Linux VNC Configuration Usage Summary: Open + Desktop configuration + secure access

Source: Internet
Author: User
Tags server port ssh port

Operating Environment: CentOS 5.3 + Windows XP SP3 32bit + RealVNC 4.1.2 i386 + TigerVNC.

Reference: Xiaoxiang Hermit-linux System VNC Configuration Practice Summary, Sami's blog-VNC configuration, lone leaf wind chimes -linux open vncserver, Remote Desktop settings: Using putty for VNC + ssh tunneling

VNC is an open source Remote Desktop control software based on the RfB (remote FrameBuffer). at the moment, the original/T version is no longer in use, as more significant improvements have been made in the branched versions, such as Realvnc,vnc tight and UltraVNC. Real VNC is currently the most active and powerful mainstream application.

First, install the VNC Server

CentOS 5.3 Defaults to the installation of VNC and Vnc-server, which corresponds to the 4.1.2 version of RealVNC.

For Linux systems that do not have VNC installed, you can:

1, yum installation, CentOS 5.3 Yum originated with VNC and vnc-server;

Yum Install  Yuminstall vnc-server

2, can download from RealVNC official website, unzip the archive to get two RPM package, install Vnc-server can.

Second, configure the VNC Server

The configuration file for VNC server is/etc/sysconfig/vncservers, and the following two sentences are added at the end of the file:

 vncservers= "2:hubery" 
Vncservers= " 2 : Hubery #桌面分辨率为800 *600, prevents the graphics desktop from being accessed through the TCP port, not through the Web Access Vncserver, and cannot be secured remotely from Telnet.

about parameter configuration instructions:

1:-geometry represents the desktop resolution, which defaults to 1024x768.

The 2:-NOHTTPD indicates that the HTTP port (58XX) is not listening.

3:-nolisten TCP indicates that the TCP port is not listening (60XX)

4:-localhost only runs from native access.

5:alwaysshared only one Vncviewer connection is allowed by default, and this parameter indicates that the same display port allows multiple users to log in at the same time.

6:-depth color depth, parameters are 8,16,24,32.

7:securitytypes None login does not require password Authentication vncauth default value, to password authentication.

Since the root user is using the first VNC server, we added the server starting from 2, so here the desktop number is 2 and the user is hubery.

The starting port used by VNC is 5900 and 5800, the desktop number is 2 o'clock, and the VNC viewer accesses the port number that is 5902,web (Java) access is 5802.

The root user's configuration is also this file, to configure the need at the end of the file similarly add similar to the above two sentences.

Third, firewall configuration

If you are unfamiliar with the firewall iptables, you can turn it off (restart invalidation):

[Email protected] ~]# iptables-l

Or

[[Email protected] ~]# service iptables stop

However, it is generally not recommended to do so, we need to open some ports in the firewall:

5901:5902 -5901:5902 -j ACCEPT

Again, the above actions fail after the computer restarts, and the following actions save the configuration to the configuration file for permanent use:

[[Email protected] ~]# service Iptables Save

Iv. starting the VNC Server

You need to set an access password for remote control before starting the server:

[Email protected] ~]#suHubery[[email protected] root]$ vncpasswdpassword:verify:[[email protected] root]$ vncserver:2xauth:creating New Authorityfile/home/hubery/. Xauthoritynew'localhost:2 (hubery)'Desktop is localhost:2Creating default startup script/home/hubery/.vnc/xstartupstarting Applications specifiedinch/home/hubery/.vnc/XstartuplogfileIs/home/hubery/.vnc/localhost:2. Log[[email protected] root]$

Five, VNC Viewer Access

My VNC client is a TIGERVNC Viwer installed under Win XP and can be downloaded free of charge from its website. After installing the VNC viewer, it is accessed in the form of server_ip: desktop number.

Vi. Desktop configuration (optional)

The above configuration landed after the TWM desktop, looks like a terminal, but it is still the desktop, we can start the desktop application from the command line, such as Firefox, but the average person is not accustomed to use it, you can change other desktop? Of course, its configuration file is (user root directory) ~/.vnc/xstartup, change twm to gnome-session or STARTKDE can switch to GNOME or KDE.

#!/bin/SH# Uncomment the following and the lines fornormal desktop:# unset session_manager# exec/etc/x11/xinit/xinitrc[-x/etc/vnc/xstartup] && exec/etc/vnc/xstartup[-R $HOME/. Xresources] && Xrdb $HOME/. Xresourcesxsetroot-Solid Greyvncconfig-iconic &xterm-geometry 80x24+Ten+Ten-ls-title"$VNCDESKTOP Desktop"&# TWM&Gnome-session &

Restarting the service after switching is required:

[email protected]. vnc]# Service Vncserver Restart

Or

[email protected]. vnc]#suHubery[[email protected]. vnc]$ vncserver-Kill:2killing Xvnc process ID20353[email protected]. vnc]$ Vncserver:2New'localhost:2 (hubery)'Desktop is localhost:2starting applications specifiedinch/home/hubery/.vnc/XstartuplogfileIs/home/hubery/.vnc/localhost:2. Log[[email protected]. vnc]$


Using the viewer to re-login, you will find our familiar desktop back again:

Vii. Secure access to VNC (optional)

If you use Vncviewer directly for access, there are two disadvantages:
1. Password transmission is clear text and can be easily heard.
2. The firewall needs to open the 59xx port, which is not possible in the usual units.

Fortunately, we have SSH as a powerful tool, like X11 Forwarding (another article), we can use the SSH tunnel to protect the communication process, the following is a brief introduction.

I still use the Tiger VNC under Win XP to do the client, in fact, for Linux is also possible (more simple).

1, under the session configuration host name for the server ip,port SSH Port 22;

2, in connection-"ssh-" Tunnels configuration source port for the VNC server port number 5902,destination for localhost:5902, and add;

3, using Tigervnc Viewer access, the address is now localhost:2.

At this point, we use encrypted vnc, and we do not need to configure the firewall to open the port, that is, the use of SSH tunnel in the case of no step three is also valid.

Summary of VNC configuration usage in Linux: Turn on + Desktop configuration + secure access

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.