Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

VNC -- The Essential Sysadmin Tool

News Recommended Links Recommended Articles Solaris main page Xwindows X11VNC on Solaris
Rc scripts VNC installation & configuration VNC on Solaris VNC on Linux VNC for Windows Etc

VNC stands for Virtual Network Computing. This great tool was developed at AT&T Laboratories in Cambridge, England. This tool should be in every sysadmins arsenal.

VNC is a  network graphics protocol (applications running on one computer but displaying their windows on another) in the spirit of X, however, unlike X, the viewing-end is very simple and maintains no state.

It is a remote framebuffer (RFB) protocol. Some VNC links:

For Unix, the traditional VNC implementation includes a "virtual" X11 server Xvnc (usually launched via the vncserver command) that is not associated with a physical display, but provides a "fake" one X11 clients (xterm, mozilla, etc.) can attach to. A remote user then connects to Xvnc via the VNC client vncviewer from anywhere on the network to view and interact with the whole virtual X11 desktop.

The VNC protocol is in most cases better suited for remote connections with low bandwidth and high latency than is the X11 protocol because it involves far fewer "roundtrips" (an exception is the cached pixmap data on the viewing-end provided by X). Also, with no state maintained the viewing-end can crash, be rebooted, or relocated and the applications and desktop continue running. Not so with X11.

So the standard Xvnc/vncserver program is very useful for things like:

However, sometimes one wants to connect to a real X11 display (i.e. one attached to a physical monitor, keyboard, and mouse: a Workstation or a SunRay session) from far away. Maybe you want to close down an application cleanly rather than using kill, or want to work a bit in an already running application, or would like to help a distant colleague solve a problem with their desktop, or would just like to work out on the deck for a while. This is where x11vnc is useful.

VNC is perfect for those who use Windows desktop to manage Unix servers. It not only allows you to view other Unix desktop from PC and other architectures that do not have X it also have several additional benefits.  One of the most important is that it preserves state of the session.  So if you left your office and reconnect from home the session will be at the state you left it up to the last cursor position. That saves a lot of time if you administer multiple servers.

Being able to access a user’s desktop remotely is also very important for network administrators, as they don’t have to run around all over the place doing troubleshooting. There are various commercial packages that have been providing this capability for a long time (pcAnywhere was available for DOS, Hummingbird is 10 years old, etc).  Win XP Professional has Remote Desktop Connection and Remote Assistance that allows you to access the machine remotely, whether over a LAN or even the Internet.  And this is a high quality free product that works for Unix.

It is, in essence, a remote display system which allows you to view a whole computing 'desktop' environment.

VNC is very similar to Windows Terminal Services. There are, however, some key differences, such as:

Although VNC is great, it does not make an efficient use of bandwidth. It seems Windows XP Remote Desktop makes significantly better job in comparison. Also, when the VNC server is running on Linux/Unix, I cannot see the current desktop (on the console) remotely.  There is a special version of VNC called TightVNC which helps to overcome this problem. Some Linux distributions like Fedora are working on integrating VNC as a core technology. There is also NX, the version of VNC that is leaner and meaner then VNC. NX gives you a free (as in speech and beer) "CITRIX-style"  solution. You can download Knoppix 3.6 and give FreeNX a try.

VNC offers a server for Windows as well and it works reasonably well. The best windows implementation is  TightVNC VNC-Based Free Remote Control Solution (native port is much weaker).  You need to use TightVNC client too (actually this is a better client for any VNC version, not only for TightVNC).

VNC ports to Windows have an important limitation: when the VNC server is running on Windows, multiple people cannot have remote independent sessions.

For Solaris vnc package is provided on Software Companion CD and X11vnc prcompiled package from http://sunfreeware.com

The VNC is launched using   vncserver  Perl script.  The script vncserver  is a wrapper for Xvnc.

   vncserver

The example of modified 'vncserver' is shown below.

. . .
. . .
$defaultXStartup
    = ("#!/bin/sh\n\n".
       "xrdb \$HOME/.Xresources\n".
       "xsetroot -solid grey\n".
       "xterm -geometry 80x24+10+10 -ls -title \"\$VNCDESKTOP Desktop\" &\n".
       "startkde &\n");

chop($host = `uname -n`);

. . .

The first time you run vncserver, it will prompt you for a password (it launches vncpasswd), then it terminates without creating your desktop. To create your desktop, you have to run vncserver again. The password file and startup scripts are stored in your ~/.vnc directory. You have several choices of desktop environments and can either make an envelope scripts or to modify vncpasswd to launch CDE,  Gnome or KDE. You can create  several scripts, one for each desktop that you are using:  

vnccde :n  -  CDE on display number 'n'
vnckde :n  - KDE on display number 'n'

Leaving off the ":n" gives you the lowest available number. To connect to your desktop and use it, you'll need a VNC viewer program on your client machine.

vncserver is a perl script that you can (and probably should) customize

You can start a vncserver from RC scripts or manually by logging on to the system you want to administer remotely and launching it with the command: 

    # vncserver hostname:session_number

With VNC, you can run multiple sessions and connect to different servers. By default, the session numbers start at 1 and go up from there, but you can specify session 3 (for instance) right from the start by typing vncserver hostname:3. This highlights another benefit of VNC. Until you kill a VNC session, it retains its current state.

That means you can disconnect from a session, reconnect later, and return right where you left off. In fact, you can even share a session so multiple users can access it.

When you start the vncserver for the first time, you will be prompted for a password to access the server. You can always change it later using the vncpasswd command. Once the server is activated, you can connect to it using the vncviewer command. The format is as follows: 

   # vncviewer host:session_number

To exit the viewer (or send specific key sequences), use the F8  key. Then click on "Quit Viewer" to close the session. You can also start a shared session so that others may use the same X Window session with this version of the command: 

   # vncviewer -shared host:session_number

When you start the vncserver, it creates a .vnc  directory under your home directory (/root/.vnc). Several files are kept here. You'll find a log file associated with each server you run and a .pid  file to allow for removal of the server. By the way (since I mentioned it earlier), you kill a vncserver process like this: 

   # vncserver -kill :1

Remember that the :1  could be a :2  or :3, depending on the session you are trying to kill. That said, the other file I want you to look at is this one: -- xstartup. If you do a cat on the file, you get something that looks like this: 

   #!/bin/sh
 
   xrdb $HOME/.Xresources
   xsetroot -solid grey
   xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
   # twm &
   startkde &

Notice the second-to-last line is commented out, and a "startkde" line is added below. This is because VNC uses twm (the Tab Window Manager) as its default desktop.  If you prefer another window manager, add the startup here.

Top Visited
 Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

TightVNC 2.7 Features

[Mar 28, 2021] How to Install and Configure VNC on Ubuntu 20.04

Mar 26, 2021 | linuxize.com

... ... ...

