6_4.1.x86_64.rpm | 1.1 MB
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: tigervnc-server-1.1.0-5.el6_4.1.x86_64 1/1
Verifying: tigervnc-server-1.1.0-5.el6_4.1.x86_64 1/1
Installed:
Tigervnc-server.x86_64 1.0-5. el6_4.1
Complete!
}}}
② After installing the tigervnc-server program, we need to configure it. The configuration file is/etc/sysconfig/vncservers.
{{{
[Root @ localhost ~] # Cat/etc/sysconfig/vncservers
# The VNCSERVERS variable is a list of display: user pairs.
#
# Uncomment the lines below to start a VNC server on display: 2
# As my 'myusername' (adjust this to your own). You will also
# Need to set a VNC password; run 'Man vncpasswd' to see how
# To do that.
#
# Do not run this service if your local area network is
# Untrusted! For a secure way of using VNC, see this URL:
# Http://kbase.redhat.com/faq/docs/DOC-7028
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
# Use "-localhost" to prevent remote VNC clients connecting tables T when
# Doing so through a secure tunnel. See the "-via" option in
# 'Man vncviewer 'manual page.
# VNCSERVERS = "2: myusername"
# VNCSERVERARGS [2] = "-geometry 800x600-nolisten tcp-localhost"
}}}
We can see that this configuration file does not have any configuration information by default, so if we need to use the VNC service, we need to modify its configuration information:
{{{
[Root @ xiaoluo ~] # Vi/etc/sysconfig/vncservers
# The VNCSERVERS variable is a list of display: user pairs.
#
# Uncomment the lines below to start a VNC server on display: 2
# As my 'myusername' (adjust this to your own). You will also
# Need to set a VNC password; run 'Man vncpasswd' to see how
# To do that.
#
# Do not run this service if your local area network is
# Untrusted! For a secure way of using VNC, see this URL:
# Http://kbase.redhat.com/faq/docs/DOC-7028
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
# Use "-localhost" to prevent remote VNC clients connecting tables T when
# Doing so through a secure tunnel. See the "-via" option in
# 'Man vncviewer 'manual page.
# VNCSERVERS = "2: myusername"
# VNCSERVERARGS [2] = "-geometry 800x600-nolisten tcp-localhost"
VNCSERVERS = "1: ly" // add this configuration after the configuration file, VNCSERVERS = "1: ly ", the content in the quotation marks indicates the user I want to enable the service for. 1 is actually equivalent to the port number. For example, if I want to enable a VNC service for the first user xiaoluo, the port number is 1, if you want to add a VNC service to another user, add the service later. For example, VNCSERVERS = "1: ly 2: root". Then, we have two VNC services, one is logged on by the ly user, and the other is logged on by the root user.
}}}
③ After the configuration, the VNC still needs to have a separate VNC password. Therefore, we need to create a separate VNC password for each user who enables the VNC service, and run the vncpasswd command ** ([note:] you must switch to this user. Otherwise, the VNC service cannot be started ):**
{{{
[Root @ localhost ~] # Su-ly
[Ly @ localhost ~] $ Vncpasswd
Password:
Verify:
}}}
④ After setting a separate VNC password for the user, we will start the vncserver service at this time.
{{{
[Root @ localhost ~] # Service vncserver start
Starting VNC server: 1: root
WARNING: The first attempt to start Xvnc failed, possibly because the font
Catalog is not properly configured. Attempting to determine an appropriate
Font path for this system and restart Xvnc using that font path...
Cocould not start Xvnc.
/Usr/bin/Xvnc: symbol lookup error:/usr/bin/Xvnc: undefined symbol: pixman_composite_trapezoids
/Usr/bin/Xvnc: symbol lookup error:/usr/bin/Xvnc: undefined symbol: pixman_composite_trapezoids
[FAILED]
}}}
An error is reported when an error is detected during startup. After searching, you need to add three packages to solve the problem.
{{{
Yum install pixman-devel libXfont
}}}
Restart. If OK is found, the startup is successful.
{{{
[Root @ localhost ~] # Service vncserver start
Starting VNC server: 1: ly xauth: (stdin): 1: bad display name "ly: 1" in "add" command
New 'ly: 1 (ly) 'desktop is ly: 1
Creating default startup script/home/ly/. vnc/xstartup
Starting applications specified in/home/ly/. vnc/xstartup
Log file is/home/ly/. vnc/ly: 1.log
[OK]
}}}
⑤ We usually need to disable iptables or clear the rules in it, or add a rule in iptables. Otherwise, you cannot remotely log on to the vnc server through the vnc client.
Relationship between the port number used by the VNC service and the desktop number
{{{
The port number used by the VNC service is related to the desktop number. The VNC uses the TCP port starting from 5900. The corresponding relationship is as follows:
Desktop number is "1" ---- port number is 5901
Desktop number "2" ---- port number is 5902
Desktop number "3" ---- port number is 5903
......
The TCP port of the Java-based VNC client Web service starts from 5800 and is also related to the desktop number. The corresponding relationship is as follows:
Desktop number is "1" ---- port number is 5801
Desktop number "2" ---- port number is 5802
Desktop number "3" ---- port number is 5803
......
Based on the above introduction, if the firewall function is enabled in Linux, you need to manually enable the corresponding Port. For example, to enable the corresponding port with the desktop number "1", the command is as follows:
[Root @ testdb ~] # Iptables-I INPUT-p tcp -- dport 5901-j ACCEPT
[Root @ testdb ~] # Iptables-I INPUT-p tcp -- dport 5801-j ACCEPT
}}}
At this time, we have configured the VNC server. Next we can install the VNC client to remotely log on. For the VNC client program, the Linux, Mac, Windows and other operating system platform has a client program, I download here is the windows vnc client to remotely log on to our CentOS server host, download address is as follows: http://www.realvnc.com/download/vnc/
After the download is complete, click Install. During the installation process, we are prompted to register. After we register on its official website, enter the registration code and start our VNC client program, the interface is as follows:
On the VNC Server, enter the IP address of the host that we want to remotely log on to. [note:] (enter the IP address and port number here, do you still remember the VNC master configuration file we just configured on the VNC server? Yes, we have defined a port number for each service that needs to enable VNC. For example, the port number 1 is logged on as ly user.) then Click Connect.
We will be prompted to connect to the host 172.25.215.40: 1. Click "Continue:
At this time, I am prompted to enter the password of the user whose port number is 1. Note that this password is the VNC password of the personal user we created above. After entering the password, click OK.
At this time, we found that we have remotely logged on to our CentOS host using the GUI. Here, we need to enter the password of the root user, and we can enter the password for authorization, then click Authenticate (the first remote login will prompt us to enter the root password for authorization. You do not need to enter the root password when logging on again)
At this point, we found that we have remotely logged on to our host through the graphical interface. We can perform any operation within the permitted range, just like directly using the server.