VNC - Virtual Network Computing

There are many ways to do VNC, starting with different platforms from which to view the different hosts, progressing through all the various VNC applications, and ending with all the authentication mechanisms. If you want to do VNC, pack a lunch and sit down with Google and a note pad. Maybe pack your dinner too because you may be in for a long time searching. Far too many sites just regurgitate the man pages, or expouse the standard steps with little actual useful information. What follows here is what I've successfully done. Ymmv.

• Using VNC to view a Linux host on a trusted lan
• Using VNC to view a distant Linux host through a SSH tunnel
• Using a proxy to tunnel VNC from one host to another
• Using tightvnc to view a remote virtual X-11 display
• Using x11vnc to view a remote existing X-11 display
• Using Xvnc to view a remote virtual X-11 display

Background

VNC uses the port range 59nn where nn is the display number of the X-11 session being viewed (or 58nn through a web browser). In a trusted LAN environment VNC is simple; run the server on the remote host, and run the viewer on the local host. Over the internet it's best to use a secure tunnel such as ssh. When using a tunnel, the remote host connects via 127.0.0.1 so there is no need for it to listen to the LAN interface. Therefore, if possible start the VNC server with a -localhost option to restrict listening to just 127.0.0.1

Because MS-Windows doesn't do virtual displays, only the existing Windows desktop can be viewed with VNC. If viewing a NT-4 box, the vnc menu has an option to send Ctrl-Alt-Del to the NT box to get a login screen. I don't know about the more recent versions of Windows. I only use MS-Windows to administer remote Linux boxes, not the other way 'round.

Most Linux VNC server programs start a virtual X-11 session on the remote host. If you want to view a real X-11 session, use x11vnc.

sudo aptitude install x11vnc

NOTE: My experience with this indicates you should initially try this out while in view of both hosts. If the existing session is in screen-blanking mode with a black screen, you may think you haven't connected when you really have. In a Gnome desktop, when the remote mouse moves the login dialogue doesn't make it to the remote display and all you see is a black screen.

Once the local host is displaying the remote X-11 session, F-8 should pop up a menu offering options such as "Full Screen", "End Session", etc.

If tunneling, your router must port-forward TCP port 22 (or whatever SSH port your systems use). If you haven't used SSH before, stop here and get that all working before you proceed with VNC.

The difference between the xtightvncviewer and the normal vncviewer is the data encoding, optimized for low bandwidth connections. The difference between tightvncpasswd and vnc4passwd is that with tightvncpasswd the server passwords can be encrypted instead of merely "obfuscated"

Packages

tightvncserver - Provides:

• /usr/bin/tightvncserver - a wrapper to launch an X server for VNC
• /usr/bin/Xtightvnc - an X server providing VNC connectivity
• /usr/bin/tightvncconnect - connect a VNC server to a VNC viewer
• /usr/bin/tightvncpasswd - set passwords for VNC server

vnc4server - Provides:

• /usr/bin/Xvnc4 - the X VNC server
• /usr/bin/vnc4config - configure and control a VNC server
• /usr/bin/vnc4passwd - change a VNC password
• /usr/bin/vnc4server - start or stop a VNC server
• /usr/bin/x0vnc4server - VNC server which continuously polls an X display

xtightvncviewer - Provides:

• /usr/bin/xtightvncviewer - an X viewer client for VNC

xvnc4viewer - Provides:

• /usr/bin/xvnc4viewer - VNC viewer for X

gtkvncviewer - Provides:

• /usr/bin/gtkvncviewer - Small GTK+ tool to connect to VNC servers

x11vnc - Provides:

• /usr/bin/x11vnc - allow VNC connections to real X11 displays

The Debian Alternatives System

• /usr/bin/vncserver -> /etc/alternatives/vncserver -> /usr/bin/<Your preferred server>
• /usr/bin/vncviewer - > /etc/alternatives/vncviewer -> /usr/bin/<Your preferred viewer>
• /usr/bin/vncpasswd -> /etc/alternatives/vncpasswd -> /usr/bin/tightvncpasswd|vnc4passwd depending on your server
• /usr/bin/vncconnect -> /etc/alternatives/vncconnect -> /usr/bin/tightvncconnect
• /usr/bin/vncconfig -> /etc/alternatives/vncconfig -> /usr/bin/vnc4config

If you have more than one package installed it will be up to you to set the symbolic links. Oddly, vnc4server doesn't provide the vncconnect binary and the tightvncserver doesn't provide the vncconfig binary. Presumably, they are interchangeable.

I have all the above packages installed. In /usr/bin I have the following actual files:

• gtkvncviewer - provided by pkg gtkvncviewer
• tightvncconnect - provided by pkg tightvncserver
• tightvncpasswd - provided by pkg tightvncserver
• tightvncserver - provided by pkg tightvncserver
• vnc4config - provided by pkg vnc4server
• vnc4passwd - provided by pkg vnc4server
• vnc4server - provided by pkg vnc4server
• x0vnc4server - provided by pkg vnc4server
• x11vnc - provided by pkg x11vnc
• Xtightvnc - provided by pkg tightvncserver
• xtightvncviewer - provided by pkg xtightvncviewer
• Xvnc4 - provided by pkg vnc4server
• xvnc4viewer - provided by pkg xvnc4viewer

And the following symbolic links:

• vncconfig -> /etc/alternatives/vncconfig -> /usr/bin/vnc4config
• vncconnect -> /etc/alternatives/vncconnect -> /usr/bin/tightvncconnect
• vncpasswd -> /etc/alternatives/vncpasswd -> /usr/bin/vnc4passwd
• vncserver -> /etc/alternatives/vncserver - > /usr/bin/tightvncserver
• vncviewer -> /etc/alternatives/vncviewer -> /usr/bin/xtightvncviewer
• x0vncserver -> /etc/alternatives/x0vncserver -> /usr/bin/x0vnc4server
• Xvnc -> /etc/alternatives/Xvnc -> /usr/bin/Xvnc4
• xvncviewer -> /etc/alternatives/xvncviewer -> /usr/bin/xvnc4viewer

Note: I have changed the link for vncpasswd from vnc4passwd to tightvncpasswd because that's what I use.