We'll be installing TigerVNC. It is an actively maintained high-performance VNC server. Type the following command to install the package: 

sudo apt install tigervnc-standalone-serverCopy
Configuring VNC Access

Once the VNC server is installed, the next step is to create the initial user configuration and set up the password.

Set the user password using the vncpasswd command. Do not use sudo when running the command below: 

vncpasswdCopy

You will be prompted to enter and confirm the password and whether to set it as a view-only password. If you choose to set up a view-only password, the user will not be able to interact with the VNC instance with the mouse and the keyboard. 

Password:
Verify:
Would you like to enter a view-only password (y/n)? n
Copy

The password file is stored in the ~/.vnc directory, which is created if not present.

Next, we need to configure TigerVNC to use Xfce. To do so, create the following file:

~/.vnc/xstartup 
nano ~/.vnc/xstartupCopy

#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
exec startxfce4
Copy

Save and close the file. The commands above are automatically executed whenever you start or restart the TigerVNC server.

The ~/.vnc/xstartup file also needs to have execute permissions. Use the chmod command to set the file permissions: 

chmod u+x ~/.vnc/xstartupCopy

If you need to pass additional options to the VNC server, create a file named config and add one option per line. Here is an example:

me title= 

geometry=1920x1080
dpi=96
Copy

me title=

vncserver command: 
vncserverCopy

New 'server2.linuxize.com:1 (linuxize)' desktop at :1 on machine server2.linuxize.com

Starting applications specified in /home/linuxize/.vnc/xstartup
Log file is /home/linuxize/.vnc/server2.linuxize.com:1.log

Use xtigervncviewer -SecurityTypes VncAuth -passwd /home/linuxize/.vnc/passwd :1 to connect to the VNC server.
Copy

Note the :1 after the hostname in the output above. This indicates the number of the display port on which the vnc server is running. In this example, the server is running on TCP port 5901 (5900+1). If you create a second instance with vncserver it will run on the next free port i.e :2 , which means that the server is running on port 5902 (5900+2).

What is important to remember is that when working with VNC servers, :X is a display port that refers to 5900+X .

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-9439755881064125&output=html&h=15&slotname=2822423476&adk=2131362362&adf=1183300332&pi=t.ma~as.2822423476&w=728&lmt=1616790774&psa=0&channel=7012520740&url=https%3A%2F%2Flinuxize.com%2Fpost%2Fhow-to-install-and-configure-vnc-on-ubuntu-20-04%2F&flash=0&wgl=1&adsid=ChEI8NKAgwYQvtb8gszP2JnFARIqAEiSDbp7dyHCaSBFcAURTBZF5nZU7KfOTTBoe-VfAphyk5mY4Jvol_Ww&dt=1616953702630&bpp=29&bdt=655&idt=429&shv=r20210322&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc49f1a8b9e10950c-22349bba1bc700c9%3AT%3D1616953703%3ART%3D1616953703%3AS%3DALNI_MZiWutkltNSo09KlscLjWoiwjnLBA&prev_fmts=0x0%2C0x0&nras=2&correlator=315778962186&pv_ch=7012520740%2B&frm=20&pv=1&ga_vid=1920561091.1616953703&ga_sid=1616953703&ga_hid=1068497979&ga_fc=0&u_tz=-240&u_his=1&u_java=0&u_h=864&u_w=1536&u_ah=864&u_aw=1536&u_cd=24&u_nplug=3&u_nmime=4&adx=384&ady=4455&biw=1519&bih=762&scr_x=0&scr_y=1486&eid=31060288%2C21066429%2C44740079%2C44739387&oid=3&pvsid=4105865734671113&pem=261&ref=https%3A%2F%2Fwww.linuxtoday.com%2F&rx=0&eae=0&fc=384&brdim=1536%2C0%2C1536%2C0%2C1536%2C0%2C1536%2C864%2C1536%2C762&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8192&bc=31&jar=2021-03-26-21&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=1tDDd3qiMD&p=https%3A//linuxize.com&dtd=6635

You can get a list of all the currently running VNC sessions by typing: 

vncserver -listCopy

TigerVNC server sessions:

X DISPLAY #	RFB PORT #	PROCESS ID
:1		      5901		    5710
Copy

Before continuing with the next step, stop the VNC instance using the vncserver command with a -kill option and the server number as an argument. In this example, the server is running in port 5901 ( :1 ), so we'll stop it with:

me title= 

vncserver -kill :1Copy

Killing Xtigervnc process ID 5710... success!
Copy
Creating a Systemd unit file

Instead of manually starting the VNC session, let's create a systemd unit file so that you start, stop, and restart the VNC service as needed.

Open your text editor and copy and paste the following configuration into it. Make sure to change the username on line 7 to match your username. 

sudo nano /etc/systemd/system/[email protected]
/etc/systemd/system/[email protected] 
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=simple
User=linuxize
PAMName=login
PIDFile=/home/%u/.vnc/%H%i.pid
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill :%i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver :%i -geometry 1440x900 -alwaysshared -fg
ExecStop=/usr/bin/vncserver -kill :%i

[Install]
WantedBy=multi-user.target
Copy

Save and close the file.

Notify systemd that a new unit file is created: 

sudo systemctl daemon-reloadCopy

Enable the service to start on boot:

me title= 

sudo systemctl enable [email protected]

The number 1 after the @ sign defines the display port on which the VNC service will run. This means that the VNC server will listen on port 5901 , as we discussed in the previous section.

Start the VNC service by executing: 

sudo systemctl start [email protected]

Verify that the service is successfully started with: 

sudo systemctl status [email protected]

[email protected] - Remote desktop service (VNC)
     Loaded: loaded (/etc/systemd/system/[email protected]; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2021-03-26 20:00:59 UTC; 3s ago
...
Copy
Connecting to VNC server

VNC is not an encrypted protocol and can be subject to packet sniffing. The recommended approach is to create an SSH tunnel and securely forward traffic from your local machine on port 5901 to the server on the same port.

Set Up SSH Tunneling on Linux and macOS

If you run Linux, macOS, or any other Unix-based operating system on your machine, you can easily create an SSH tunnel with the following command:

me title= 

ssh -L 5901:127.0.0.1:5901 -N -f -l vagrant 192.168.33.10Copy

You will be prompted to enter the user password.

Make sure to replace username and server_ip_address with your username and the IP address of your server.

Set Up SSH Tunneling on Windows

If you run Windows, you can set up SSH Tunneling using the PuTTY SSH client .

Open Putty and enter your server IP Address in the Host name or IP address field.

Under the Connection menu, box, expand SSH , and select Tunnels . Enter the VNC server port ( 5901 ) in the Source Port field and enter server_ip_address:5901 in the Destination field and click on the Add button as shown in the image below:

Go back to the Session page to save the settings, so you do not need to enter them each time. To the remote server, select the saved session and click on the Open button.

