The tool vncserver allows you to run additional X servers on a single machine.
These X servers don't display anywhere, but instead you need to connect to them
using vncviewer. The additional servers come up as :1, :2, etc.
apt-get install tightvncserver xtightvncviewerThe general method is as follows:
your_server.
On this server, as your userid, run:
vncserver :1 -geometry 1024x768 -depth 16 -pixelformat rgb565
It will prompt you for a password, which will be used when you log in later
from the client. Here, we're just setting it up to run at a size of 1024x768,
with a color depth of 16 bits, and with the color format for pixels passed set
to use 5 bits for red and blue, and six bits for green. For a full explanation
of all the options, use man vncserver.
The first time vncserver is started up, it will also create
a configuration file, in your home directory, called $HOME/.vnc/xstartup
vncserver -kill :1The reason for killing the session is that you may need to edit the default configuration file that
vncserver creates for you, for example to get the
vncserver to run the K desktop environment instead of twm, you may
want to edit the $HOME/.vnc/xstartup file to replace the line:
twm &with this line is you use KDE:
startkde &and with this line if you use GNOME:
gnome-session &before launching the vncserver again using:
vncserver :1 -geometry 1024x768 -depth 16 -pixelformat rgb565
$ vncviewer your_server:1This will prompt you for a password, then bring up a window showing you the current state of the X session running within the VNC server on the machine
your_server. Note that even if you connect to the VNC server from a different
client machine, the same session will be seen.
Initially, the vncviewer client runs as a window within your regular X sesion.
Consulting the manual using "man vncviewer", you quicky discover that pressing
the function key F8 brings up a "popup" menu, where you can choose the option:
Full ScreenIf your current X server's display size matches the setting for the geometry you chose when starting up the vncserver, this will result in a fairly good illusion that you are actually sitting at a regular X session on the console of the remote machine. There will be a little square dot at the end of the mouse cursor to remind you that you are within a vncviewer session. Note that when
vncviewer is running as a window, you may find that it exits
with the following error when you try to move it to other virtual desktops in KDE.
A workaround for this, suggested by Philip Lijnzaad, is to "shade" the window
(by double-clicking on its title bar along the top of the window) before moving
it to another virtual desktop, and then "unshading" it once you have selected
the new virtual desktop. Note that depending on your KDE settings, another action
than double-clicking may be needed to shade a window. You'll know that the window
is shaded because it will minimize to just the titlebar whenever it has no focus.
CleanupXErrorHandler called ShmCleanup called X Error of failed request: BadMatch (invalid parameter attributes) Major opcode of failed request: 42 (X_SetInputFocus) Serial number of failed request: 81551 Current serial number in output stream: 81557In the case where the above workaround doesn't work and you still get the error, or if you forget to shade the window before moving it, you can simply restart the
vncviewer again, and of course your VNC session is just as you left it a few moments ago.
To shut down the KDE window manager running inside the vncserver session, you
can of course simply log out in the usual way. If you select the option:
"login as another user"
a KDM login screen won't appear. Instead, to get a new session you'll need to
kill the vncserver sesion and start again as described earlier.
DISPLAY back to your local workstation,
doesn't work with VMware, unfortunately. Nor do they suggest any workaround.
One option is of course to haul a keyboard, mouse and monitor over to the
datacenter and connect it up to your server, configure the graphics card,
and with a bit of luck start up an X session. Then launch VMware as usual,
while you sit in front of the server wondering if there was a better way.
By now, you are probably realizing that VNC provides a far easier way.
The method of running VNC described in the previous section works with
VMware. It works especially well in the case where you are only running server
software within the VMware virtual machine, and are not particularily interested
in the display of the virtual machine itself (except perhaps at boot time).
