Fedora VNC Server

Document Sample
Fedora VNC Server Powered By Docstoc
					Set up the VNC Server in Fedora                                                 



          Set up the VNC Server in Fedora
                                                    Published on Thursday, November 10th, 2005 at 4:28 pm by GNot.
                                                    Last Modified on Thursday, January 5th, 2006 at 6:09 pm by GNot.
                                          Tagged as Servers, HOWTO, Security, Encryption, Administration, Remote, Networking

          "Virtual Network Computing (VNC) is a desktop protocol to remotely control another computer. It transmits the keyboard presses and
          mouse clicks from one computer to another relaying the screen updates back in the other direction, over a network." -WikiPedia-

          This article describes in brief how to configure VNC server instances for one or multiple users on a remote machine, how to use VNC to
          start graphical applications on boot and finally how to enhance security by connecting to the server through encrypted SSH tunnels.


          A user account should exist on the remote machine.
          The RPM packages vnc-server and vnc should be installed on the remote machine and your workstation respectively.

          Setting up the server

          I assume that we have setup a remote user account, named "leopard" and we want to start an X session through VNC for this user.

          In Fedora Core or Red Hat based distros in general, all we have to do is define the VNC server instances in /etc/sysconfig/vncservers.
          These will be started by the vncserver initscript. This has to be done as root. Edit this file so that it contains the following:
          VNCSERVERARGS[3]="-geometry 1024x768 -depth 16"

          With these we define that a vnc server instance should be started as user leopard on display 3 and we also set some options for this server
          such as resolution and color depth. Each VNC server instance listens on port 5900 plus the display number on which the server runs. In
          our case, leopard’s vnc server would listen on port 5903.

          For multiple vnc instances /etc/sysconfig/vncservers would look like this:
          VNCSERVERS="1:tiger 2:albatros 3:leopard"
          VNCSERVERARGS[1]="-geometry 1024x768 -depth 16"
          VNCSERVERARGS[2]="-geometry 800x600 -depth 8"
          VNCSERVERARGS[3]="-geometry 1024x768 -depth 16"

          These would listen on ports 5901, 5902, 5903 respectively.

          User Configuration

          There is one more thing that needs to be done on the remote machine. User leopard’s vnc password needs to be set. So, as user leopard give
          the command:
          # vncpasswd

          We are prompted for a password. This is the password that we will use when we connect to leopard’s vnc server instance. This password is
          saved in /home/leopard/.vnc/passwd.

          Start the VNC server

          After the initial configuration is done we restart the vnc service. As root:
          # service vncserver restart

          To make VNC server to start on boot:
          # chkconfig vncserver on

          More User Configuration

          After the VNC service is started, some new files are created in /home/leopard/.vnc/ directory. These include leopard’s vnc server log file,

1 von 8                                                                                                                                        05.11.2006 22:45
Set up the VNC Server in Fedora                                                 

          pid file and an X startup script. As user leopard we edit the script in order to customize some settings. The default
          /home/leopard/.vnc/xstartup script contains some commands that are executed when the VNC server is started. These include:
          xsetroot -solid grey
          vncconfig -iconic &
          xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
          twm &

          xsetroot in this case sets the background color.
          vncconfig is a supplementary program that can be used to control the vnc server. Apart from this, when run without arguments it acts as a
          helper application and its main purpose is to provide support for clipboard transfers between the client (vncviewer) and the vnc server.
          xterm starts an xterm terminal.
          twm starts the X server’s default window manager. We probably want to change that to a more user friendly window manager, eg fluxbox.

          The VNC server, apart from letting us control a remote machine using a graphical interface, it serves as a way to start graphical
          applications on boot. For example, I want my favourite p2p program, amule, to start on boot. So, I add this to the
          /home/leopard/.vnc/xstartup script. This is how my xstartup file looks like:
          xsetroot -solid grey
          vncconfig -iconic &
          xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" -e ./menu &
          amule &
          fluxbox &

          menu is a script of mine that is executed when xterm is started.
          Remember to put the "&" symbol after each command, so that it goes to the background and the xstartup script continues on.

          Restart the VNC service for the changes to take effect. As root:
          # service vncserver restart

          Connect to the VNC server

          In our example, leopard’s vnc server listens for connections on port 5903. So, open this port in the remote machine’s firewall.