Connecting using Vncviewer

Now that the SSH tunnel is created, it is time to open your Vncviewer and to connect to the VNC Server at localhost:5901 .

You can use any VNC viewer such as TigerVNC, TightVNC, RealVNC, UltraVNC, Vinagre, and VNC Viewer for Google Chrome .

We'll be using TigerVNC. Open the viewer, enter localhost:5901 , and click on the Connect button.

Enter your user password when prompted, and you should see the default Xfce desktop. It will look something like this:

You can start interacting with the remote XFCE desktop from your local machine using your keyboard and mouse.

Conclusion

We've shown you how to install and configure a VNC server up and running, on Ubuntu 20.04.

To configure your VNC server to start a display for more than one user, create the initial configuration and set up the password using the vncpasswd command. You will also need to create a new service file using a different port.

Feel free to leave a comment if you have any questions.

[Mar 15, 2021] Install GNOME GUI on RHEL 7 Linux Server

Jul 24, 2018 | linuxconfig.org

If you have performed a RHEL 7 Linux Server installation and did not include Graphical User Interface (GUI) you can do it later directly from command line using yum command and selecting an appropriate installation group. To list all available installation groups on Redhat 7 Linux use:

[root@rhel7 ~]# yum group list
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
There is no installed groups file.
Maybe run: yum groups mark convert (see man yum)
Available environment groups:
   Minimal Install
   Infrastructure Server
   File and Print Server
   Basic Web Server
   Virtualization Host
   Server with GUI
Available Groups:
   Compatibility Libraries
   Console Internet Tools
   Development Tools
   Graphical Administration Tools
   Legacy UNIX Compatibility
   Scientific Support
   Security Tools
   Smart Card Support
   System Administration Tools
   System Management
Done

Looking for Linux Systems Analyst !

The UAF Geophysical Institute, is looking for an experienced Linux Systems Analyst to join their team of research cyber infrastructure analysts and engineers. LOCATION: Fairbanks, Alaska, USA

APPLY NOW

me title=

From the above list select Server with GUI installation group: 
[root@rhel7 ~]# yum groupinstall 'Server with GUI'
Transaction Summary
=================
Install  261 Packages (+604 Dependent packages)

Total download size: 527 M
Installed size: 1.7 G
Is this ok [y/d/N]:
Just because gnome desktop environment is a default GUI on RHEL 7 linux system the above command will install gnome. Alternatively, you can run the below command to only install core GNOME packages: 
[root@rhel7 ~]# yum groupinstall 'X Window System' 'GNOME'
Once the installation is finished, you need to change system's runlevel to runlevel 5. Changing runlevel on RHEL 7 is done by use of systemctl command. The below command will change runlevel from runlevel 3 to runelevel 5 on RHEL 7: 
[root@rhel7 ~]# systemctl set-default graphical.target
Depending on your previous installations you may need to accept Redhat License after you reboot your system. Once you boot to your system you can check GNOME version using: 
[root@rhel7 ~]# gnome-shell --version
GNOME Shell 3.8.4

[Mar 07, 2021] How to install the NVIDIA drivers

Mar 07, 2021 | linuxconfig.org

... ... ...

  1. Open up the terminal and identify your Nvidia graphic card model by executing to following command: 
    $ lspci -vnn | grep VGA
01:00.0 VGA compatible controller [0300]: NVIDIA Corporation GP106 [GeForce GTX 1060 6GB] [10de:1c03] (rev a1) (prog-if 00 [VGA controller])
  2. Download the Nvidia driver package from nvidia.com using search criteria based on your Nvidia card model and the Linux operating system. Download an appropriate Nvidia driver for your VGA card. Download an appropriate Nvidia driver for your VGA card. Alternatively, if you know what you are doing you can download the driver directly from the Nvidia Linux driver list . Once ready you should end up with a file similar to the one shown below: 
    $ ls NVIDIA-Linux-x86_64-*
NVIDIA-Linux-x86_64-460.39.run
  3. Next, install package prerequisites to be able successfully compile and install Nvidia driver on you AlmaLinux system. 
    # dnf groupinstall "Development Tools"
# dnf install libglvnd-devel elfutils-libelf-devel
  4. Permanently disable the nouveau driver by modifying the GRUB boot menu: 
    # grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) nouveau.modeset=0"
    After execution of the above grub2-editenv command the GRUB boot line should look similar to the one below: 
    # grub2-editenv - list | grep kernelopts
kernelopts=root=/dev/mapper/almalinux-root ro crashkernel=auto resume=/dev/mapper/almalinux-swap rd.lvm.lv=almalinux/root rd.lvm.lv=almalinux/swap  nouveau.modeset=0
  5. Reboot your AlmaLinux 8 Desktop:
    WARNING
    Depending on your Nvidia VGA model your system might misbehave. At this stage be ready to get your hands dirty. After the reboot you may end up without GUI at all. Be sure that you have the SSH enabled on your system to be able login remotely or use CTRL+ALT+F2 to switch TTY console and continue with the installation. 
    # reboot
  6. The Nvidia drivers must be installed while the Xorg server is stopped. Switch to the text mode by: 
    #  systemctl isolate multi-user.target
  7. Install the Nvidia driver by executing the following command via TTY console or remote SSH login:
    NOTE
    ERROR: Unable to find the kernel source tree for the currently running kernel
    In case you receive the above error message during the execution of the below command, follow the kernel source instructions on how to install kernel source on CentOS / RHEL / AlmaLinux Linux system. 
    # bash NVIDIA-Linux-x86_64-*
    When prompted answer <code><noscript><img src= When prompted answer YES to installation of NVIDIA's 32-bit compatibility libraries. Allow automatically update of your X configuration file. Allow automatically update of your X configuration file. You should see the following message after successful NVIDIA driver installation. You should see the following message after successful NVIDIA driver installation.
  8. Reboot your system one more time.
    All done. Reboot your system. The Nvidia driver should now be installed on your AlamLinux 8 Desktop. Login and run nvidia-settings to further configure your Nvidia graphic card settings. 
    # reboot

Troubleshooting GDM on Xorg server does not start after user login and user ends up with black screen. The Xorg log contains the following or similar error messages: 

