Remotely administering machines graphically, with VNC
Posted by Steve on Sat 7 May 2005 at 17:08
99% of all remote administration jobs can be carried out with only shell access via SSH. But some jobs require you to interact with a graphical application, those jobs can be handled with VNC.
VNC is a standard protocol meaning 'virtual network computer' it allows you to share a desktop environment across a network and connect to it from another machine.
VNC comes in two halves; a server which shares a desktop and a client which allows you to connect. These different programs are available for a wide range of platforms, include Microsoft Windows, GNU/Linux, Macintosh, and more.
Debian contains several different VNC-related packages allowing you to share your desktop, or connect to others with ease.
There are several servers packaged for the Debian distribution. To understand why it might be useful to know some of the history of the VNC software.
Initially VNC was a research project which was available from its old homepage. Over time development forked into two different versions:
- TightVNC - a fork with better compression
- TridiaVNC another fork.
- RealVNC - from the original authors.
None of that matters too much, except to explain some of the names you might come across. Each of the available clients works with each of the available servers - just some features might not be available such as file transfers.
To get started with VNC you'll obviously need to install a server and a client, which server to install depends on what you want to do.
If you wish to login to a machine and make it's display available to another machine for when you leave you'll want to install the x11vnc package.
If instead you wish to have each incoming connection get a new desktop which is not related to anything on the active X11 desktop you'll need to install the vncserver package.Using x11vnc
x11vnc is a very simple program to use, it's a program which will make your currently running desktop available accross the network without any security by default.
If you're logged into X on a machine, and you wish to go work at another desktop, or from a different room and security isn't a concern then it's perfect.
Before you leave you just need to run:x11vnc -many &
The -many parameter means that when a connection is terminated it starts listening again for many more incoming connections - note that only one connect at a time is supported.
If you have a group of machines on a LAN then you might wish to consider starting the program when you login to X.
If you wish to use password protection you can do that too, by storing the password in a file as follows:x11vnc -storepasswd 'my-password' ~/.x11vncpasswd
Once the password has been stored (in a scrambled fashion) you can tell the server to use it as follows:x11vnc -rfbauth ~/.x11vncpasswd
This package allows you to setup a password protected server to which a client can connect and get a pristine desktop - this desktop isn't connected to any running X11 window system.
Typically this is the server that users want, partly because of the password protection, and partly because it's distinct from the desktop environment which the server might be running.
Install the server with the predictable:apt-get install vncserver
Once the server is installed you need to do two things:
- Setup a password to control access.
- Optionally customize the server.
- Start the server.
To setup the initial password you must run:vncpassword
This will save a scrambled password in the file ~/.vnc/passwd.
Once that's been done you can create a new server by invoking:vncserver
This will start a new server and show you the "desktop" it is running upon. This is something that you'll need to know when connecting to the server.
Because more than one VNC server can be available at a time upon a host there's a notion of the "desktop number" which a given server is running on.
These desktop numbers start at 1, and increase.
The first server you'll start on the machine lappy will be called lappy:1, the next will be lappy:2, and so on.
(lappy and lappy:1 are synonymous - which is why when you connect with a client you can just use the hostname lappy, that means to connect to the first server).
If you wish to change the way the server runs you've got a couple of choices.
You can modify the global configuration by editting the file /etc/vnc.con, copying this file to your home directory and naming it .vncrc will affect just servers you start.
Another common option is to adjust the window manager that remote users will recieve.
For example if you have the GNOME desktop installed for your use you might wish incoming connections to use a more light-weight window manager such as IceWM. To do that you modify the file ~/.vnc/xstartup.
You can mandate a window manager by changing this file to read, for example:exec icewm
Of course once you've started one of the servers you'll need a client. One popular client is xvncviewer.
Installation is simple:
apt-get install xvncviewer
Once it's installed you can connect to a running server by using:
If invoked with no arguments you'll be prompted for the host you wish to connect to, and if necessary a password.