The method is very satisfactory given that large pools of physical memory and
multi-processor capabilities tend to be readily available on server machines.
vncserver :0 -geometry 1024x768 -depth 16 -pixelformat rgb565You may need to change the geometry to match your video card, e.g., it might be:
vncserver :0 -geometry 1280x1024 -depth 32If you use -depth 8, meaning only 8 bits per pixel, it is less pretty. This creates an invisible X desktop with all your gadgets.
xinit `which xvncviewer` -passwd ~/.vnc/passwd \
-geometry 1024x768 -display localhost:1.0 localhost:0.0 -- :1
Again, maybe the geometry specification for your screen might need to be
different. This allows you to see your desktop gadgets in the server.
xvncviewer -shared yourmachine:0.0Now you have a second view of the same desktop. You can quit (or crash) out of both viewers, and the desktop is still there waiting to be connected to. By the way, since the first viewer is running on an X server with no window manager, you'll have to kill the viewer, to get out of it.
Mandrake Start Menu -> Internet -> Remote Access -> Virtual Network ConnectionIn the dialog box, select the
Allow control of my machine (linux server)You will need to enter a password for remote users. Press the button
launch server, and a new window will
appear on your desktop with the letters RFB in it.
Remote users will then be able to access your desktop over VNC
using the password you provided, until you close the RFB window.
heXoNet allow
remote control of an existing X server's display by means of a remote instance of vncviewer
(or in the case of x0rfbserver, preferably by means of xrfbviewer).
To install these packages for Debian, use:
apt-get install rfb apt-get install x11vncThe applications
x11vnc and the older x0rfbserver appear to be the only complete remote control
solutions for the X windowing system, but maybe there are others.
By remote control, I mean being able to use the mouse, keyboard and
display of a separate machine to interact with the X display of another system.
If you just want gain remote mouse and keyboard control of a separate machine (whose display
you can see locally because it is actually sitting on your desk), then synergy is a very handy
application to be aware of. It lets your mouse seamlessly "travel" over to the other display. It's
a little tricky to describe, but it's almost like being able to throw away the keyboard and mouse
of the other machine.
ssh session on the machine where
you will be running the vncviewer, to request that ssh listen on a particular
port on your local machine, and forward communication on that port down the
secure connection to a port on the machine running the vncserver.
For example:
ssh -L x:localhost:y vncserver_machinemeans "Start an SSH connection to the
vncserver_machine, and also listen on
port x on my machine, and forward any connections there to port y on the
vncserver_machine."
Now, the VNC protocol normally uses port 59xx, where xx is the display number of
the server. So a VNC server on a Windows machine, which normally uses display
number 0, will listen on port 5900. The first VNC server on linux will probably
use display number 1, and subsequent servers would use 2, 3, etc. and so the
vncservers on linux will be listening on ports 5901, 5902 and so forth.
By forwarding these ports to a remote machine running vncserver, you can make
the remote VNC server appear to be a server running on your local machine.
So, imagine you had a VNC server running as display :1 on vncserver_machine, and
you wanted a secure connection to it from your local machine. You could start
the ssh session using:
ssh -CL 5902:localhost:5901 vncserver_machineAfter that, starting up the
vncviewer as follows on your local machine:
vncviewer -encodings "copyrect hextile" localhost:2would actually connect to display
:1 on the vncserver_machine.
Note that the above OpenSSH command-line is deliberately meant to accept incoming
connections only from the local machine. This means that to use the ssh
connection that we have just set up, we must connect to it from the same
machine, using the special name localhost, rather than using the local
machine's own unique name.
raw copyrect tight hextile zlib corre rreAs you can see, for local connections, VNC's
raw pixel encoding is first in
this list, and although it generally gives better performance for local access,
when the vncserver is actually remote (i.e. when you are really accessing it
over an ssh tunnel), then if the raw encoding is used, a lot more data will
be sent over the network than is necessary. The order of the list of compression
methods that VNC chooses from when the connection is to a remote vncserver, is
as follows:
copyrect tight hextile zlib corre rre rawSo, when using vnc over ssh, let's use the compression methods
copyrect and
hextile, and of course leave out raw, as follows:
vncviewer -encodings "copyrect hextile" localhost:2
-C option to ssh (or the +C option for ssh v2). To see how
much your data is actually being compressed, you can use the -v option to ssh.
vnc within a Web browser. The VNC server also serves a Java applet that should
run within any Java-enabled browser. Let's say you have a VNC server set up as
session :1 on vncserver_machine, and you fire up your web browser, and go to:
http://vncserver_machine:5801the browser will then prompt you for the VNC server password as usual, and the VNC viewer session will start up within the browser in a Java applet.