[  3515.464] (II) systemd-logind: got pause for 13:68
[  3515.738] (II) systemd-logind: got resume for 13:64
[  3515.757] (II) NVIDIA(0): Setting mode "DFP-1:nvidia-auto-select"
[  3515.793] (II) NVIDIA(0): ACPI: failed to connect to the ACPI event daemon; the daemon
[  3515.793] (II) NVIDIA(0):     may not be running or the "AcpidSocketPath" X
[  3515.793] (II) NVIDIA(0):     configuration option may not be set correctly.  When the
[  3515.793] (II) NVIDIA(0):     ACPI event daemon is available, the NVIDIA X driver will
[  3515.793] (II) NVIDIA(0):     try to use it to receive ACPI event notifications.  For
[  3515.793] (II) NVIDIA(0):     details, please see the "ConnectToAcpid" and
[  3515.793] (II) NVIDIA(0):     "AcpidSocketPath" X configuration options in Appendix B: X
[  3515.793] (II) NVIDIA(0):     Config Options in the README.
[  3515.793] [dix] couldn't enable device 8
[  3515.793] (II) systemd-logind: got resume for 13:66
[  3515.793] [dix] couldn't enable device 6
[  3515.794] (II) systemd-logind: got resume for 13:65
[  3515.794] [dix] couldn't enable device 7
[  3515.794] (II) systemd-logind: got resume for 13:72
[  3515.794] [dix] couldn't enable device 14
[  3515.794] [dix] couldn't enable device 17
[  3515.794] (II) systemd-logind: got resume for 13:71
[  3515.794] [dix] couldn't enable device 13
[  3515.794] (II) systemd-logind: got resume for 13:67
[  3515.794] [dix] couldn't enable device 9
[  3515.794] (II) systemd-logind: got resume for 13:73
[  3515.794] [dix] couldn't enable device 15
[  3515.794] (II) systemd-logind: got resume for 13:69
[  3515.794] [dix] couldn't enable device 11
[  3515.794] [dix] couldn't enable device 16
[  3515.794] (II) systemd-logind: got resume for 13:70
[  3515.794] [dix] couldn't enable device 12
[  3515.794] (II) systemd-logind: got resume for 13:68
[  3515.794] [dix] couldn't enable device 10
Try restart the systemd's systemd-logind service: 
# systemctl restart systemd-logind

[Jun 17, 2019] Accessing remote desktops by Seth Kenlon

Jun 17, 2019 | www.redhat.com

Accessing remote desktops Need to see what's happening on someone else's screen? Here's what you need to know about accessing remote desktops.

Posted June 13, 2019 | by Seth Kenlon (Red Hat) Anyone who's worked a support desk has had the experience: sometimes, no matter how descriptive your instructions, and no matter how concise your commands, it's just easier and quicker for everyone involved to share screens. Likewise, anyone who's ever maintained a server located in a loud and chilly data center -- or across town, or the world -- knows that often a remote viewer is the easiest method for viewing distant screens.

Linux is famously capable of being managed without seeing a GUI, but that doesn't mean you have to manage your box that way. If you need to see the desktop of a computer that you're not physically in front of, there are plenty of tools for the job.

Barriers

Half the battle of successfully screen sharing is getting into the target computer. That's by design, of course. It should be difficult to get into a computer without explicit consent.

Usually, there are up to 3 blockades for accessing a remote machine:

  1. The network firewall
  2. The target computer's firewall
  3. Screen share settings

Specific instruction on how to get past each barrier is impossible. Every network and every computer is configured uniquely, but here are some possible solutions.

Barrier 1: The network firewall

A network firewall is the target computer's LAN entry point, often a part of the router (whether an appliance from an Internet Service Provider or a dedicated server in a rack). In order to pass through the firewall and access a computer remotely, your network firewall must be configured so that the appropriate port for the remote desktop protocol you're using is accessible.

The most common, and most universal, protocol for screen sharing is VNC.

If the network firewall is on a Linux server you can access, you can broadly allow VNC traffic to pass through using firewall-cmd , first by getting your active zone, and then by allowing VNC traffic in that zone: 

$ sudo firewall-cmd --get-active-zones
example-zone
  interfaces: enp0s31f6
$ sudo firewall-cmd --add-service=vnc-server --zone=example-zone

If you're not comfortable allowing all VNC traffic into the network, add a rich rule to firewalld in order to let in VNC traffic from only your IP address. For example, using an example IP address of 93.184.216.34, a rule to allow VNC traffic is: 

$ sudo firewall-cmd \
--add-rich-rule='rule family="ipv4" source address="93.184.216.34" service name=vnc-server accept'

To ensure the firewall changes were made, reload the rules: 

$ sudo firewall-cmd --reload

If network reconfiguration isn't possible, see the section "Screen sharing through a browser."

Barrier 2: The computer's firewall

Most personal computers have built-in firewalls. Users who are mindful of security may actively manage their firewall. Others, though, blissfully trust their default settings. This means that when you're trying to access their computer for screen sharing, their firewall may block incoming remote connection requests without the user even realizing it. Your request to view their screen may successfully pass through the network firewall only to be silently dropped by the target computer's firewall.

Changing zones in Linux.

To remedy this problem, have the user either lower their firewall or, on Fedora and RHEL, place their computer into the trusted zone. Do this only for the duration of the screen sharing session. Alternatively, have them add either one of the rules you added to the network firewall (if your user is on Linux).

A reboot is a simple way to ensure the new firewall setting is instantiated, so that's probably the easiest next step for your user. Power users can instead reload the firewall rules manually : 

$ sudo firewall-cmd --reload

If you have a user override their computer's default firewall, remember to close the session by instructing them to re-enable the default firewall zone. Don't leave the door open behind you!

Barrier 3: The computer's screen share settings

To share another computer's screen, the target computer must be running remote desktop software (technically, a remote desktop server , since this software listens to incoming requests). Otherwise, you have nothing to connect to.

Some desktops, like GNOME, provide screen sharing options, which means you don't have to launch a separate screen sharing application. To activate screen sharing in GNOME, open Settings and select Sharing from the left column. In the Sharing panel, click on Screen Sharing and toggle it on:

Remote desktop viewers

There are a number of remote desktop viewers out there. Here are some of the best options.

GNOME Remote Desktop Viewer

The GNOME Remote Desktop Viewer application is codenamed Vinagre . It's a simple application that supports multiple protocols, including VNC, Spice, RDP, and SSH. Vinagre's interface is intuitive, and yet this application offers many options, including whether you want to control the target computer or only view it.

If Vinagre's not already installed, use your distribution's package manager to add it. On Red Hat Enterprise Linux and Fedora , use: 

$ sudo dnf install vinagre

In order to open Vinagre, go to the GNOME desktop's Activities menu and launch Remote Desktop Viewer . Once it opens, click the Connect button in the top left corner. In the Connect window that appears, select the VNC protocol. In the Host field, enter the IP address of the computer you're connecting to. If you want to use the computer's hostname instead, you must have a valid DNS service in place, or Avahi , or entries in /etc/hosts . Do not prepend your entry with a username.

Select any additional options you prefer, and then click Connect .

If you use the GNOME Remote Desktop Viewer as a full-screen application, move your mouse to the screen's top center to reveal additional controls. Most importantly, the exit fullscreen button.