          We connect to the remote machine using a vnc viewer. Having installed the vnc package, connect to to the server with the following
          # vncviewer

          The general usage is :
          vncviewer [Server's IP]:[Port]:[Display]

          We are prompted for the password and eventually connect to the server. Closing the vncviewer’s window, does not affect the server or the
          programs we run on it. If we reconnect everything will be there.

          Special Note: There is no need, actually it’s pointless and could give you some trouble, to logoff from your remote X session. If this
          happens, generally you need to restart the VNC service on the remote machine to get your remote desktop back. If you want to stop working
          on your remote desktop, just close the vncviewer’s window and you are done.


          The VNC protocol is not a secure communication protocol. The use of a vnc password provides security at the level of server access (it’s
          vulnerable to brute-force attacks though), but the whole VNC session is transmitted in the clear, without encryption. The easiest, but most
          effective, way to secure our connection to the VNC server is to connect through an encrypted SSH tunnel. This way the whole session will
          be encrypted.

          The rest assume that you have the SSH server up and running on your remote machine ( and you know what SSH
          tunnels are.

          So, what we are going to do is to create an encrypted tunnel, and connect to our VNC server through it. We also want this tunnel to be
          automatically closed as soon as we shut down vncviewer. All this is done with the following command:
          # ssh -f -L 25903: sleep 10; vncviewer

          This is what it does:

                -L 25903: forwards our local port 25903 to port 5903 on the remote machine. In other words, it creates the tunnel.
                -f forks the SSH session to the background, while sleep is being executed on the remote machine. This ssh option is needed because
                we want to execute the following command (vncviewer) in the same local machine’s terminal.
                vncviewer connects to the forwarded local port 25903 in order to connect to the VNC server through the encrypted tunnel.

          The sleep command is of major importance in the above line as it keeps the encrypted tunnel open for 10 seconds. If no application uses it
          during this period of time, then it’s closed. Contrariwise, if an application uses it during the 10 sec period, then the tunnel remains open until
          this application is shut down. This way the tunnel is automatically closed at the time we close vncviewer’s window, without leaving any
          SSH processes running on our workstation. This is pure convenience!

2 von 8                                                                                                                                            05.11.2006 22:45
Set up the VNC Server in Fedora                                                         

          Using SSH tunnels to conect to your VNC server has two advantages:

              1. The whole session is encrypted.
              2. Keeping port 5903 open on your remote machine is no longer needed, since all take place through the SSH tunnel. So, noone will
                 know that you run a VNC server on the remote machine.

          Further Reading

          I recommend that you read the man pages. Everything is in there:
          #   man    vncserver
          #   man    Xvnc
          #   man    vncconfig
          #   man    vncviewer
          #   man    ssh


          Servers, HOWTO, Security, Encryption, Administration, Remote, Networking


          This work is published under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License.
          Please read the Disclaimer and Additional License Info.

          Special Thanks

          I need to publicly thank the following people or web sites:
          Tom Adelstein, Editor-in-Chief of, for adding this article as a news item into's newswire on his own initiative.
          Eugenia Loli-Queru, ex-Editor-in-Chief and now occasional contributor at, for approving this article as a news item after Rahul's submission.
          Thomas Chung, Editor of, for including an excerpt of this article as a news item in the Fedora Weekly News Issue 23 newsletter on his own
          Also: , Renato Murilo Langona from , Noel from , for their reference to this article the
          first days of its release.
          Finally, I thank all people who have provided their feedback or have pingbacked/trackbacked from their own weblogs.

                                                     Bookmark it: • digg • reddit • furl • blogmarks • blinklist

                                                                               Your feedback is welcome.

          34 Responses to “Set up the VNC Server in Fedora”

              1. polarizer Says:
                    November 14th, 2005 at 11:21 am

                    I utilize vnc for years now and want to point out that there are some other implementations, such as tightvnc[1] or ultravnc[2], works
                    better regarding bandwidth usage,visualisation or feature richness.


                    polarizers 2cent

              2. Norman Rasmussen Says:
                    November 14th, 2005 at 1:51 pm

                    If you want a ‘Terminal Services’ like login interface. I suggest you try out VNC Session Manager. It supports creating new sessions,
                    and disconnecting from them (and later reconnecting), etc.

              3. Bogdan Mustiata Says:
                    November 14th, 2005 at 2:44 pm

                    Or maybe it would be better to drop an eye on NX technology?

              4. polarizer Says:
                    November 14th, 2005 at 2:54 pm

                    Or on its free implementation at freeNX[1]


3 von 8                                                                                                                                                         05.11.2006 22:45