There are several ways to configure the vnc server. This
HOWTO shows you how to configure VNC using the 'vncserver' service as
supplied by CentOS.
1. Installing the required packages
The server
package is called 'vnc-server'. Run the command: rpm -q
vnc-server
The result
will be either package vnc-server is not installed or
something like vnc-server-4.0-11.el4.
If the server is not installed, install it with the
command: yum install vnc-server
The client program is 'vnc'. You can use the command: yum
install vnc to install
the client if: rpm -q vnc shows that it is not
already installed.
Make sure to
install a window manager in order to get a full-featured GUI desktop.
You can use the command yum groupinstall "GNOME Desktop
Environment" to install the Gnome Desktop and
requirements, for example. Other popular desktop environments are "KDE"
and "XFCE-4.4". XFCE is more light-weight than Gnome or KDE and
available from the "extras" repository.
If you are a minimalist, or simply testing, however, it
is sufficient to have yum install a simple XTERM client: yum
install xterm
If you are running CentOS 6,
the command is yum groupinstall Desktop
If you are running CentOS 5, yum groupinstall "GNOME Desktop Environment" may
complain about a missing libgaim.so.0. This is a known bug. Please see
CentOS-5
FAQ for details.
If you are running CentOS 6,
the server is: tigervnc-server
not: vnc-server
2. Configuring un-encrypted VNC
We will be
setting up VNC for 3 users. These will be 'larry', 'moe', and 'curly'
You will perform the following steps to configure your
VNC server:
- Create the VNC users accounts.
- Edit the server configuration.
- Set your users' VNC passwords.
- Confirm that the vncserver will start and stop cleanly.
- Create and customize xstartup scripts.
- Amend the iptables.
- Start the VNC service.
- Test each VNC user.
- Additional optional enhancements
2.1. Create the VNC user accounts
As root:
$ su - # useradd larry # useradd moe # useradd curly # passwd larry # passwd moe # passwd curly
2.2. Edit the server configuration
Edit /etc/sysconfig/vncservers,
and add the following to the end of the file.
VNCSERVERS="1:larry 2:moe 3:curly" VNCSERVERARGS[1]="-geometry 640x480" VNCSERVERARGS[2]="-geometry 640x480" VNCSERVERARGS[3]="-geometry 800x600"
Larry will have a 640 by 480
screen, as will Moe. Curly will have an 800 by 600 screen.
Note: This step is NOT out of sequence, but is placed
here so that the next following step will fall adjacent to the
step in which failure to perform it, will permit immediate fault
diagnosis.
2.3. Set your users' VNC passwords
Switch user
into the account for each user, and as noted below, run: vncpasswd
This will create the ~/.vnc directory for that
userid:
[~]# su - larry [~]$ vncpasswd [~]$ cd .vnc [.vnc]$ ls passwd [.vnc]$ exit [~]#
2.4. Confirm that the vncserver will start and stop cleanly
We will
create the xstartup scripts by starting and stopping the vncserver as
root. We also enable the vncserver service to be
automatically started.
# /sbin/service vncserver start # /sbin/service vncserver stop # /sbin/chkconfig vncserver on
Note: if you omitted the preceding step of logging in as
each configured user, and creating their ~/.vnc/
subdirectory, this test will fail.
2.5. Create xstartup scripts ( You may omit this step for CentOS 6 )
Login to
each user and edit the xstartup script. To use Larry as an example,
first login as larry
[~]$ cd .vnc [.vnc] ls mymachine.localnet:1.log passwd xstartup
Edit ~/.vnc/xstartup
for each user. The original should appear as follows:
#!/bin/sh # Uncomment the following two lines for normal desktop: # unset SESSION_MANAGER # exec /etc/X11/xinit/xinitrc [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic & xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" & twm &
Add the line indicated below to
assure that an xterm is always present, and uncomment the two lines as
directed if you wish to run the user's normal desktop window manager in
the VNC. Note that in the likely reduced resolution and color depth of a
VNC window the full desktop will be rather cramped and a look bit odd.
If you do not uncomment the two lines you will get a gray speckled
background to the VNC window.
#!/bin/sh # Add the following line to ensure you always have an xterm available. ( while true ; do xterm ; done ) & # Uncomment the following two lines for normal desktop: unset SESSION_MANAGER exec /etc/X11/xinit/xinitrc [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic & xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" & twm &
2.6. Amend the iptables
The
iptables rules in /etc/sysconfig/ need to be amended to open
the VNC ports; as needed, if a local ipv6 setup is being used, those
need to be amended as well:
[root@xen-221 sysconfig]# cat iptables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth1 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp -m multiport --dports 5901:5903,6001:6003 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT [root@xen-221 sysconfig]#
... and then
restart the iptables:
# /sbin/service iptables restart
2.7. Start the VNC server
Start the
vncserver as root.
# /sbin/service vncserver start
2.8. Test each VNC user
2.8.1. Testing with a java enabled browser
Let us
assume that mymachine has an IP address of 192.168.0.10. The URL to
connect to each of the users will be:
Larry is http://192.168.0.10:5801 Moe is http://192.168.0.10:5802 Curly is http://192.168.0.10:5803
Connect to http://192.168.0.10:5801. A java
applet window will pop-up showing a connection to your machine at port
1. Click the [ok] button. Enter larry's VNC password, and a 640x480
window should open using the default window manager selected for larry
. The above ports 5801, 5802 and 5803 must be open in the
firewall {iptables) for the source IP addresses or subnets of a
given client.
2.8.2. Testing with a vnc client
For Larry: vncviewer 192.168.0.10:1 For Moe: vncviewer 192.168.0.10:2 For Curly: vncviewer 192.168.0.10:3
Source: http://wiki.centos.org/HowTos/VNC-Server
No comments:
Post a Comment