If you're connecting to a Linux virtual machine, you can use the Spice protocol instead. Spice is robust, lightweight, and transmits both audio and video, usually with no noticeable lag.

TigerVNC and TightVNC

Sometimes you're not on a Linux machine, so the GNOME Remote Desktop Viewer isn't available. As usual, open source has an answer. In fact, open source has several answers, but two popular ones are TigerVNC and TightVNC , which are both cross-platform VNC viewers. TigerVNC offers separate downloads for each platform, while TightVNC has a universal Java client.

Both of these clients are simple, with additional options included in case you need them. The defaults are generally acceptable. In order for these particular clients to connect, turn off the encryption setting for GNOME's embedded VNC server (codenamed Vino) as follows: 

$ gsettings set org.gnome.Vino require-encryption false

This modification must be done on the target computer before you attempt to connect, either in person or over SSH.

Red Hat Enterprise Linux 7 remoted to RHEL 8 with TightVNC

Use the option for an SSH tunnel to ensure that your VNC connection is fully encrypted.

Screen sharing through a browser

If network re-configuration is out of the question, sharing over an online meeting or collaboration platform is yet another option. The best open source platform for this is Nextcloud , which offers screen sharing over plain old HTTPS. With no firewall exceptions and no additional encryption required, Nextcloud's Talk app provides video and audio chat, plus whole-screen sharing using WebRTC technology.

This option requires a Nextcloud installation, but given that it's the best open source groupware package out there, it's probably worth looking at if you're not already running an instance. You can install Nextcloud yourself, or you can purchase hosting from Nextcloud.

To install the Talk app, go to Nextcloud's app store. Choose the Social & Communication category and then select the Talk plugin.

Next, add a user for the target computer's owner. Have them log into Nextcloud, and then click on the Talk app in the top left of the browser window.

When you start a new chat with your user, they'll be prompted by their browser to allow notifications from Nextcloud. Whether they accept or decline, Nextcloud's interface alerts them of the incoming call in the notification area at the top right corner.

Once you're in the call with your remote user, have them click on the Share screen button at the bottom of their chat window.

Remote screens

Screen sharing can be an easy method of support as long as you plan ahead so your network and clients support it from trusted sources. Integrate VNC into your support plan early, and use screen sharing to help your users get better at what they do. Topics: Linux Seth Kenlon Seth Kenlon is a free culture advocate and UNIX geek.

OUR BEST CONTENT, DELIVERED TO YOUR INBOX

https://www.redhat.com/sysadmin/eloqua-embedded-subscribe.html?offer_id=701f20000012gE7AAI The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat.

Red Hat and the Red Hat logo are trademarks of Red Hat, Inc., registered in the United States and other countries.

Copyright ©2019 Red Hat, Inc.

https://redhat.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.redhat.com%2Fsysadmin%2Faccessing-remote-desktops

Single Application Sharing Mode

Now there is no need to share the whole desktop if you need to remotely control only one application. For that, run a server via the command line, specify -shareapp CLI option and pass a process ID as its argument. In the Viewer window, only the application window will be shown (if any, non-used space in the Viewer viewport is filled with black).

Check more details in the documentation: TightVNC for Windows: Server Command-Line Options (PDF)

Performance Optimization for Windows 8

Now servers run on Windows 8 are ultra fast and there are no desktop update lags when the Viewer connects to it. This was made possible due to added support for the Desktop Duplication API.

Password Protection for Server-Side Changes

Now access to remote server settings can be additionally secured with a new Administration -> Ask password for each operation option. If checked, an Administrative password is required to open settings and alter them (rather than asking for it only once, on the server start-up). Securing each operation makes it impossible to reconfigure the server during a session without appropriate rights for that.

If necessary, a corresponding option is available in the MSI TightVNC installer (SET_REPEATCONTROLAUTHENTICATION). Read more in the documentation: TightVNC for Windows: Installing from MSI Packages (PDF).

ZRLE and RRE Encoding Support

The list of supported encoding types is extended with ZRLE and RRE compression. Now TightVNC Server is fully compliant to the latest RFB protocol specification.

Read more

Features of Version 2.7.10

Bugfixes, improved file transfer UI, extended key combination support in the full-screen mode and more.

[Nov 12, 2014] Download TightVNC Java Viewer (Version 2.7.2)

TightVNC Java Viewer works on any system where Java is supported. It requires Java SE version 1.6 or later.

TightVNC Java Viewer JAR in a ZIP archive (720,395 bytes)

[Nov 12, 2014] Announcing Remote Ripple 2.0

March 19, 2014 | http://tightvnc.com

Remote Ripple is our VNC-compatible remote desktop client for Android. Version 2.0 is a complete redesign of the application. Install Remote Ripple now!

Vino. The Remote Desktop Project

RFB[1] (Remote FrameBuffer) is the protocol used by VNC. The emphasis in the design of the protocol was to make very few requirements of the client. The client has no need to maintain explicit state and clients are able to disconnect and re-connect to the server while preserving the state of the user interface.

The dislay part of the protocol is based around a single simple graphics primitive "put a rectangle of pixel data at a given position". Each rectangle may be encoded in any one of a number of encodings allowing for compression or usage of parts of the client's existing copy of the framebuffer. Updates are requested by the client rather than pushed out by the server allowing the protcol to adapt to slower networks and/or clients - i.e. with a slow network or client the rate of updates are greatly reduced and the client ignores the transient state of the framebuffer.

The protocol is quite extensible. Extra encodings can be advertised by the server and used if the client supports the encoding. Use of encodings are not only limited to how frame buffer updates are encoded on the wire, but also extra psuedo-encodings may be added which can do anything from inform the client of a change in cursor shape, a change in the size of the screen or even things like extra in-band communication between the server and client.

There seems to be many different implementations of VNC available. Available RFB server implementations include:

I won't list the VNC client's available, there seem to be many, but suffice to say there are X11, Windows and OS X clients available along with, interestingly, several implementations of a Java client which can be run embedded in the browser as an applet.

Tim Waugh has written a nice article[6] on VNC and the many projects around the technology.

In summary, the RFB protocol has a number of advantages:

  1. Simple and open protocol.
  2. Rate-limited by the client, pretty low bandwidth/latency requirements.
  3. Extensible.
  4. Several open source implementations available.
  5. Many existing clients available for different platforms.

[Jun 4, 2007] VNC and Similar

undated,linuxmafia.com

VNC implementations (also known as "RFB" = Remote Frame Buffer)

You'll find a number of resources about VNC over SSH in my ssh-clients
file, http://linuxmafia.com/ssh/.

