Gentoo Wiki ArchivesGentoo Wiki

HOWTO_Xvnc_terminal_server


Please format this article according to the guidelines and Wikification suggestions, then remove this notice {{Wikify}} from the article


 XOrg IndexConfigurationHIDevices
FontsVideo CardsMonitors  


This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc

Xvnc is the X VNC (Virtual Network Computing) server. It is based on a standard X server, but it has a "virtual" screen rather than a physical one. X applications display themselves on it as if it were a normal X display, but they can only be accessed via a VNC viewer.

To the applications it is an X server, and to the remote VNC users it is a VNC server. By convention the Xvnc developers have arranged that the VNC server display number will be the same as the X server display number, which means you can use eg. snoopy:2 to refer to display 2 on machine "snoopy" in both the X world and the VNC world.


Contents

Preinstall

First of all, you should decide which version of VNC you'd like to use. RealVNC isn't really recommended - TightVNC is more secure and efficient. XF4VNC should be more efficient and secure than RealVNC as well, and also support GLX extensions, which TightVNC does not.

You may find that you need to make a link to the fonts directory in order for the Xvnc server to work (This will also work for realvnc): ln -s /usr/share/fonts/ /usr/lib/X11/fonts

and also: ln -s /usr/share/X11/rgb.txt /usr/lib/X11/rgb.txt

The server portion of VNC is controlled by the server USE flag, so you'll want to enable this for the appropriate package. You can do this by adding it to /etc/portage/package.use with, for example if you're going to use RealVNC: echo "net-misc/vnc server" >> /etc/portage/package.use

Install

For RealVNC:

emerge vnc

For TightVNC:

emerge tightvnc

And for the vnc.so module, install XF4VNC:

emerge xf4vnc

RealVNC is not not really compatible with the other two, even if portage doesn't currently tell you that. The binaries will be located in different directories, which may or may not be included in your $PATH. However, TightVNC does not currently come with vnc.so module for Xorg, which comes in the xf4vnc package.

Note: For me, the vnc.so that xf4vnc-4.3.0.104 provides wasn't compatible with tightvnc-1.3.9 on xorg-server-1.3.0.0-r2, which forced me to use realvnc - Kakalto 02:09, 9 December 2007 (UTC)

Conflicts

You will see that both XF4Vnc and TightVnc packages provide the Xvnc binary. How big a problem this is, we'll see (I do not know). :) Fix the wiki as you see fit.

You now have an option if you are installing both XF4Vnc and TightVnc. To avoid this conflict, disable the server and vncviewer USE flags for the XF4Vnc package. The server flag enables/disables building of the server if you just want the viewer.

 $ equery belongs Xvnc
[ Searching for file(s) Xvnc in *... ]
net-misc/xf4vnc-4.3.0.104 (/usr/X11R6/bin/Xvnc)
net-misc/tightvnc-1.2.9-r3 (/usr/bin/Xvnc)

 $ equery belongs vncviewer
[ Searching for file(s) vncviewer in *... ]
net-misc/xf4vnc-4.3.0.104 (/usr/X11R6/bin/vncviewer)
net-misc/tightvnc-1.2.9-r3 (/usr/bin/vncviewer)

Shut down the X server (`/etc/init.d/xdm stop` or similar) and add the vnc module to xorg.conf (TightVNC does not provide the vnc module as of version 1.2.9, so this step is not required).

File: /etc/X11/xorg.conf

Section "Module"
    Load "vnc"
EndSection

Start X up again and check the logs if the module was loaded: grep vnc /var/log/Xorg.0.log

If the module did not load, you may need to link it (and restart X): ln -s /usr/lib/modules/vnc.so /usr/lib/xorg/modules/

Server password

Once finished, this should give you four vnc-related programs, including vncconnect, vncpasswd, vncserver, and vncviewer.

Now, wasn't that easy? We're not quite there yet, but you can easily test out your new VNC installation by starting your vnc server. You will be asked to enter a password for vnc viewer clients to authenticate themselves by, so go ahead and enter that and verify it. Next, you will be asked to enter a password for "view only" clients, meaning that they can see the desktop but cannot interface with it. Great for demonstrations! After you have gone through the password process, vncserver will finish initializing.

Here's what you'll see:

vncserver
You will require a password to access your desktops.
---
Password:
Verify:
---
Would you like to enter a view-only password (y/n)? n
New 'X' desktop is BigBox:1
---
Creating default startup script /root/.vnc/xstartup
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/BigBox:1.log

Simple testing

With that done, test out the VNC server!

vncviewer BigBox:1

This will open up a 800x600x24bit client. What you'll see is one very ugly desktop! But it's a start, and it proves that you're one big step closer to remote desktop. If you want another resolution or color-depth, just use the two last number shown in the services file.

