Difference between revisions of "VNC"
(13 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Category:Engineering]] | [[Category:Engineering]] | ||
− | == Share | + | == Create a new X11 display and share via VNC == |
− | If you want to expose | + | |
+ | This creates a new X11 display that is shared via VNC: | ||
+ | |||
+ | <pre> | ||
+ | vncserver | ||
+ | </pre> | ||
+ | |||
+ | Set the virtual display size to 800x600: | ||
+ | |||
+ | <pre> | ||
+ | vncserver -geometry 800x600 -depth 24 | ||
+ | </pre> | ||
+ | |||
+ | === vncserver without a password === | ||
+ | |||
+ | You may want to create a VNC display that does not require a password to connect. To set no password you need to run start `vncserver` with the following option, '''-SecurityTypes None'''. This is actually an option that is passed from `vncserver` to `Xvnc`. '''Not all versions of Xvnc support the "SecurityTypes" option'''. TightVNC 1.3.9 '''does not'''. RealVNC supports the "SecurityTypes" option, but you may need to use `vnc4server` instead of `vncserver` to start the VNC server. In the example below I use `vnc4server`. | ||
+ | |||
+ | <pre> | ||
+ | vnc4server -geometry 800x600 -depth 24 -SecurityTypes None | ||
+ | </pre> | ||
+ | |||
+ | == Share an existing X11 desktop through VNC == | ||
+ | If you want to expose a running X11 session over VNC use `x11vnc`. | ||
=== simple === | === simple === | ||
Just run it from the command-line with no arguments and then anyone can use a vnc client to use your desktop: | Just run it from the command-line with no arguments and then anyone can use a vnc client to use your desktop: | ||
− | + | <pre> | |
+ | x11vnc | ||
+ | </pre> | ||
=== add a password === | === add a password === | ||
If you want to add a password to make it a little more secure: | If you want to add a password to make it a little more secure: | ||
− | + | <pre> | |
− | + | x11vnc -passwd MYPASSWORD | |
+ | </pre> | ||
It has lots of options to make password connections more secure, but this | It has lots of options to make password connections more secure, but this | ||
Line 22: | Line 47: | ||
If you want to keep the server running so that you can connect multiple times | If you want to keep the server running so that you can connect multiple times | ||
then use the -forever option. | then use the -forever option. | ||
− | + | <pre> | |
− | + | x11vnc -forever | |
+ | </pre> | ||
=== .x11vncrc === | === .x11vncrc === | ||
You can save all these options in a dotfile called .x11vncrc: | You can save all these options in a dotfile called .x11vncrc: | ||
− | + | <pre> | |
+ | forever # keep listening for new connections after a client disconnects. | ||
+ | </pre> | ||
+ | |||
+ | === SSH Tunneling Simple === | ||
+ | This is about the easiest way to connect to a remote machine desktop behind a firewall via VNC. | ||
+ | In this exmaple, the remote server is called "remotehost.example.com". | ||
+ | Login to the remote server and start `vncserver`. | ||
+ | <pre> | ||
+ | vncserver -SecurityTypes None | ||
+ | </pre> | ||
+ | You will get a response showing the display number. | ||
+ | <pre> | ||
+ | New 'remotehost:1 (username)' desktop is remotehost:1 | ||
+ | </pre> | ||
+ | On your local server start `xvncviewer` with the -via option. | ||
+ | Use the same display number found above with the localhost. | ||
+ | <pre> | ||
+ | xvncviewer -via remotehost.example.com localhost:1 | ||
+ | </pre> | ||
+ | |||
+ | This automatically sets up local to remote port forwarding. | ||
+ | Note that this is best for quick, one-time use sessions because | ||
+ | there is no encryption and no password is required to connect. | ||
− | === SSH Tunneling === | + | === SSH Tunneling Longer === |
− | Say you want to see the X11 desktop of a remote machine. | + | Say you want to see the existing X11 desktop of a remote machine behind a firewall. The following command does two things. It creates a tunnel for port 5900 between the remote and local host. It also starts x11vnc on the remote host. |
− | |||
− | + | <pre> | |
+ | ssh -L 5900:localhost:5900 username@remote.example.com 'x11vnc -rfbport 5900 -display :0 -localhost' | ||
+ | </pre> | ||
Now fire up a vnc viewer on your local host: | Now fire up a vnc viewer on your local host: | ||
+ | <pre> | ||
+ | vncviewer localhost:0 | ||
+ | </pre> | ||
+ | |||
+ | Note that you must have port 5900 free on both the remote and local hosts. | ||
− | + | X11vnc actually defaults to 5900, so you don't need to specify the '''-rfbport''' option, but if you do not specify this option and port 5900 is not free then `x11vnc` will automatically pick another port. When you explicitly ask for a port then `x11vnc` will alert you with an error if the port is not free. | |
== text mode VNC == | == text mode VNC == | ||
Use linuxvnc to expose a text terminal to VNC clients. | Use linuxvnc to expose a text terminal to VNC clients. | ||
See also vncommand. | See also vncommand. | ||
− | == Errors == | + | == VNC Errors == |
=== channel 2: open failed: connect failed: Connection timed out === | === channel 2: open failed: connect failed: Connection timed out === | ||