Also worth looking into:

Citrix Metaframe: This is the old-established proprietary remote-Win32-access technology (implementing ICA = Independent Computing Architecture remote imaging), whose predecessor Citrix Winframe was licensed by Microsoft Corporation and rebranded as Microsoft Terminal Server. (Microsoft also rebranded ICA as Microsoft Remote Desktop Protocol = RDP.)
http://www.citrix.com/

For completeness:
Sun Secure Global Desktop: This is a proprietary remote-Win32-access technology formerly called Tarantella, until Sun Microsystems bought Tarantella, Inc., formerly Santa Cruz Operation (dubbed "old SCO" to distinguish it from the Utah company formerly named Caldera Systems that renamed itself The SCO Group). Santa Cruz Operation in turn had developed Tarantella from code acquired when it bought IXI Limited of Cambridge, UK and Visionware Limited of Leeds, UK, in 1993 and 1994, respectively.
http://www.sun.com/software/products/sgd

[Apr 5, 2007] freshmeat.net Project Reviews - vnc2swf

by jeff covey, in Project Reviews - Sat, Feb 5th 2005 00:00 PDT

Screenshots have always been invaluable tools for graphical user interfaces. They let programmers flaunt their wares to prospective users; even with console tools, I usually zoom right in on a screenshot link to get my first impression of a program. They let the desktop-inclined show off their backgrounds and theme authors show why you must have their work. And when things go wrong, a screenshot can often save a thousand words of bug reporting. vnc2swf puts all these benefits in motion.

vnc2swf is a Virtual Network Computing client which can record a VNC session and save it as a Shockwave Flash file.

[Mar 24, 2007] freshmeat.net Project details for Enhanced TightVNC Viewer

Enhanced TightVNC Viewer 1.0.14 released
The Enhanced TightVNC Viewer package is part of the x11vnc VNC server project. It provides a native VNC viewer that takes advantage of new features in x11vnc, e.g. cursor alpha blending and automatic SSL tunnelling. Some features apply to any VNC server, e.g. automatic SSH tunnelling. Another goal is to provide a package that conveniently bundles everything needed for the user to have the enhanced viewer running quickly. This includes pre-built binaries of the viewer and utility programs for Windows and many Unix variants, and a GUI to configure and launch the viewer. The short name for this project is "ssvnc", for SSL/SSH VNC viewer.

Release focus: Minor bugfixes

Changes:
Using port numbers lower than VNC's default port (5900) now works on Windows (for example, myhost.com:443).

Author:
Karl Runge [contact developer]

LinuxPlanet - Tutorials - Using VNC Tunneling over SSH - Temporary Access

While working on a project to create tutorials, I needed a way to watch how a user stepped through the process of using an application without being on-site.

VNC turned out to be a viable solution. I could remotely connect and view all the steps, while conversing about the process over the phone.

The trouble was there were firewalls at both ends. It would have been easy to just open the port normally used for VNC connectivity (5900) in the firewall, but it's definitely not secure.

Using VNC while tunneling over SSH was a quick and more secure way to accomplish the process/application watching goal.

Several steps are required to make it work.

Ideally, all inbound ports are closed on an Internet facing firewall. That will go a long way to keeping out the bad guys. Of course, any other remote access is then limited as well.

Opening up port 22 on the distant IPCop firewall works well for the purpose of tutorial generation and is easily accomplished using the IPCop Web-based GUI. A similar process is used if the user machine is behind a dedicated firewall appliance. The idea is to port forward the SSH traffic from the Internet to the VNC-equipped user desktop machine.

Port 22 on the user's Linux desktop also needs to be available for logging in via SSH. When the session is finished, the firewall's SSH port can then again be closed to inbound traffic.

Specialized remote access techniques should be considered, like port-knocking or using hardened firewall devices when a more permanent or bulletproof connection is needed.

"Sharing computers on a Linux (or heterogeneous) network, Part 1" (developerWorks, December 2001)

compares ssh to VNC. "Sharing computers on a Linux (or heterogeneous) network, Part 2" (developerWorks, March 2002) covers VNC in more detail and also discusses remote X and security.

Logging into NT service from Linux VNC client

TightVNC client has an option sending this key sequence to Windows (left-click mouse of the client and see "send Ctrl-Alt-Del" option.

Q. How can I send an ALT-CTRL-DEL from a Linux XFree VNC client to an NT server (running VNC as a service) to login? It seems that the Alt-Ctrl-Del to gobbled up by Xfree (or maybe something else?) and not sent to the server. My SunOS client sends the Alt-Ctrl-Del fine. There is no pull-down item to sent it like on a Win95 client.

TIA...

I would suggest that this be added to the FAQ.

TightVNC Remote X the secure, fast & easy way (LinuxWorld)

John Wilson tug "at" wilson.co.uk
Tue, 22 Jun 1999 17:08:56 +0000 

My VncMonitor program will allow you to connect to a remote system without
the need to type in details (it gets the information from a configuration
file). My VncProxy program allows the number of connections to a proxied VNC
server to be restricted to any number.

They are both Java programs so should run on your machines.

http://www.wilson.co.uk/Software/vnc/VncMonitor.htm
http://www.wilson.co.uk/Software/vnc/proxy/VncProxy.htm

I'm about to release new versions in the next day or so.

John Wilson
The Wilson Partnership
5 Market Hill, Whitchurch, Aylesbury, Bucks HP22 4JB, UK
+44 1296 641072, +44 976 611010(mobile), +44 1296 641874(fax)
Mailto: tug "at" wilson.co.uk

----- Original Message -----
From: Pavel Satny <pavel.satny "at" alcatel.cz>
To: <vnc-list "at" uk.research.att.com>
Cc: <aarnout.wieers "at" alcatel.cz>
Sent: 22 June 1999 15:19
Subject: VNC Configuration


> Dear all,
>
> can somebody help me with configuring VNC? I have an idea to instal it as
> "semi-videoconferencing tool", where two persons can discuss by phone
about
> what they are showing themselves on shared screen.
> What are possibilities to make it very easy startable, without typing
> comands with (for ordinary users) nonunderstandable options.
>

---------------------------------------------------------------------
The VNC mailing list - see http://www.uk.research.att.com/vnc/intouch.html

Recommended Links

Google matched content

Softpanorama Recommended

Top articles

Sites

Clones/Forks

TightVNC: Manual Page for Xvnc(1) Const Kaplinsky [email protected] has developed TightVNC, a version of VNC providing better compression for use with slow links than the standard VNC 3.3.3 release. Although it includes a number of extensions to the standard VNC distribution, TightVNC remains compatible with existing versions. The TightVNC homepage is at http://www.tightvnc.com/

TightVNC is fully compatible with the standard RFB protocol used in VNC, so you can use TightVNC viewer with the standard VNC server and vice versa. But note that protocol enhancements implemented in TightVNC will work only if these enhancements are supported on both sides of the connection.

TightVNC Features

Here is a brief list of TightVNC features absent in the standard VNC.