Remember to route ports (5950-5954, 5960-5964, 5970-5974, 5980-5984) for external access. (You must configure your router/firewall, which is very individual depending on what kind of configuration you have)

If you are connecting from a windows box just open the Tightvnc viewer dialog and make sure you append the :1 to the end of the IP.

If you want a fully featured desktop when you login, you can choose the startup programs in {HOME}/.vnc/xstartup. You can remove the 'xterm' and 'fvwm' programs and add 'kwin & startkde' for the K Desktop.

File: {HOME}/.vnc/xstartup
kwin &
startkde

Automatic vncserver response

Xinetd

Xinetd is used to automatically launch vncserver upon a vncviewer call from an external client.

emerge xinetd
rc-update add xinetd default


There are several ways to allow xinetd to listen to external calls, here are some examples:

To open connections to all edit /etc/xinetd.conf and put a # in front of the line: (you can also remove the line completely)

#only_from = localhost

If you only want access from internal hosts you can list them:

only_from = 192.168.0.1 192.168.0.2

For one interface to listen you can specify that interface's IP:

bind = 192.168.0.1


Warning: The top example allows any and all hosts from the outside to connect.


File: /etc/xinetd.conf
{
  instances = 60
  log_type = SYSLOG authpriv 
  log_on_success = HOST PID
  log_on_failure = HOST
  cps = 25 30
}
includedir /etc/xinetd.d

Add services

Edit these 2 files:

File: /etc/services
#
# VNC Servers
#
vnc-640x480x8 5950/tcp
vnc-800x600x8 5951/tcp
vnc-1024x768x8 5952/tcp
vnc-1280x1024x8 5953/tcp
vnc-1600x1200x8 5954/tcp

vnc-640x480x16 5960/tcp
vnc-800x600x16 5961/tcp
vnc-1024x768x16 5962/tcp
vnc-1280x1024x16 5963/tcp
vnc-1600x1200x16 5964/tcp

vnc-640x480x24 5970/tcp
vnc-800x600x24 5971/tcp
vnc-1024x768x24 5972/tcp
vnc-1280x1024x24 5973/tcp
vnc-1600x1200x24 5974/tcp

vnc-640x480x32 5980/tcp
vnc-800x600x32 5981/tcp
vnc-1024x768x32 5982/tcp
vnc-1280x1024x32 5983/tcp
vnc-1600x1200x32 5984/tcp

Create /etc/xinetd.d/xvncserver if it does not exist already. Warning: Make sure your editor (such as nano) does not wrap any of the long lines. If it does you will get connection refused errors. See: TIP Nano No Auto-wrap

File: /etc/xinetd.d/xvncserver
service vnc-640x480x8
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 640x480 -depth 8 -SecurityTypes=None  
}
service vnc-800x600x8
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 800x600 -depth 8 -SecurityTypes=None 
}
service vnc-1024x768x8
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 1024x768 -depth 8 -SecurityTypes=None 
}
service vnc-1280x1024x8
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 1280x1024 -depth 8 -SecurityTypes=None 
}
service vnc-1600x1200x8
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 1600x1200 -depth 8 -SecurityTypes=None 
}
service vnc-640x480x16
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 640x480 -depth 16 -SecurityTypes=None 
}
service vnc-800x600x16
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 800x600 -depth 16 -SecurityTypes=None 
}
service vnc-1024x768x16
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 1024x768 -depth 16 -SecurityTypes=None 
}
service vnc-1280x1024x16
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 1280x1024 -depth 16 -SecurityTypes=None 
}
service vnc-1600x1200x16
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 1600x1200 -depth 16 -SecurityTypes=None 
}
service vnc-640x480x24
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 640x480 -depth 24 -SecurityTypes=None 
}
service vnc-800x600x24
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 800x600 -depth 24 -SecurityTypes=None 
}
service vnc-1024x768x24
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 1024x768 -depth 24 -SecurityTypes=None 
}
service vnc-1280x1024x24
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 1280x1024 -depth 24 -SecurityTypes=None 
}
service vnc-1600x1200x24
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 1600x1200 -depth 24 -SecurityTypes=None 
}
service vnc-640x480x32
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 640x480 -depth 32 -SecurityTypes=None 
}
service vnc-800x600x32
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 800x600 -depth 32 -SecurityTypes=None 
}
service vnc-1024x768x32
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 1024x768 -depth 32 -SecurityTypes=None 
}
service vnc-1280x1024x32
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 1280x1024 -depth 32 -SecurityTypes=None 
}
service vnc-1600x1200x32
{
         protocol = tcp
         socket_type = stream
         wait = no
         user = nobody
         server = /usr/bin/Xvnc
         server_args = -inetd -query localhost -once -geometry 1600x1200 -depth 32 -SecurityTypes=None 
}

Note: TightVNC users!

As you can see, we use the nobody user to open a vnc session and -SecurityTypes=None to make VNC allow connecting without a password, only use -SecurityTypes=None if using RealVNC as TightVNC does not support this option!