In /usr/share/man/man1 I have the following actual man pages:

• gtkvncviewer.1.gz
• tightvncconnect.1.gz
• tightvncpasswd.1x.gz
• tightvncserver.1.gz
• vnc4config.1.gz
• vnc4passwd.1.gz
• vnc4server.1.gz
• x0vnc4server.1.gz
• x11vnc.1.g
• Xtightvnc.1.gz
• xtightvncviewer.1.gz
• Xvnc4.1.gz
• xvnc4viewer.1.gz

And the following symbolic links:

• vncconfig.1.gz -> /etc/alternatives/vncconfig.1.gz -> /usr/share/man/man1/vnc4config.1.gz
• vncconnect.1.gz -> /etc/alternatives/vncconnect.1.gz -> /usr/share/man/man1/tightvncconnect.1.gz
• vncpasswd.1.gz -> /etc/alternatives/vncpasswd.1.gz -> /usr/share/man/man1/vnc4passwd.1.gz
• vncserver.1.gz -> /etc/alternatives/vncserver.1.gz -> /usr/share/man/man1/tightvncserver.1.gz
• vncviewer.1.gz -> /etc/alternatives/vncviewer.1.gz -> /usr/share/man/man1/xvnc4viewer.1.gz
• x0vncserver.1.gz -> /etc/alternatives/x0vncserver.1.gz -> /usr/share/man/man1/x0vnc4server.1.gz
• Xvnc -> /etc/alternatives/Xvnc.1.gz -> /usr/share/man/man1/Xvnc4.1.gz
• xvncviewer.1.gz -> /etc/alternatives/xvncviewer.1.gz -> /usr/share/man/man1/xvnc4viewer.1.gz

Note the symbolic link Xvnc. This is an obvious error and should be renamed to Xvnc.1.gz
I also changed the link for vncpasswd.1.gz from vnc4passwd to tightvncpasswd.1x.gz

And now the fun stuff

Because a large percentage of VNC use is for people forced to use MS-Windows that want to connect to their Linux box, I'll discuss that first. There are two excellent programs that can be installed on a USB flash drive: portaPuTTY and TightVNC. TightVNC viewer for Windows is available as an executable that does not require installation. Also TightVNC Portable Edition is a specially packaged distribution which makes TightVNC keep its configuration and connection history in the installation directory (typically, on a USB flash drive), instead of using the registry of the host computer.

portaPuTTY is a hacked version of PuTTY that stores all its information in files, not in the registry.

1. On you home Linux box, sudo aptitude install tightvncserver
2. Port forward the SSH port on your router/firewall to the Linux box.
3. Go to work
4. On the Windows box install PuTTY (or insert your flash drive), set up a normal SSH session.
5. Verify that you can SSH to your home Linux box. Close the session.
6. Reload the PuTTY session, go to Connection/SSH/Tunnels dialog box.
7. Enter 5901 for Source port, localhost:5901 for Destination
8. Enter the run command: tightvncserver -geometry 800x600 -depth 8 -localhost -nevershared -dontdisconnect :1
9. Don't forget to save the session
10. Open the session. It should be a SSH session to the Linux box. Minimize it.
11. Run tightVNC viewer. Enter localhost:1 and the password you set for tightvnc server.
12. You now have a secure SSH tunnel running VNC between work and home.

If you want to access your real X-session, substitute x11vnc for tightvncserver. Run

x11vnc -find

if you are logged into an X-11 session. The display will be :0 instead of :1 so you will use 5900 for your SSH parameters.

To shrink the frame buffer from 1280x1024 to 980x768 run

x11vnc -scale 3/4 -find

If NO ONE is logged into an X session yet, but there is a greeter login program like "gdm", "kdm", "xdm", or "dtlogin" running, you will need to find and use the raw display manager MIT-MAGIC-COOKIE file. Some examples for various display managers:

• gdm: -auth /var/gdm/:0.Xauth
• kdm: -auth /var/lib/kdm/A:0-crWk72
• xdm: -auth /var/lib/xdm/authdir/authfiles/A:0-XQvaJk
• dtlogin: -auth /var/dt/A:0-UgaaXa

Sometimes the command "ps wwwaux | grep auth" can reveal the file location. also, x11vnc will have to be run with sudo

sudo x11vnc -display :0 -auth /var/lib/xdm/authdir/authfiles/A:0-XQvajk

more todo

and more

Send mail to the Webmaster

	This site best viewed with a browser
	Warning: This is a Debian centric site
	Many thanks to Debra and Ian Murdock for making Debian possible
	First created Feb 17, 2010 ~ Last revised July 11, 2010