2007年11月24日

[Linux文件] VNC Server設定

What is VNC?

VNC stands for Virtual Network Computing. It is remote control software which
allows you to view and interact with one computer (the "server") using a
simple program (the "viewer") on another computer anywhere on the Internet.
The two computers don't even have to be the same type, so for example you can
use VNC to view an office Linux machine on your Windows PC at home. VNC is
freely and publicly available and is in widespread active use by millions
throughout industry, academia and privately.

For more information, please visit http://www.realvnc.com/

Do I have it in my system?

Type following command to check if you have the client and server installed
in your system.

[tchung@tchung101 tchung]$ rpm -q vnc vnc-server
[tchung@tchung101 tchung]$

To configure vncserver as a service on your system, add yourself in following
config file.

[tchung@tchung101 tchung]$ sudo vi /etc/sysconfig/vncservers

# The VNCSERVERS variable is a list of display:user pairs.
# Uncomment the line below to start a VNC server on display :1
# as my 'myusername' (adjust this to your own). You will also
# need to set a VNC password; run 'man vncpasswd' to see how
# to do that.
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted! For a secure way of using VNC, see
# URL:http://www.uk.research.att.com/vnc/sshvnc.html

# VNCSERVERS="1:myusername"

Before starting vncserver as a service, let's create a vnc password with
vncpasswd command.
Notice it creates a hidden directory .vnc under your home account with file
passwd which contains your vnc password.

[tchung@tchung101 tchung]$ vncpasswd
[tchung@tchung101 tchung]$ ls -d .vnc
[tchung@tchung101 tchung]$ ls .vnc
[tchung@tchung101 tchung]$

Now let's start vncserver as a service.

[tchung@tchung101 tchung]$ sudo /sbin/service vncserver start
Starting VNC server: 1:tchung [ OK ]
[tchung@tchung101 tchung]$

Take a look at the contents of .vnc directory now. You should have something
similiar to following.

[tchung@tchung101 tchung]$ cd .vnc
[tchung@tchung101 .vnc]$ ls
passwd tchung101:1.log tchung101:1.pid xstartup
[tchung@tchung101 .vnc]$

If you edit the script called xstartup, you will notice following comment in
Uncomment those two lines in red as shown below!!! Otherwise, you will get
nothing but grey screen.


# Uncomment the following two lines for normal desktop:

exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

Since we've just edited vnc startup script, let's restart the vncserver.

[tchung@tchung101 tchung]$ sudo /sbin/service vncserver restart
Shutting down VNC server: 1:tchung [ OK ]
Starting VNC server: 1:tchung [ OK ]
[tchung@tchung101 tchung]$

So how do I connect to vncserver? Use vncviewer command in vnc client as

[tchung@tchung101 tchung]$ vncviewer localhost:1

Enter your vnc password and here is the result: Screenshot
To connect to a remote system with firewall, port 5901 needs to be open.
Add following line in red to open port 5901 and restart iptables service.

[tchung@tchung101 tchung]$ sudo vi /etc/sysconfig/iptables

# Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

[tchung@tchung101 tchung]$ sudo /sbin/service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
[tchung@tchung101 tchung]$

TIP by Forrest Taylor

To enable two different users in vncservers:

VNCSERVERS="1:tchung 2:thomasc"

You will, of course have to run vncpasswd for both users. Also in your
firewall update, you may want to clarify that VNC uses port 5901 for
connection 1. If you had both users above, you would have to have ports 5901
and 5902 open.

