How to Install and Configure Latest version VNC( Virtual Network Computing ) Server On Linux

1. putting in the specified packages

The server package is named 'vnc-server'. Run the command: rev -q vnc-server

The result are going to be either package vnc-server isn't put in or one thing like vnc-server-4.0-11.el4.

If the server isn't put in, install it with the command: yum install vnc-server

The shopper program is 'vnc'. you'll use the command: yum install vnc to put in the shopper if: rpm -q vnc shows that it's not already put in.

Make sure to put in a window manager so as to urge a full-featured interface desktop. you'll use the command yum groupinstall "GNOME Desktop Environment" to put in the Gnome Desktop and needs, for instance. different standard desktop environments square measure "KDE" and "XFCE-4.4". XFCE is additional light-weight than Gnome or KDE and accessible from the "extras" repository.

If you're a minimalist, or just testing, however, it's sufficient  to own yum install a straightforward XTERM client: yum install xterm

 If you're running CentOS half dozen, the command is yum groupinstall Desktop

 If you're running CentOS five, yum groupinstall "GNOME Desktop Environment" might complain a few missing this can be a legendary bug. Please see CentOS-5 FAQ for details.

 If you're running CentOS half dozen, the server is: tigervnc-server not: vnc-server

2. Configuring un-encrypted VNC

We will be fitting VNC for three users. These are going to be 'larry', 'moe', and 'curly'

You will perform the subsequent steps to put together your VNC server:

Create the VNC users accounts.
Edit the server configuration.
Set your users' VNC passwords.
Confirm that the vncserver can begin and stop cleanly.
Create and customise xstartup scripts.
Amend the iptables.
Start the VNC service.
Test every VNC user.
Additional optional  enhancements

2.1. produce the VNC user accounts
As root:

$ su -
# useradd larry
# useradd moe
# useradd crisp
# passwd larry
# passwd moe
# passwd crisp

2.2. Edit the server configuration
Edit /etc/sysconfig/vncservers, and add the subsequent to the top of the file.

VNCSERVERS="1:larry 2:moe 3:curly"
VNCSERVERARGS[1]="-geometry 640x480"
VNCSERVERARGS[2]="-geometry 640x480"
VNCSERVERARGS[3]="-geometry 800x600"
Larry can have a 640 by 480 screen, as can Moe. crisp can have Associate in Nursing 800 by 600 screen.

Note: This step isn't out of sequence, however is placed here so consecutive following step can fall adjacent to the step within which failure to perform it, can allow immediate fault diagnosing.

2.3. Set your users' VNC passwords
Switch user into the account for every user, and as noted below, run: vncpasswd this can produce the ~/.vnc directory for that userid:

[~]# su - larry
[~]$ vncpasswd
[~]$ cd .vnc
[.vnc]$ ls
[.vnc]$ exit
2.4. ensure that the vncserver can begin and stop cleanly
We will produce the xstartup scripts by beginning and stopping the vncserver as root. we tend to additionally modify the vncserver service to be mechanically started.

# /sbin/service   vncserver begin
# /sbin/service   vncserver stop
# /sbin/chkconfig vncserver on
Note: if you omitted the preceding step of work in as every designed user, and making their ~/.vnc/ directory, this take a look at can fail.

2.5. produce xstartup scripts ( you'll omit this step for CentOS half dozen )
Login to every user and edit the xstartup script. To use Larry as Associate in Nursing example, 1st login as larry

[~]$ cd .vnc
[.vnc] ls
mymachine.localnet:1.log  passwd  xstartup
Edit ~/.vnc/xstartup for every user. the initial ought to seem as follows:

# Uncomment the subsequent 2 lines for traditional desktop:
# EXEC /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && EXEC /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid gray
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &
Add the road indicated below to assure that Associate in Nursing xterm is usually gift, and uncomment the 2 lines as directed if you would like to run the user's traditional desktop window manager within the VNC. Note that within the doubtless reduced resolution and color depth of a VNC window the complete desktop are going to be rather incommodious and a glance bit odd. If you are doing not uncomment the 2 lines you may get a grey patterned background to the VNC window.