... please look at the Xvnc -help output and read the Xserver(1) manual page for ... rfbwait
time Maximum time, in milliseconds, to wait for an RFB client (VNC viewer ...
www.tightvnc.com/Xvnc.1.html - 14k - Cached - Similar pages

TightVNC: Manual Page for vncviewer(1)
vncviewer(1) Manual Page. [DONATE], Get a better TightVNC: make a donation
($10 is ok)! ... NAME. vncviewer - an X viewer client for VNC SYNOPSIS. ...
www.tightvnc.com/vncviewer.1.html - 24k - Cached - Similar pages
[ More results from www.tightvnc.com ]

x0rfbserver - accessing a standard X server with VNC

Jens Wagner has written some VNC-related tools, amongst which is a program called x0rfbserver. This is a VNC server which serves a standard X server desktop thus behaving more like WinVNC and MacVNC than does Xvnc. It is available in the rfb-n.n.n.tar.gz package from http://www.hexonet.de/software.en/

http://ultravnc.sourceforge.net Want to remote control your computer? If you have Windows XP Professional, you can use Remote Desktop. If you don't use Windows XP Professional, you can still get remote control using UltraVNC. UltraVNC is an excellent fast & free remote control, and file transfer program.

Harakan - Software - PalmVNC
... Ultra-thin client uses less than 40Kb of Palm memory. VNC servers available
for a wide variety of platforms. ... Please download the binaries and manual. ...
Description: Remote access and collaboration client for Palm Platform. A Virtual Network Computing client for the palm.
Category: Computers > Software > ... > Thin Clients > Virtual Network Computing
www.btinternet.com/~harakan/PalmVNC/ - 5k - Cached - Similar pages

PalmVNC v1.40 User's Guide
... Features and Compatibility. Ultra-thin client uses less than 40Kb of
Palm memory. VNC servers available for a wide variety of platforms. ...
www.btinternet.com/~harakan/PalmVNC/Manual/manual.htm - 13k - Cached - Similar pages 

[PDF]Using VNC (3
File Format: PDF/Adobe Acrobat - View as HTML
... Tower, 545-2836 C:\My Documents\Word\documentation\vnc\VNCVIEWER_web.doc 06/30/2003
5 Troubleshooting Note: For troubleshooting involving VNC Server, you must ... 
www.math.umass.edu/~scc/software/ handouts/VNCVIEWER.pdf - Similar pages

x11vnc a VNC server for real X displays

x11vnc: a VNC server for real X displays (to FAQ) (to downloads) (to building)

x11vnc allows one to remotely view and interact with real X displays (i.e. a display corresponding to a physical monitor, keyboard, and mouse) with any VNC viewer. In this way it plays the role for Unix/X11 that WinVNC plays for Windows.

I wrote x11vnc because x0rfbserver was basically impossible to build on Solaris and had poor performance. The primary x0rfbserver build problems centered around esoteric C++ toolkits. x11vnc is written in plain C and uses only standard libraries. I also added a few enhancements to improve the interactive response, add esoteric features, etc. The FAQ contains a lot of information and solutions to problems, but please feel free to contact me if you have problems or questions.

Background:

VNC (Virtual Network Computing) is a very useful network graphics protocol in the spirit of X, however, unlike X, the viewing-end is very simple and maintains no state. It is a remote framebuffer (RFB) protocol

Some VNC links:

For Unix, the VNC implementation includes a virtual X11 server Xvnc (usually launched via the vncserver command) that is not associated with a real display, but provides a "fake" one X11 clients (xterm, mozilla, etc.) can attach to. A remote user then connects to Xvnc via the VNC client vncviewer from anywhere on the network to view and interact with the whole virtual X11 desktop.

The VNC protocol is in most cases better suited for remote connections with low bandwidth and high latency than is the X11 protocol. Also, with no state maintained the viewing-end can crash, be rebooted, or relocated and the applications and desktop continue running. Not so with X11.

So the standard Xvnc program is very useful, I use it for things like:

However, sometimes one wants to connect to a real X11 display (i.e. one attached to a physical monitor, keyboard, and mouse: a Workstation or a SunRay session) from far away. Maybe you want to close down an application cleanly rather than using kill, or want to work a bit in an already running application, or would like to help a distant colleague solve a problem with their desktop. This is where x11vnc is useful.

How to use x11vnc:

In this example let's assume the remote machine with the X display you wish to view is "far-away.east:0" and the workstation you are presently working at is "sitting-here.west".

Step 0. Download x11vnc (see below) and have it available to run (e.g. via $PATH) on far-away.east. Similarly, have a VNC viewer (e.g. vncviewer) ready to run on sitting-here.west. We recommend TightVNC Viewers.

Step 1. By some means log in to far-away.east and get a command shell running there. You can use ssh, rlogin, telnet, or any other method to do this. x11vnc needs to be run on the same machine the X server process is running on (because MIT-SHM shared memory is used to poll the X11 framebuffer).

Step 2. In that far-away.east shell (with command prompt "far-away>" in this example) run x11vnc directed at the far-away.east X session display: 

  far-away> x11vnc -display :0

You could have also set the environment variable DISPLAY=:0 instead of using -display. This step attaches x11vnc to the far-away.east:0 X display (no viewer clients yet).

To get X11 permissions right, you may also need to set the XAUTHORITY environment variable (or use the -auth option) to point to the correct MIT-MAGIC-COOKIE file (e.g. /home/joe/.Xauthority). More on this below.

There will then be much chatter printed out from x11vnc, until it finally says something like: 

  .
  .
  13/05/2004 14:59:54 Autoprobing selected port 5900
  13/05/2004 14:59:54 screen setup finished.
  13/05/2004 14:59:54 The VNC desktop is far-away:0
  PORT=5900

which means all is OK, and we are ready for the final step.

Step 3. At the place where you are sitting (sitting-here.west in this example) you now want to run a VNC viewer program. There are VNC viewers for Unix, Windows, MacOS, Java-enabled web browsers, and even for PDA's like the Palm Pilot! You can use any of them to connect to x11vnc (see the above VNC links under "Background:" on how to obtain a viewer for your platform or this FAQ. For Solaris, vncviewer is available in the Companion CD package SFWvnc ).

In this example we'll use the Unix vncviewer program on sitting-here by typing the following command in a second terminal window: 

  sitting-here> vncviewer far-away.east:0

That should pop up a viewer window on sitting-here.west showing and allowing interaction with the far-away.east:0 X11 desktop. Pretty nifty! When finished, exit the viewer: the remote x11vnc process will shutdown automatically (or you can use the -forever option to have it wait for additional viewer connections).

