System Administration Made Simpler, Part 4
Who says system administration can't be fun? My lovely and wonderful wife, Sally, is busy using this week's system administration feature to play Kpoker, the K Desktop Environment poker game. She's not busy checking on logs, administering print queues, or even running a process analyzer. She's playing poker. Of course, earlier on, I took control of her Windows 95 PC and started to edit a letter she was working on, so it probably serves me right. In the interest of telling you all about this marvelous tool, I decided to connect to her Windows 95 session and see how the KDE poker game she was playing on our server was doing. Turns out she was losing all our money. Well, that's gambling for you.
Oh—did I mention I am talking about a fantastic remote administration tool that works with not only Windows, Solaris, DEC Alphas running OSF1, but even that old favorite of the desktop publishing world, the MacIntosh?
This great tool is VNC (Virtual Network Computing) from AT&T Laboratories in Cambridge, England. VNC is a package that allows you to view other computer desktops from your own desktop. For instance, I could be running an X server on a Linux machine from a Windows 95 or NT box, or doing the reverse. I can do it from my internal network or across the Internet.
The system administrator in a large company with a number of Windows workstations knows the headaches of all the simple “operator” error calls that nonetheless require a great deal of work and time as you walk the user through the right steps to solve their problems. Wouldn't it be great if you could take control of their desktops and do it for them while they watch and learn? Now, I know there are commercial packages that can do this, but not necessarily from your Linux desktop. They also cost more than VNC.
That's right. VNC is distributed free of charge.
IMAGE WARNING! You know the old expression, “you've got to see this”, used by salespeople and promoters worldwide and history-deep. In the case of VNC, trust me. You've got to see this. Nothing I tell you here beats actually using the product (despite the fact that I tell it very nicely <insert appropriate smiley here>). Before I get into how to setup this product, I'll let you in on its hiding place. To get your free copy of VNC, surf on over to www.uk.research.att.com/vnc/.
From the download page, select the version that works for your system. I picked up both the Linux and the Windows versions. Installation is a breeze. For Linux, simply extract the tar archive and follow the installation procedures described in the accompanying README. For the impatient, here it is in a nutshell.
# tar -xzvf vnc-3.3.3_x86_linux_2.0.tgz # cd vnc_x86_linux_2.0 # cp vncviewer vncserver vncpasswd Xvnc /usr/local/bin # mkdir -p /usr/local/vnc/classes # cp classes/* /usr/local/vnc/classes
The last two lines copy the Java classes to use with the Java VNC viewer. You do not have to do this, but considering what I tell you later on about the browser side of VNC, you'll be glad you did. For the installation part, there's not much else to do. Let's start with the heart of VNC—the server.
This is actually a Perl script that runs the Xvnc server. Use it to run Xvnc. You may have to change the first line of the script to reflect the location of your Perl binary.
You start a vncserver by logging on to the Linux (or UNIX) system you want to administer remotely. To start the command, type the following:
# vncserver hostname:session_number
With VNC, you can run multiple sessions and connect to different servers. By default, the session numbers start at 1 and go up from there, but you can specify session 3 (for instance) right from the start by typing vncserver hostname:3. This highlights another benefit of VNC. Until you kill a VNC session, it retains its current state. That means you can disconnect from a session, reconnect later, and return right where you left off. In fact, you can even share a session so multiple users can access it. More on that later.
When you start the vncserver for the first time, you will be prompted for a password to access the server. You can always change it later using the vncpasswd command. Once the server is activated, you can connect to it using the vncviewer command. The format is as follows:
# vncviewer host:session_number
To exit the viewer (or send specific key sequences), use the F8 key. Then click on “Quit Viewer” to close the session. You can also start a shared session so that others may use the same X Window session with this version of the command:
# vncviewer -shared host:session_number
When you start the vncserver, it creates a .vnc directory under your home directory (/root/.vnc). Several files are kept here. You'll find a log file associated with each server you run and a .pid file to allow for removal of the server. By the way (since I mentioned it earlier), you kill a vncserver process like this:
# vncserver -kill :1
Remember that the :1 could be a :2 or :3, depending on the session you are trying to kill. That said, the other file I want you to look at is this one:—xstartup. If you do a cat on the file, you get something that looks like this:
#!/bin/sh xrdb $HOME/.Xresources xsetroot -solid grey xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" & # twm & startkde &
Notice the second-to-last line is commented out, and a “startkde” line is added below. This is because VNC uses twm (the Tab Window Manager) as its default desktop. I chose to run KDE instead, and added the line that follows. If you prefer another window manager, add the startup here.
Just when you thought it couldn't get any better . . . the VNC viewer can also be run from your favorite web browser through a small Java applet. From your Netscape browser, use this URL (substituting host and session_number with yours) to access the Java client.
Let me clarify that a bit. I have a machine with a hostname of “gateway” (as in a gateway to my intranet) on my network. If I wanted to connect to vncserver session number 1 on that machine, my URL would look like this:
Java starts on your browser and you are presented with a password prompt, the one we gave when we first started the server. Unlike the command-line viewer, you don't use function keys to cut and paste or disconnect from the session. Four small buttons remain at the top of the screen for you to use.
This is a small, fast client that responds very quickly. With the browser client, you can access your Linux (or UNIX) server from any PC (with a Java-capable browser, of course).
How about Windows? Earlier on, I mentioned that VNC offers a server for Windows as well. Using this product, you no longer have to spend hours on the phone walking a user through a problem with a Windows application; simply take control. To do this, you will need to install the Windows product which comes as a .zip file. The current version of the file is vnc-3.3.3r2_x86_win32.zip. This will work with all Windows 9x, Windows NT and Windows 2000 products.
Extract the file into a directory of your choice (using your favorite Windows archive client, such as pkzip or WinZip). Two folders will be created. One is “vncviewer” and contains a single executable, vncviewer.exe, which can be run to access your Linux server (or any VNC server) without any special installation. You can put this file on a diskette and carry it around with you if you do not want to install it on every PC. The other directory is “winvnc” and contains the full distribution, including the VNC server for Windows. To install, simply run the setup.exe file in the folder.
Next, click on Start, Program Files, VNC, followed by Administrative Tools. Click on the Install Registry Key link, then click on Install WinVNC Service. To run the server, either reboot or click on Start WinVNC Service. You should see a little VNC icon appear in the tray of your Windows task bar (over by the clock on the right-hand side). Now, go back to your Linux machine and run your vncviewer (either from the command line or the browser) by connecting to the host at service_number “0”. In other words, for me to connect to my PC called “natika”, I would run either of these two commands, the second actually being a URL and not a command.
# vncviewer natika:0 http://natika:5800/
This is important. Unlike on the Linux server, you cannot run multiple sessions of VNC from Windows. You are not magically given a multi-user Windows system. This is strictly remote control (which is still pretty cool).
The last thing I should mention is that you can also run a VNC viewer from Windows by selecting it in the VNC program group (“Start”, “Program Files”, “VNC”, etc).
It's that time again, where I rambled on for longer than I should have. This is a cool product that should be in every sysadmin's arsenal. Check it out.
Until next time, remember the KISS rule: Keep It Simple, Sysadmin.
N.B. Looking for Parts 1-3? Visit our index here.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- The Qt Company's Qt Start-Up
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- The Humble Hacker?
- The Death of RoboVM
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide