The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.
Difference between revisions of "Package:Tigervnc"
m |
m |
||
| Line 16: | Line 16: | ||
{{console|body=###i## emerge net-misc/tigervnc}} | {{console|body=###i## emerge net-misc/tigervnc}} | ||
{{warning| | {{warning|Listening on any IP address is insecure, and VNC passwords can be brute-forced. It is much safer to use SSH-tunnelling to connect to a VNC session, and this wiki page will proceed to describe a SSH-tunnelling setup.}} | ||
By default, tigervnc listens on any IP address and uses simple password-based authentication. A common and safe approach to address the safety concerns is to use a ssh tunnel and allow TigerVNC only to connect to client requests that originate from the server itself. To listen only on localhost add the -localhost option to the start function of the init script : | |||
{{file|name=/etc/init.d/tigervnc|desc=|body= | |||
fi | |||
su ${shell} ${user%%:*} -c "source /etc/profile && cd ~${user%%:*} && vncserver :${user##*:} $vnc_opts -localhost" &>/dev/null | |||
done | |||
eend $? | |||
} | |||
}} | |||
===Client Configuration=== | ===Client Configuration=== | ||
Probably the safest way to connect to a remote VNC server with the tigervnc client is to create an appropriate | |||
ssh tunnel: | ssh tunnel: | ||
{{console|body=###i## ssh -L | {{console|body=###i## ssh -L 5901:127.0.0.1:5901 -N -f -l user www.example.com}} | ||
SSH will listen on port | SSH will listen on port 5901 of your local machine and forward/receive any data from the remote server as if it was originating from your machine. The same is true for the server: it thinks that the VNC client connecting to it is running on the server and listening on port 5901, while the connection is really coming from a remote host. The commands are exactly the same as a setup that runs a VNC client and server on a local machine. | ||
Check that ssh is running and listening on the right port: | Check that ssh is running and listening on the right port: | ||
{{console|body=###i## netstat -tlpn}} | {{console|body=###i## netstat -tlpn}} | ||
You should find a line that looks something like the one below: | You should find a line that looks something like the one below: | ||
{{console|body=tcp 0 0 127.0.0.1: | {{console|body=tcp 0 0 127.0.0.1:5901 0.0.0.0:* LISTEN 13309/ssh | ||
tcp6 0 0 ::1:5902 :::* LISTEN 13309/ssh}} | tcp6 0 0 ::1:5902 :::* LISTEN 13309/ssh}} | ||
Now, run TigerVNC and type in the address and port you're listening to. In this case, we're listening | Now, run TigerVNC and type in the address and port you're listening to. In this case, we're listening | ||
on our local machine (127.0.0.1) and port : | on our local machine (127.0.0.1) and port :5901, so the line entered in the TigerVNC dialog should be: | ||
{{console| body=127.0.0.1: | {{console| body=127.0.0.1:5901 }} | ||
When you click on Connect, you should be prompted for a password. Enter the password you set on the server side and you should be good to go. | When you click on Connect, you should be prompted for a password. Enter the password you set on the server side and you should be good to go. | ||
| Line 60: | Line 70: | ||
{{file|name=~/.vnc/xstartup|desc=|body= | {{file|name=~/.vnc/xstartup|desc=|body= | ||
#!/bin/sh | #!/bin/sh | ||
/usr/bin/gnome-session & | /usr/bin/gnome-session & #start a GNOME3 VNC session | ||
#/usr/bin/lxsession -s LXDE & | #/usr/bin/lxsession -s LXDE & | ||
#exec /usr/bin/plasmashell & #start a kde-plasma-5 VNC session | |||
}} | }} | ||
Make sure that xstartup is executable: | Make sure that xstartup is executable: | ||
Revision as of 02:05, March 12, 2017
Tigervnc
We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.
TigerVNC is a powerful tool to manage remote machines through a graphical interface using the standard VNC protocol.
Installation
If you only intend to connect using the TigerVNC client, just emerging the packet should be sufficient:
root # emerge net-misc/tigervnc
However if you intend to run TigerVNC on a server, the server use flag should be set. Adding it to package.use is a good idea:
/etc/portage/package.use net-misc/tigervnc server
After setting the server use flag, emerge the package:
root # emerge net-misc/tigervnc
Listening on any IP address is insecure, and VNC passwords can be brute-forced. It is much safer to use SSH-tunnelling to connect to a VNC session, and this wiki page will proceed to describe a SSH-tunnelling setup.
By default, tigervnc listens on any IP address and uses simple password-based authentication. A common and safe approach to address the safety concerns is to use a ssh tunnel and allow TigerVNC only to connect to client requests that originate from the server itself. To listen only on localhost add the -localhost option to the start function of the init script :
/etc/init.d/tigervnc fi
su ${shell} ${user%%:*} -c "source /etc/profile && cd ~${user%%:*} && vncserver :${user##*:} $vnc_opts -localhost" &>/dev/null
done
eend $?
}
Client Configuration
Probably the safest way to connect to a remote VNC server with the tigervnc client is to create an appropriate ssh tunnel:
root # ssh -L 5901:127.0.0.1:5901 -N -f -l user www.example.com
SSH will listen on port 5901 of your local machine and forward/receive any data from the remote server as if it was originating from your machine. The same is true for the server: it thinks that the VNC client connecting to it is running on the server and listening on port 5901, while the connection is really coming from a remote host. The commands are exactly the same as a setup that runs a VNC client and server on a local machine.
Check that ssh is running and listening on the right port:
root # netstat -tlpn
You should find a line that looks something like the one below:
tcp 0 0 127.0.0.1:5901 0.0.0.0:* LISTEN 13309/ssh tcp6 0 0 ::1:5902 :::* LISTEN 13309/ssh
Now, run TigerVNC and type in the address and port you're listening to. In this case, we're listening on our local machine (127.0.0.1) and port :5901, so the line entered in the TigerVNC dialog should be:
127.0.0.1:5901
When you click on Connect, you should be prompted for a password. Enter the password you set on the server side and you should be good to go.
Alternatively, you can launch TigerVNC through the command line:
user $ vncviewer 127.0.0.1:5901
Server Configuration
We'll assume you're running TigerVNC locally and connecting through an SSH tunnel. This is a safer way to run VNC comparable to other options, and also the easiest to setup.
After the initial install, you will need to configure for which users VNC should be available. This is done by editing /etc/conf.d/tigervnc:
/etc/conf.d/tigervnc DISPLAYS="funtoo:1"
This will tell TigerVNC to start a VNC session for user "funtoo" on the first display, and on port 5900 + displaynumber (in this case, 5900 + 1).
Then, as "funtoo", you need to create the VNC password that will be used to access a VNC session:
user $ vncpasswd
This will create a password file in ~/.vnc/passwd. You also have to create a xstartup file to tell VNC which desktop environment to run. Make sure that you installed the Desktop Environment in question before running VNC. A minimal configuration is displayed below, though more elaborate ones are more common:
~/.vnc/xstartup #!/bin/sh
/usr/bin/gnome-session & #start a GNOME3 VNC session
#/usr/bin/lxsession -s LXDE &
#exec /usr/bin/plasmashell & #start a kde-plasma-5 VNC session
Make sure that xstartup is executable:
root # chmod +x ~/.vnc/xstartup
now, start the tigervnc server:
root # service tigervnc start
If you're encountering errors, check ~/.vnc/user-main:1.log for errors. Test that you can connect to the VNC server and if you're successful add tigervnc to the default runlevel:
root # rc-update add tigervnc default
Conclusion
This should be enough to get you started with TigerVNC. Happy hacking!