Let's do the next step, configure the login manager. Once connected, the user will authenticate in your chosen login manager and the chosen session will be launched.

IF you want to allow anonymous logins, the user nobody must have a valid shell assigned when using the login manager. You will only get a gray screen when connecting if nobody has the default /bin/false set.

usermod -s /bin/bash nobody

If you use kdm, no modification is required to the user nobody.

You might want to make sure you have XSESSION set. This is for KDE use xdm | gnome accordingly.

File: /etc/rc.conf
XSESSION="kde-3.5"

Login manager (XDMCP)

xdm

These changes are only required, if your display manager is XDM. If you use GDM or KDM, see the next sections.

Open /etc/X11/xdm/xdm-config with your favorite editor.

Look at the last line : "DisplayManager.requestPort: 0"

Comment it out by inserting a ! at the beginning of the line.

File: /etc/X11/xdm/xdm-config
!DisplayManager.requestPort:     0

Edit /etc/X11/xdm/Xaccess and uncomment the line " '* #any host can get a login window" by removing the single quote. You could also change it to 192.168.0.* for some security

kdm

edit /etc/kde/kdm/kdmrc (or /usr/kde/3.?/share/config/kdm/kdmrc) and enable XDMCP on port 177

File: /usr/kde/3.4/share/config/kdm/kdmrc
[Xdmcp]
# Whether KDM should listen to XDMCP requests. Default is true.
Enable=true
# The UDP port KDM should listen on for XDMCP requests. Don't change the 177.
Port=177


File: /usr/kde/3.?/share/config/kdm/Xaccess
*       CHOOSER BROADCAST   #any indirect host can get a chooser

or

192.168.0.* # hosts allowed are from the network 192.168.0

gdm

start gdmsetup and go the tab "Security" Make sure 'Enable XDMCP' is checked.

Alternately, edit /etc/X11/gdm/gdm.conf

File: /etc/X11/gdm/custom.conf
[xdmcp]
# Add or alter the following line
Enable=True

Set access

To prevent a problem where you can log in, but then only get a blank screen, edit /etc/security/pam_env.conf and make sure the following lines ARE COMMENTED (have # in front):

File: /etc/security/pam_env.conf
#REMOTEHOST     DEFAULT= OVERRIDE=@{PAM_RHOST}
#DISPLAY        DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
#XAUTHORITY     DEFAULT= OVERRIDE=@{XAUTHORITY}

Restart services

Note : Restarting xdm will end your X session

/etc/init.d/xinetd restart
/etc/init.d/xdm restart

Tunneling through SSH

I use VNC over SSH to connect to computers at my local uni where the Cisco sniffers drop any sort of VNC packets (no matter what the port).

1) start vncserver on the host
2) on the client do: ssh -f -N -L localPort:vncServer:vncServerPort username@vncServerPort

Note: (Should that be
ssh -f -N -L localPort:vncServer:vncServerPort username@vncServer
-MJL)
-f      Requests ssh to go to background just before command execution. This is useful if ssh is going to ask for passwords or passphrases, 
but the user wants it in the background.  This implies -n.  The recommended way to start X11 programs at a remote site is with something 
like ssh -f host xterm.
-N      Do not execute a remote command.  This is useful for just forwarding ports (protocol version 2 only).
-L      [bind_address:]port:host:hostport

Rather than duplicate information (and to credit the original author), I will link to This page:

http://pigtail.net/LRP/vnc/ (this page is for windows).

Additional notes for AMD64 users

Note: I have had no problems TightVNC version 1.3.9 on my amd64 system. Any previous issues seem to have been resolved.

For now tightvnc seems to segfault when compiled for x86_64. If you really want to get it running on amd64, you might carefully try this:

Set up a 32bit chroot environment as explained in http://www.gentoo.org/proj/en/base/amd64/technotes/index.xml?part=1&chap=4#doc_chap3 and then compile tighvnc static for 32bit

echo "net-misc/tightvnc static" >>/etc/portage/package.use
emerge tightvnc
quickpkg tightvnc

copy the package to /usr/portage/packages/All and install it on the 64bit system.

echo "net-misc/tightvnc ~amd64" >>/etc/portage/package.keywords
emerge tightvnc --usepkg -pv
emerge tightvnc --usepkg

At least this works for me.

Having Troubles? Get Xvnc to write a log

Create the directory /usr/adm and chmod adm so that the user nobody will have write permission. Xvnc started with -inetd option will create logs there.

From --> http://www.dei.isep.ipp.pt/~andre/extern/ixvnc.htm

References

Retrieved from "http://www.gentoo-wiki.info/HOWTO_RealVNC%2C_TightVNC%2C_XF4VNC"

Last modified: Mon, 15 Sep 2008 10:48:00 +1000 Hits: 122,495

Created by NickStallman.net, Luxury Homes Australia
Real estate agents should list their apartments, townhouses and units in Australia.