Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the RFB protocol (remote framebuffer) to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network.VNC is used to display an X windows session running on another computer. Unlike a remote X connection, the xserver is running on the remote computer, not on your local workstation. Your workstation ( Linux or Windows ) is only displaying a copy of the display ( real or virtual ) that is running on the remote machine.
1. Installing the required packages
To see if the server package ‘tigervnc-server’ is installed, run the command:
rpm -q tigervnc-server
The result will be either package tigervnc-server is not installed or something like tigervnc-server-1.0.90-0.17.20110314svn4359.el6.x86_64 (my machine that runs CentOS 6.3 64bit).
If the server is not installed, install it with the command:
yum install tigervnc-server
Make sure to install a window manager in order to get a full-featured GUI desktop. You can use the command yum groupinstall “GNOME Desktop Environment” to install the Gnome Desktop and requirements, for example. Other popular desktop environments are “KDE” and “XFCE-4.4″. XFCE is more light-weight than Gnome or KDE and available from the “extras” repository.
If you are a minimalist, or simply testing, however, it is sufficient to have yum install a simple XTERM client:
yum install xterm
If you are running CentOS 6, the command is:
yum groupinstall Desktop
If you are running CentOS 5, yum groupinstall “GNOME Desktop Environment” may complain about a missing libgaim.so.0. This is a known bug.
If you are running CentOS 6, Fedora 14,15,16,17, the server is: tigervnc-server not: vnc-server
2.0 Configuring un-encrypted VNC
In order to configure your VNC server, follow this steps:
- It is not recommended to have vnc access for root. Therefore create an account for vnc access.
- Set the password of the account.
- Edit the server configuration.
- Create and customize xstartup scripts.
- Configure the iptables to allow traffic for VNC
- Start the VNC service.
2.1. Create your VNC user
su - useradd vncuser passwd vncuser
2.2. Set your user’s VNC password
Switch user into the account for the vncuser, and run:
su - vncuser vncpasswd
This will ask you to enter a password and to confirm the password and it will create a .vnc directory.
su - vncuser cd .vnc ls
the output of the ‘ls’ command should be a file called ‘passwd’
2.3. Edit the server configuration
Edit /etc/sysconfig/vncservers, and add the following to the end of the file.
VNCSERVERS="1:vmuser" VNCSERVERARGS="-geometry 800x600"
‘vncuser’ will have an 800 by 600 screen.
2.4. Create xstartup scripts ( Skip this step for CentOS 6 )
The xstartup script is created by starting and stopping the vncserver as root.
/sbin/service vncserver start /sbin/service vncserver stop
Login to the ‘vncuser’ and edit the xstartup script.
cd .vnc ls
mymachine.localnet:1.log passwd xstartup
Edit xstartup. The original should look like:
#!/bin/sh # Uncomment the following two lines for normal desktop: # unset SESSION_MANAGER # exec /etc/X11/xinit/xinitrc [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic & xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" & twm &
Add the line indicated below to assure that an xterm is always present, and uncomment the two lines as directed if you wish to run the user’s normal desktop window manager in the VNC. Note that in the likely reduced resolution and color depth of a VNC window the full desktop will be rather cramped and a look bit odd. If you do not uncomment the two lines you will get a gray speckled background to the VNC window.
#!/bin/sh # Add the following line to ensure you always have an xterm available. ( while true ; do xterm ; done ) & # Uncomment the following two lines for normal desktop: unset SESSION_MANAGER exec /etc/X11/xinit/xinitrc [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic & xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" & twm &
2.5. Configure the iptables to allow traffic for VNC
VNC server listens on the following TCP ports:
=> VNC server on display 0 will listen on TCP ports 5800, 5900 and 6000
=> VNC server on display 1 will listen on TCP ports 5801, 5901 and 6001
=> VNC server on display N will listen on TCP ports 580N, 590N and 600N
In other words a VNC server listens for a VNC client on TCP ports 5800+N, 5900+N, and 6000+N where N is the display which starts at zero.
5800+N – Java-based vncviewer;
5900+N – VNC Client Port;
6000+N – X Server port.
The iptables rules in /etc/sysconfig/ need to be reconfigured to open the VNC ports; as needed, if a local ipv6 setup is being used, those need to be configured as well:
cat iptables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth1 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp -m multiport --dports 5801,5901,6001 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
… and then restart the iptables:
/sbin/service iptables restart
2.6. Start the VNC server
Start the vncserver as root.
/sbin/service vncserver start