# Add the subsequent line to confirm you mostly have Associate in Nursing xterm accessible.
( whereas true ; do xterm ; done ) &
# Uncomment the subsequent 2 lines for traditional desktop:
exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && EXEC /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid gray
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

2.6. Amend the iptables
The iptables rules in /etc/sysconfig/ have to be compelled to be amended to open the VNC ports; as required, if an area ipv6 setup is being employed, those have to be compelled to be amended as well:

[root@xen-221 sysconfig]# cat iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file isn't suggested.
:INPUT settle for [0:0]
:FORWARD settle for [0:0]
:OUTPUT settle for [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j settle for
-A INPUT -p icmp -j settle for
-A INPUT -i lo -j settle for
-A INPUT -i eth1 -j settle for
-A INPUT -m state --state NEW -m transmission control protocol -p transmission control protocol --dport twenty two -j settle for
-A INPUT -m state --state NEW -m transmission control protocol -p transmission control protocol -m multiport --dports 5901:5903,6001:6003 -j settle for
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
[root@xen-221 sysconfig]#         
... then restart the iptables:

# /sbin/service iptables restart

2.7. begin the VNC server
Start the vncserver as root.

# /sbin/service vncserver begin

2.8. take a look at every VNC user
2.8.1. Testing with a java enabled browser

Let us assume that mymachine has Associate in Nursing science address of The computer address to attach to every of the users can be:

Larry is
Moe   is
Curly is
Connect to A java application program window can pop-up showing a association to your machine at port one. Click the [ok] button. Enter larry's VNC secret, and a 640x480 window ought to open victimization the default window manager elect for larry . The higher than ports  5801, 5802 and 5803 should be open within the firewall supply science addresses or subnets of a given shopper.

2.8.2. Testing with a vnc shopper

For Larry: vncviewer
For   Moe: vncviewer
For Curly: vncviewer
To test larry victimization vncviewer, vncviewer Associate in Nursing authentication box can pop, and you'll enter Larry's VNC secret. Once attested, a 640x480 window ought to open victimization Larry's default window manager. The vncviewer shopper can connect with port 590X wherever X is Associate in Nursing offset of one,2,3 for Larry, Moe, and crisp severally, therefore these ports should be open within the firewall for the science addresses or subnets of the shoppers.

If your native account userid isn't, say, larry, you'll 'switch user' for functions of vncviewer thus:

export USER=larry ; vncviewer
which has the impact of passing the username larry to the vncviewer program.

2.8.3. beginning vncserver at boot

To start vncserver at boot, enter the command:

/sbin/chkconfig vncserver on
For basic VNC configuration the procedure is currently complete. the subsequent sections square measure optional  refinements to boost security and practicality.

3. VNC encrypted through Associate in Nursing ssh tunnel

You will be connecting through Associate in Nursing ssh tunnel. you may have to be compelled to be able to ssh to a user on the machine. For this instance, the user on the vncserver machine is: larry That account username must exist on the target machine, and either secret, or keyed ssh access must be useful. the vncserver also will prompt for the vncpassword. The UNIX and VNC system usernames and passwords aren't needed to be identical and square measure 'not' mechanically synchronised. That is, remote users ready and baker might every have differing credentials to line up the ssh tunnel to the remote VNC server, however if every uses the larry account, they're going to use constant VNC secret.

Edit /etc/sysconfig/vncservers and add the choice -localhost
VNCSERVERS="1:larry 2:moe 3:curly"
VNCSERVERARGS[1]="-geometry 640x480 -localhost"
VNCSERVERARGS[2]="-geometry 640x480 -localhost"
VNCSERVERARGS[1]="-geometry 800x600 -localhost"
/sbin/service vncserver restart
Go to another machine with vncserver and take a look at the VNC.
vncviewer -via larry@ localhost:1
vncviewer -via moe@ localhost:2
vncviewer -via curly@ localhost:3
By default, several vncviewers can disable compression choices for what it thinks may be a "local" association. ensure to examine with the vncviewer man page to enable/force compression. If not, performance is also terribly poor!

4. Recovery from a logout ( Not enforced for CentOS half dozen )

If you logout of your desktop manager, it's gone!

We other a line to xstartup to administer USA Associate in Nursing xterm wherever we will restart our window manager.
For gnome, enter gnome-session.
For kde, enter startkde.
5. Remote login with vnc-ltsp-config

To allow remote login access via a vnc-client to the Centos system, the rev packages named vnc-ltsp-config and xinetd is put in. once a vnc-client connects to at least one of the designed ports, the user are going to be given a login screen. The sessions can *not* be persistent. once a user logs out, the session is gone.

The rev package vnc-ltsp-config is well put in via the EPEL repository noted in accessible Repositories

Note: There aren't any major dependencies for the package therefore the vnc-ltsp-config*.rpm may simply be downloaded and put in while not the requirement for enabling  the EPEL repository.