5801 and another on 5901. Note that the local side of the 5901 port
must be forwarded with the same number, as unfortunately the vncserver software
sends back the Java applet server's port number incremented by 100 to the Java
applet running in the client browser, to establish the communication channel.
So forwarding the ports over ssh would look like this:
ssh -L 5802:localhost:5801 -L 5901:localhost:5901 vncserver_machinePiotr Zbiegiel suggests that instead of listing so many port forwardings, it might be more convenient to put the settings into your local
$HOME/.ssh/config file as follows:
Host vncserver_machine ForwardX11 no LocalForward 5802 localhost:5801 LocalForward 5901 localhost:5901To launch the VNC client Java applet, put the following url in the client browser:
http://localhost:5802Note: when using port forwarding, remember that if you ssh or scp over to the same machine name again, ssh will try to establish the same port forwardings again a second time, and fail with a "port busy" message. To avoid this, use an alias for the remote machine (add the alias to your
/etc/hosts
file), and ssh or scp to the alias instead. This works because ssh is
very literal-minded about reading its config file. Lucky for us.
localhost.
For example, if the IP address of the firewall is 24.4.252.118, the firewall is forwarding port 22 to the
VNC server machine, and the VNC server machine has a private address of 192.168.0.200, then you would
need to use the following ssh command to set up the OpenSSH tunnel for VNC. In plain English, this
command means "Start an SSH connection to the firewall machine at 24.4.252.118, and at the same time
listen on port 5903 of my local machine and forward any connections you see there to port 5905 on the
remote VNC server machine at =192.168.0.200=".
ssh -CL 5903:192.168.0.200:5905 24.4.252.118The above command would be used in place of:
ssh -CL 5903:localhost:5905 24.4.252.118
vncserver password are used for
authentication, and there is no concept of user accounts in vncserver.
Password guessing is very fast, and the vncserver does not generate any
failed login messages. A patch to rfbproto.c in the vncviewer sources
(specifically vnc-3.3.3r1_unixsrc.tgz) to enable brute forcing vnc passwords
can be found here.
This patch to the vncviewer source code enables it to crack its way into a
vncserver instead of simply requesting the password from the local user.
\HKEY_CURRENT_USER\Software\ORL\WinVNC3
\HKEY_USERS\.DEFAULT\SOftware\ORL\WinVNC3
("23 82 107 6 35 78 88 7")
This mean that an attacker with read access to the Microsoft operating
system's registry can simply decode the password and obtain the plain-text
version of it.
An exploit for the above vulnerability is available.
sudo apt-get install libxmu-dev sudo apt-get install libxaw7-dev wget http://www.unixuser.org/~euske/vnc2swf/vnc2swf-0.5.0.tar.gz tar zxvf vnc2swf-0.5.0.tar.gz cd vnc2swf-0.5.0 ./configure make ./vnc2swf -startrecording outfile.swf your_vnc_server:1 > outfile.htmlThis will bring up a VNC client which is recording everything from your VNC server into the outfile.swf and once you quit by pressing F8 Q it will also build outfile.html which you can open in Firefox to review your captured animation, or should I say your next blockbuster. Update: The Python version of vnc2swf includes a nifty sliding search bar at the bottom of your masterpiece, so that you can seek (and your audience can skip over any less-than stellar segments of your creation). For Debian stable, we can get it installed something like this:
sudo apt-get install python2.3-tk sudo apt-get install python-pygame wget http://www.unixuser.org/~euske/vnc2swf/pyvnc2swf-0.8.2.tar.gz tar zxvf pyvnc2swf-0.8.2.tar.gz cd pyvnc2swf-0.8.2 ./vnc2swf.pyThis brings up a nice friendly dialog box, with a "Start" button, which initiates the recording of the VNC server session, so you just control the VNC session you're recording using your regular VNC viewer.