What is VNC?

VNC (Virtual Network Computing) is a remote desktop software for several Operating Systems. It can be used for a single graphical application or for a full desktop session. Client and server interact over the Remote Framebuffer (RFB) Protocol. Technically the vncserver process on the target machine is an X-Server with a virtual display attached to it. The vncviewer on the client shows the content of this virtual display in his own window and transfers keyboard and mouse events to the vncserver.

How do I use VNC?

Starting the vncserver

The following instructions refer to the start of the VNC server via our wrapperscript vncserver in /usr/bin_override. You can check the correct path to this wrapper script with:

pmuster@zampano:~$ which vncserver
/usr/bin_override/vncserver
pmuster@zampano:~$ 

ssh to the target machine and start a vncserver. If you had never used vncserver before the startup of the vncserver process looks like this:

pmuster@zampano:~$ vncserver
Creating directory /home/pmuster/.vnc......
Creating startup_file /home/pmuster/.vnc/xstartup.xfce.....

You will require a password to access your desktops.

Password:
Verify:
Would you like to enter a view-only password (y/n)? n

New 'xfce' desktop is zampano:1

Creating default config /home/pmuster/.vnc/config
Starting applications specified in /home/pmuster/.vnc/xstartup.xfce
Log file is /home/pmuster/.vnc/zampano:1.log

pmuster@zampano:~$ 

In the output of the command the number after the colon of the hostname (zampano:1) is the virtual display number of your vncserver. You need this number to connect your vncviewer to the correct listening port of your vncserver and also to manually kill the vcnserver process.

If the .vnc subdirectory in your home does not exist in your home it is created at startup and you will be asked to define a password for accessing your server and another one for just observing without interacting. Also created is a default xstartup script which is executed by the vncserver:

pmuster@zampano:~$ cat .vnc/xstartup.xfce 
#!/bin/sh
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
unset DBUS_SESSION_BUS_ADDRESS
xsetroot -solid grey
export XKL_XMODMAP_DISABLE=1
WRAPPERDIR="/usr/bin_override"
#
/etc/X11/Xsession
#---------------------------------------------------------------------------------------------------------
# Automatically end the server process after desktop session logout
#---------------------------------------------------------------------------------------------------------
$WRAPPERDIR/vncserver -kill $DISPLAY
#
pmuster@zampano:~$ 

You can use vncserver [gnome|kde|special] at startup to use a different desktop session. If no specific desktop session is given then /etc/X11/Xsession with a default setting to Xfce4 will be used. The desktop type special selects the light desktop Fluxbox. To use a desktop outside from Xfce4, Gnome, KDE and Fluxbox please use "vncserver special" and edit the your xstartup.special file in ~/.vnc according to your needs.

Connecting the vncviewer

After the startup you can connect a vncviewer software on your client to your vncserver. On our managed linux clients the command is:

> vncviewer zampano:1

On our managed windows clients we can install the baramundi software RealVNC for you. In the connect-popup window you have to enter the base tcp port number 5900 plus the display number:

RealVNC Viewer is free software and can be downloaded from https://www.realvnc.com .

Terminating a vnc session

As already mentioned above if you are performing a normal desktop logout your vncserver process is killed by the terminating xstartup script and you need to start a new one for the next session. If you only terminate the vncviewer program your vncserver process remains active and you can reconnect your desktop session again.

To manually kill your vncserver on a host ssh to this host and enter the command:

> vncserver -kill :<display number>

VNC access from the internet

Due to security reasons the listening port of the vnc server is not directly reachable from a client in the internet. There are two possibilities to perform a vnc session to an ETH network internal host from the internet :

• Use the Cisco SSL-VPN client software of ID and connect the SSL-VPN adapter before starting the VNC viewer programm
• Access the VNC-server through an SSH-tunnel

VNC through SSH tunnel under Linux

1. Start VNC Server on remote host with the option -localhost

     $ ssh <remoteHost>                          // where <remoteHost> is the machine on which the application you want to start runs
     $ vncserver :<display#> -localhost          // where <display#> is a number between 1 and 99

   Attention! Always choose a strong password when starting vncserver. Otherwise, you'll make it trivial for intruders to hijack your account!
   
   

2. Start VNC viewer on your machine (Linux)

     $ vncviewer -via <remotehost>.ee.ethz.ch localhost:<display#>

   Mac users may establish the tunnel via SSH, then use "open vnc://localhost:PORT" to use the built-in VNC client.

VNC through SSH tunnel under Windows

1. Start VNC viewer on your machine (Windows with TightVNC and putty)
   
   Putty is the most popular free ssh client software on Windows. When you have configured a normal ssh session to the vnc server machine you can configure additional port forwards on the established ssh-connection. A tunnel configuration needs a local listening port and a destination on ssh server side.The destination could be localhost or another machine reachable by the ssh server machine.
   
   The following screeshots show how to configure an additional tunnel for connecting the local vnc-server on port 5901 of the ssh server machine:
   
   
   
   After clicking the "Add"-Button the putty window changes to:
   
   
   
   Don't forget to save the session if you want this tunnel to be permanently configured in this session.
   
   

   Now you can connect your vnc viewer programm to the configured listening port of the putty client on the client machine:
   
   
   
   

CategoryLXCL