Install, as root via:

# yum install xinetd vnc-ltsp-config
# /sbin/chkconfig xinetd on
# /sbin/chkconfig vncts on
# /sbin/service xinetd restart
Next, as root edit the file "/etc/gdm/custom.conf".

To consecutive blank line below the "[security]" section add "DisallowTCP=false"
To consecutive blank line below the "[xdmcp]" section add "Enable=true"
Make sure you're during a position to either run "gdm-restart" for default Gnome installs or simply revive the CentOS box.
This will add the flexibility to urge the subsequent default vnc-client primarily based session connections:

If you do not just like the higher than defaults, simply modify /etc/xinetd.d/vncts PRN.

A major advantage of victimization the vnc-ltsp-config setup is that the reduction of system resource utilization compared to the quality "per-user setup". No user processes are going to be started or memory consumed till a user truly logs into the system. Also, no pre-thought for user setup is required (eg skip all of the manual individual user setup for vnc-server). The draw back to the vnc-ltsp-config setup is that *any* user with the flexibility to login can doubtless have the flexibility to log into the system via a vnc-client with full interface unless steps square measure taken to limit that sort of access. Also, there's no session persistance! Once the vnc-client closes, the vnc-ltsp-config session can terminate (by default) and every one running processes are going to be killed.

This option is combined with ssh tunnelling employing a slightly changed version of the "vncviewer -via" command noted above:

vncviewer -via remoteUser@remoteHost localhost:vncSinglePortNumber
For the default vnc-ltsp-config install, the "vncSinglePortNumber" is that the last digit solely of the port variety. Port 5900 (1024x768 16bit) would simply be "0", for instance.

Note: you may have to be compelled to bear in mind of potential interaction problems if you modify either selinux or iptables. If you're not running a show manager (runlevel three for example), {you can|you'll|you may} have to be compelled to begin one otherwise you will solely get a black screen after you connect.

6. VNC-Server for Associate in Nursing already logged in interface console session - a pair of choices

Often you may would like remote access to Associate in Nursing already logged in interface session on a "real" console. otherwise you can have to be compelled to facilitate Associate in Nursingother user remotely with an interface or visual issue. you may would like either "vnc-server" or "x11vnc". The vnc-server choice are going to be a module other to X11 for "allways on" vnc support, whereas x11vnc can allow adhoc vnc support.

vnc-server install would force no third party repos or supply building.

x11vnc may be a thanks to read remotely and act with real X displays (i.e. a show cherish a physical monitor, keyboard, and mouse) with any VNC viewer. during this method it plays the role for Unix/X11 that WinVNC plays for Windows.

6.1. x11vnc adhoc choice
Karl Runge has munificently offer a exceptional quantity of knowledge at for x11vnc. there's information on securing the association Associate in Nursingd additionally an "Enhanced TightVNC Viewer (ssvnc)". to form it straightforward, follow these steps:

1. transfer the most recent rev install from to the host you would like the vnc-client to attach to:

2. Install, as root, via the yum or rev programs on the host you would like the vnc-client to attach to:

yum install x11vnc-0.9.3-1.el5.rf.i386.rpm
3. begin the x11vnc method on the host you would like the vnc-client to attach to. Please take an extended examine the potential choices from the x11vnc web site. a really simple/insecure example for a trusty network setup (local network or VPN) is to own the user with the interface console issue the command:

[user@helpme_host ~$] x11vnc -nopw -display :0.0
Then connect (without password) via a vnc-client to the IP/hostname and port noted by the x11vnc command. By default, x11vnc can enable connections from all interfaces. Host primarily based firewall settings might have to be changed.

You can mix this with ssh tunneling:

ssh -C -t -L 5900:localhost:5900 [remote ip] 'x11vnc -usepw -localhost -display :0'
Note that the -C flag is for compression, therefore might not be needed

6.2. vnc-server X11 "always on" choice
1. On the the system you would like to run vnc-server, install vnc-server as noted higher than.

2. Edit /etc/X11/xorg.conf, as root, and add/create a 'Module' Section and add 'Load "vnc"':

Section "Module"
  Load "vnc"
3. for traditional vnc authentication, edit /etc/X11/xorg.conf, as root, and augment the 'Screen' Section:

 choice "SecurityTypes" "VncAuth"
 choice "UserPasswdVerifier" "VncAuth"
 choice "PasswordFile" "/root/.vnc/passwd"
4. As root, run 'vncpasswd" to make the secret noted higher than.

5. Restart X11 (++ can work if on the console already)