HowTo: Install VNC Server on CentOS 6/5 RHEL, Fedora

| September 21, 2012 | 0 Comments

Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the RFB protocol (remote framebuffer) to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network.VNC is used to display an X windows session running on another computer. Unlike a remote X connection, the xserver is running on the remote computer, not on your local workstation. Your workstation ( Linux or Windows ) is only displaying a copy of the display ( real or virtual ) that is running on the remote machine.

1. Installing the required packages

To see if the server package ‘tigervnc-server’ is installed, run the command:

rpm -q tigervnc-server

The result will be either package tigervnc-server is not installed or something like tigervnc-server-1.0.90-0.17.20110314svn4359.el6.x86_64 (my machine that runs CentOS 6.3 64bit).

If the server is not installed, install it with the command:

yum install tigervnc-server

Make sure to install a window manager in order to get a full-featured GUI desktop. You can use the command yum groupinstall “GNOME Desktop Environment” to install the Gnome Desktop and requirements, for example. Other popular desktop environments are “KDE” and “XFCE-4.4″. XFCE is more light-weight than Gnome or KDE and available from the “extras” repository.

If you are a minimalist, or simply testing, however, it is sufficient to have yum install a simple XTERM client:

yum install xterm

If you are running CentOS 6, the command is:

yum groupinstall Desktop

If you are running CentOS 5, yum groupinstall “GNOME Desktop Environment” may complain about a missing libgaim.so.0. This is a known bug.

If you are running CentOS 6, Fedora 14,15,16,17, the server is: tigervnc-server not: vnc-server

2.0 Configuring un-encrypted VNC

In order to configure your VNC server, follow this steps:

  1. It is not recommended to have vnc access for root. Therefore create an account for vnc access.
  2. Set the password of the account.
  3. Edit the server configuration.
  4. Create and customize xstartup scripts.
  5. Configure the iptables to allow traffic for VNC
  6. Start the VNC service.
2.1. Create your VNC user

As root:

su -
useradd vncuser
passwd vncuser
2.2. Set your user’s VNC password

Switch user into the account for the vncuser, and run:

su - vncuser
vncpasswd 

This will ask you to enter a password and to confirm the password and it will create a .vnc directory.

su - vncuser
cd .vnc
ls

the output of the ‘ls’ command should be a file called ‘passwd’

2.3. Edit the server configuration

as root:

Edit /etc/sysconfig/vncservers, and add the following to the end of the file.

VNCSERVERS="1:vmuser"
VNCSERVERARGS[1]="-geometry 800x600"

‘vncuser’ will have an 800 by 600 screen.

2.4. Create xstartup scripts ( Skip this step for CentOS 6 )

The xstartup script is created by starting and stopping the vncserver as root.

/sbin/service vncserver start
/sbin/service vncserver stop

Login to the ‘vncuser’ and edit the xstartup script.

cd .vnc
ls

output:

mymachine.localnet:1.log  passwd  xstartup

Edit xstartup. The original should look like:

#!/bin/sh
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

Add the line indicated below to assure that an xterm is always present, and uncomment the two lines as directed if you wish to run the user’s normal desktop window manager in the VNC. Note that in the likely reduced resolution and color depth of a VNC window the full desktop will be rather cramped and a look bit odd. If you do not uncomment the two lines you will get a gray speckled background to the VNC window.

#!/bin/sh
# Add the following line to ensure you always have an xterm available.
( while true ; do xterm ; done ) &
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &
2.5. Configure the iptables to allow traffic for VNC

VNC server listens on the following TCP ports:

=> VNC server on display 0 will listen on TCP ports 5800, 5900 and 6000
=> VNC server on display 1 will listen on TCP ports 5801, 5901 and 6001
=> VNC server on display N will listen on TCP ports 580N, 590N and 600N

In other words a VNC server listens for a VNC client on TCP ports 5800+N, 5900+N, and 6000+N where N is the display which starts at zero.

5800+N – Java-based vncviewer;
5900+N – VNC Client Port;
6000+N – X Server port.

The iptables rules in /etc/sysconfig/ need to be reconfigured to open the VNC ports; as needed, if a local ipv6 setup is being used, those need to be configured as well:

cat iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -m multiport --dports 5801,5901,6001 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

… and then restart the iptables:

/sbin/service iptables restart
2.6. Start the VNC server

Start the vncserver as root.

/sbin/service vncserver start
Be Sociable, Share!

Tags: , , , , , , , ,

Category: HowTo

Leave a Reply

Your email address will not be published. Required fields are marked *