Desktop Sharing: The above more or less assumed nobody was sitting at the workstation display "far-away.east:0". This is often the case: a user wants to access her workstation remotely. Another usage pattern has the user sitting at "far-away.east:0" and invites one or more other people to view and interact with his desktop. Perhaps the user gives a demo or presentation this way (using the telephone for vocal communication). A "Remote Help Desk" mode would be similar: a technician remotely connects to the user's desktop to interactively solve a problem the user is having.

For these cases it should be obvious how it is done. The above steps will work, but more easily the user sitting at far-away.east:0 simply starts up x11vnc from a terminal window, after which the guests would start their VNC viewers. For this usage mode the -accept popup option discussed in the FAQ below may be of use to allow the user at far-away.east:0 to accept or reject incoming connections.

Tunnelling x11vnc via ssh:

The above example had no security or privacy at all. When logging into remote machines (certainly when going over the internet) it is best to use ssh, or use a VPN. For x11vnc one can tunnel the VNC protocol through the encrypted ssh channel. It would look something like this: 

  sitting-here> ssh -L 5900:localhost:5900 far-away.east 'x11vnc -display :0'

(you will likely have to provide passwords/passphrases for the ssh login) and then in another terminal window on sitting-here run the command: 

  sitting-here> vncviewer -encodings "copyrect tight zrle hextile" localhost:0

The -encodings option is very important: vncviewer will default to "raw" encoding if it thinks the connection is to the local machine, and so vncviewer gets tricked this way by the ssh redirection. "raw" encoding will be extremely slow over a networked link, so you need to force the issue with -encodings "copyrect tight ...".

If the machine you SSH into is not the same machine with the X display you wish to view (e.g. your company provides incoming SSH access to a gateway machine), then you need to change the above to, e.g.: -L 5900:otherhost:5900. Once logged in, you'll need to do a second login (ssh, rsh, etc.) to the workstation machine 'otherhost' and then start up x11vnc on it.

Scripts to automate tunneling: As discussed below, there may be some problems with port 5900 being available. If that happens, the above port and display numbers may change a bit (e.g. -> 5901 and :1). However, if you "know" port 5900 will be free on the local and remote machines, you can easily automate the above two steps by using the x11vnc option -bg (forks into background after connection to the display is set up) or using the -f option of ssh. A simple example script, assuming no problems with port 5900 being taken on the local or remote sides, looks like: 

#!/bin/sh
# usage: x11vnc_ssh <host>:<xdisplay>
#  e.g.: x11vnc_ssh snoopy.peanuts.com:0

host=`echo $1 | awk -F: '{print $1}'`
disp=`echo $1 | awk -F: '{print $2}'`
if [ "x$disp" = "x" ]; then disp=0; fi

cmd="x11vnc -display :$disp -localhost -rfbauth .vnc/passwd"
enc="copyrect tight zrle hextile zlib corre rre raw"

ssh -f -L 5900:localhost:5900 $host "$cmd"

for i in 1 2 3
do
        sleep 2
        if vncviewer -encodings "$enc" :0; then break; fi
done

See also rx11vnc.pl below.

Another method is to start the VNC viewer in listen mode "vncviewer -listen" and have x11vnc initiate a reverse connection using the -connect option: 

#!/bin/sh
# usage: x11vnc_ssh <host>:<xdisplay>
#  e.g.: x11vnc_ssh snoopy.peanuts.com:0

host=`echo $1 | awk -F: '{print $1}'`
disp=`echo $1 | awk -F: '{print $2}'`
if [ "x$disp" = "x" ]; then disp=0; fi

cmd="x11vnc -display :$disp -localhost -connect localhost"   # <-- note new option
enc="copyrect tight zrle hextile zlib corre rre raw"

vncviewer -encodings "$enc" -listen &
pid=$!
ssh -R 5500:localhost:5500 $host "$cmd"
kill $pid

A third way is specific to the TightVNC vncviewer special option -via for gateways. The only tricky part is we need to start up x11vnc and give it some time to start listening for connections (so we cannot use the TightVNC default setting for VNC_VIA_CMD): 

#!/bin/sh
# usage: x11vnc_ssh <host>:<xdisplay>
#  e.g.: x11vnc_ssh snoopy.peanuts.com:0

host=`echo $1 | awk -F: '{print $1}'`
disp=`echo $1 | awk -F: '{print $2}'`
if [ "x$disp" = "x" ]; then disp=0; fi

VNC_VIA_CMD="ssh -f -L %L:%H:%R %G x11vnc -localhost -rfbport 5900 -display :$disp; sleep 5" 
export VNC_VIA_CMD

vncviewer -via $host localhost:0      # must be TightVNC vncviewer.

Of course if you already have the x11vnc running waiting for connections (or have it started out of inetd(1)), you can simply use the TightVNC vncviewer -via gateway host:port in its default mode to provide secure ssh tunnelling.

VNC password file: Also note in the first example script that the option "-rfbauth .vnc/passwd" provides additional protection by requiring a VNC password for every VNC viewer that connects. The vncpasswd or storepasswd programs, or the x11vnc -storepasswd option can be used to create the password file. x11vnc also has the slightly less secure -passwdfile and "-passwd XXXXX" options.

Important: It is up to you to tell x11vnc to use password protection, it will not do it for you automatically. The same goes for encrypting the channel between the viewer and x11vnc: it is up to you to use ssh, stunnel, VPN, etc. Also look into the -allow and -localhost options and building x11vnc with tcp_wrappers support to limit host access.

Downloading x11vnc:

x11vnc is a contributed program to the libvncserver project at SourceForge.net. I use libvncserver for all of the VNC aspects; I couldn't have done without it. The full source code may be found and downloaded (either file-release tarball or CVS tree) from the above link. As of Aug 2004, the x11vnc-0.6.2.tar.gz source package is released (recommended download) . The x11vnc package is the subset of the libvncserver package needed to build the x11vnc program. Please do not use the LibVNCServer-0.6 tarball: it contains an older, more buggy version of x11vnc (Oct 2003) that you likely want to avoid. Also, you can get a copy of my latest, bleeding edge x11vnc.c file to replace the one in the above packages or the one in the CVS tree and then rebuild.

See the FAQ below for information about where you might obtain a precompiled x11vnc binary from 3rd parties.

To obtain VNC viewers for the viewing side (Windows, Mac OS, or Unix) try here:

More tools: Here is a rsh/ssh wrapper script rx11vnc that attempts to automatically do the above Steps 1-3 for you (provided you have rsh/ssh login permission on the machine x11vnc is to be run on). The above example would be: rx11vnc far-away.east:0 typed into a shell on sitting-here.west. Also included is an experimental script rx11vnc.pl that attempts to tunnel the vnc traffic through an ssh port redirection (and does not assume port 5900 is free). Have a look at them to see what they do and customize as needed:

Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

 You can use PayPal to to buy a cup of coffee for authors of this site

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 15, 2021