Remote Viewing-Not Just a Psychic Power
The server command is simply
vncserver. When you run this command,
a directory named .vnc is created in your home directory if it doesn't
exist already. If a password has not been set yet for this instance of
the VNC server, it will ask you to enter one. It is saved in the file
passwd in encrypted form. If you want to change it, you can use the
vncpasswd. In this directory, you also
should find log files
for each instance of vncserver that you start, as well as a pid file
containing the PID of any currently running instances of vncserver.
The last file of interest is the xstartup file. This is the file that is used when you start vncserver to set up all the required options and also lay out what will be run on the vncserver desktop. The defaults on my Ubuntu system look like this:
#!/bin/sh xrdb $HOME/.Xresources xsetroot -solid grey #x-terminal-emulator -geometry 80x24+10+10 -ls -title ↪"$VNCDESKTOP Desktop" & #x-window-manager & # Fix to make GNOME work export XKL_XMODMAP_DISABLE=1 /etc/X11/Xsession
So in this case, it sets the background to gray and then tries to run whatever session is defined in the global script Xsession. This is where you can do some editing and make it your own. I prefer Fluxbox as a window manager on smaller screens. So you can simplify this to:
#!/bin/sh xrdb $HOME/.Xresources startfluxbox
Starting this gives you a nice-looking desktop running Fluxbox. If the
client that is going to be connecting to this has to deal with a smaller
screen size (like on a Netbook), you can set the desktop size on the
command line with the
-geometry option. You also can set the color
depth of the virtual desktop with the
-depth option. So, to set up a
server that looks nice when I connect to it from my Netbook, I would use
vncserver -geometry 800x600
Now, what about the other end? There are two general classes of vncviewer applications, GUI and command line. The GUI versions, like the most common ones for Mac OS X and Windows, have point-and-click access to all the relevant options. They also have them in different locations, depending on who wrote your particular favorite viewer. Because VNC is a protocol (kind of like FTP or HTTP), there is a great deal of variation in what you get from the various implementers. Let's look at the command-line versions here and see what you can do with those. The GUI versions should have comparable options available. To connect to a vncserver, you would run:
hostname is either the true hostname of the remote machine or its
port is the port number on which the vncserver is listening,
starting at 1. This number is added to the default starting port number
5900, so the actual network port number in this case is 5901. This will
try to connect to the given server, and it will ask for a password if
one had been set during vncserver's startup. Then, you get a nice
Figure 2. Fluxbox Running under vncserver
There are lots of options for changing various parts of what is being transmitted, such as the encoding algorithm, the compression level and the quality level. Playing with these options can improve your session's responsiveness, potentially at the cost of some image quality. Depending on what work you are trying to do, this may not be a trade-off you are willing to make.
Although you can force some kind of authentication on VNC, that may
not be enough in these security-conscious days. You may have to work
with a remote machine that sits behind a firewall that allows only SSH
traffic. What can you do? VNC allows for tunneling of the protocol over an
SSH connection by using the
-via gateway option. This gateway machine
is the machine that you are SSHing in to for the tunneling. If this
is the same machine as your vncserver, the command would look like this:
vncviewer -via email@example.com localhost:1
This tells vncviewer to
ssh to somehost.com as user "user", then connect
to vncserver on the localhost to somehost.com—in other words, somehost.com
itself. There is no reason that these need to be the same machine. This
means you could connect to a vncserver on a machine behind a security
gateway machine. In this case, it would look like this:
vncviewer -via firstname.lastname@example.org someotherhost.com:1
Be aware that VNC still will ask you to authenticate after the SSH session has been established.
Hopefully, this article has provided some options for those times when you just can't live without a nice graphical interface. Even when you are forced to squeeze through an SSH connection, you still can have all of that great GUI goodness. If you know of other ways of getting a graphical interface on a remote machine, I would love to hear about them.
Joey Bernard has a background in both physics and computer science. This serves him well in his day job as a computational research consultant at the University of New Brunswick. He also teaches computational physics and parallel programming.
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems
Join editor Bill Childers and Bit9's Paul Riegle on April 27 at 12pm Central to learn how to keep your Linux systems secure.
Free to Linux Journal readers.Register Now!
|Security Hardening with Ansible||Aug 18, 2014|
|Monitoring Android Traffic with Wireshark||Aug 14, 2014|
|IndieBox: for Gamers Who Miss Boxes!||Aug 13, 2014|
|Non-Linux FOSS: a Virtualized Cisco Infrastructure?||Aug 11, 2014|
|Linux Security Threats on the Rise||Aug 08, 2014|
|Android Candy: Oyster—Netflix for Books!||Aug 07, 2014|
- Security Hardening with Ansible
- NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
- Monitoring Android Traffic with Wireshark
- Tech Tip: Really Simple HTTP Server with Python
- RSS Feeds
- IndieBox: for Gamers Who Miss Boxes!
- [<Megashare>] Watch Mrs Brown's Boys Movie Online Full Movie HD 2014
- Linux Security Threats on the Rise
- Linux Systems Administrator
- Cooking with Linux - Serious Cool, Sysadmin Style!