+ | |||
+ | This is almost certainly due to a firewall restriction on the remote hosts that blocks the VNC port even for localhost connections. Check the iptables on the remote host for restrictions: `iptables -L`. | ||
+ | |||
+ | You may not see this error immediately. Running vncviewer may appear to freeze | ||
+ | and do nothing. It will time-out after a few minutes. The annoying thing is | ||
+ | that the SSH tunnel will not fail despite the fact that iptables is blocking | ||
+ | connections to the localhost. | ||
+ | |||
+ | === vncserver: couldn't find "xauth" on your PATH. === | ||
+ | The PATH on the remote server was not set. Envoke the remote command | ||
+ | something like this: | ||
+ | <pre> | ||
+ | 'PATH=/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin vncserver' | ||
+ | </pre> | ||
+ | SSH starts the remote command without envoking your environment, so | ||
+ | you not have /usr/X11RB/bin in the PATH. Run `which xauth` to be sure you have to corrent path. |
Latest revision as of 10:13, 28 September 2010
Contents
This creates a new X11 display that is shared via VNC:
vncserver
Set the virtual display size to 800x600:
vncserver -geometry 800x600 -depth 24
vncserver without a password
You may want to create a VNC display that does not require a password to connect. To set no password you need to run start `vncserver` with the following option, -SecurityTypes None. This is actually an option that is passed from `vncserver` to `Xvnc`. Not all versions of Xvnc support the "SecurityTypes" option. TightVNC 1.3.9 does not. RealVNC supports the "SecurityTypes" option, but you may need to use `vnc4server` instead of `vncserver` to start the VNC server. In the example below I use `vnc4server`.
vnc4server -geometry 800x600 -depth 24 -SecurityTypes None
If you want to expose a running X11 session over VNC use `x11vnc`.
simple
Just run it from the command-line with no arguments and then anyone can use a vnc client to use your desktop:
x11vnc
add a password
If you want to add a password to make it a little more secure:
x11vnc -passwd MYPASSWORD
It has lots of options to make password connections more secure, but this works well enough for a quick and dirty session.
Keep Listening
After the first client connection has exited x11vnc will also exit. If you want to keep the server running so that you can connect multiple times then use the -forever option.
x11vnc -forever
.x11vncrc
You can save all these options in a dotfile called .x11vncrc:
forever # keep listening for new connections after a client disconnects.
SSH Tunneling Simple
This is about the easiest way to connect to a remote machine desktop behind a firewall via VNC. In this exmaple, the remote server is called "remotehost.example.com". Login to the remote server and start `vncserver`.
vncserver -SecurityTypes None
You will get a response showing the display number.
New 'remotehost:1 (username)' desktop is remotehost:1
On your local server start `xvncviewer` with the -via option. Use the same display number found above with the localhost.
xvncviewer -via remotehost.example.com localhost:1
This automatically sets up local to remote port forwarding. Note that this is best for quick, one-time use sessions because there is no encryption and no password is required to connect.
SSH Tunneling Longer
Say you want to see the existing X11 desktop of a remote machine behind a firewall. The following command does two things. It creates a tunnel for port 5900 between the remote and local host. It also starts x11vnc on the remote host.
ssh -L 5900:localhost:5900 username@remote.example.com 'x11vnc -rfbport 5900 -display :0 -localhost'
Now fire up a vnc viewer on your local host:
vncviewer localhost:0
Note that you must have port 5900 free on both the remote and local hosts.
X11vnc actually defaults to 5900, so you don't need to specify the -rfbport option, but if you do not specify this option and port 5900 is not free then `x11vnc` will automatically pick another port. When you explicitly ask for a port then `x11vnc` will alert you with an error if the port is not free.
text mode VNC
Use linuxvnc to expose a text terminal to VNC clients. See also vncommand.
VNC Errors
channel 2: open failed: connect failed: Connection timed out
This is almost certainly due to a firewall restriction on the remote hosts that blocks the VNC port even for localhost connections. Check the iptables on the remote host for restrictions: `iptables -L`.
You may not see this error immediately. Running vncviewer may appear to freeze and do nothing. It will time-out after a few minutes. The annoying thing is that the SSH tunnel will not fail despite the fact that iptables is blocking connections to the localhost.
vncserver: couldn't find "xauth" on your PATH.
The PATH on the remote server was not set. Envoke the remote command something like this:
'PATH=/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin vncserver'
SSH starts the remote command without envoking your environment, so you not have /usr/X11RB/bin in the PATH. Run `which xauth` to be sure you have to corrent path.