Scribd
Upload
50 views10 pages

Setting Up VNC On RHEL 4: Fri Apr 28 22:47:01 2006

This document provides instructions for setting up VNC on Red Hat Enterprise Linux 4 to allow remote graphical access to servers. It explains installing VNC software, configuring the X display manager and services file to support multiple VNC displays with different resolutions and color depths, and provides an example xinetd script to start the necessary VNC services. The goal is to give users and administrators graphical access to servers from any workstation for remote support and training. Basic security measures are also discussed.

Uploaded by

Azwar Arsyad S Si
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
50 views10 pages

Setting Up VNC On RHEL 4: Fri Apr 28 22:47:01 2006

This document provides instructions for setting up VNC on Red Hat Enterprise Linux 4 to allow remote graphical access to servers. It explains installing VNC software, configuring the X display manager and services file to support multiple VNC displays with different resolutions and color depths, and provides an example xinetd script to start the necessary VNC services. The goal is to give users and administrators graphical access to servers from any workstation for remote support and training. Basic security measures are also discussed.

Uploaded by

Azwar Arsyad S Si
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 10

Setting Up VNC on RHEL 4

Calvin Webster cwebster "at" ec.rr.com


Fri Apr 28 22:47:01 2006
Previous message: Connecting to RHL from Windows?
Next message: Connecting to RHL from Windows?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've been meaning to do this for quite some time. I figured this was a
good opportunity to pass on my experience in setting up VNC on our
network. VNC has become one of the most useful tools I've ever used. It
allows me to do the work of several administrators by eliminating most
of the time required to physically touch a remote computer.

I manage several interconnected LANs and network services spread across
4 buildings. Each building houses one or more offices and training
facilities consisting of various blends of hardware/software platforms,
applications, and users. If your network is anywhere near as diversified
as ours, you'll need to do some research to get VNC running on all your
platforms, but this should get you started using it in the way I think
most people expect.

This collection of notes is very simplified, assuming the reader has
reasonable Linux sysadmin skills and experience. Although the VNC
documentation is comprehensive, some key configuration details seemed to
be missing or hard to find for the setup we needed here. I've tried to
cover them below.

MS Windows installations are pretty straightforward since it's a
single-user OS. Just login as Administrator and run the InstallShield
installer, then configure. I setup all our Windows machines with the
Administrator password. Unfortunately (or fortunately, depending on your
perspective) this means that only the sysadmin can connect to these
machines. However, it also installs the VNC client with which users can
connect to network servers. On our network we have Unix/Linux
development machines to which they connect this way.

Any Unix/Linux machine that you can get GCC on will support VNC. Most
Unix users I talk to expect to get a graphical login when they connect
so I set it up to use the XDM login, just like it would if you were
standing in front of the console.

I'll keep an eye on this thread for a while. If I've left anything out
I'll try to fill in the blanks. One last warning: watch out for wrapped
lines below.

--Cal Webster








## References:

Documentation for VNC Free Edition 4.1:
http://www.realvnc.com/products/free/4.1/

Other Multi-resolution Examples:
http://www.realvnc.com/pipermail/vnc-list/2005-March/049889.html

Documentation for RHEL 4:
https://www.redhat.com/docs/manuals/enterprise/

## Notes:

32-bit color depths didn't work for me I'm offering only 8, 16, and 24
bit

"True colour" for 32-bit setting is uneven for rgb and shift settings

24-bit setting evaluates to "32 bits per pixel" in the "VNC server
default format"

Native X display (root console :0) uses default resolution of 8-bit
1024x768

## Goals:

To provide users with a method of connecting to servers with a
graphical user interface from any workstation platform without
saturating network bandwidth or requiring expensive, bandwidth-hungry
3rd party connectivity solutions (like Hummingbird Exceed).

To provide system/network administrators with a method of remotely
supporting and maintaining server and client computers regardless of
their host platform.

To provide the means to support on-the-spot training and
troubleshooting during a helpdesk call.

## Security:

Examples shown below use somewhat relaxed security settings. You may
want to use more paranoid settings if your network is at high risk. For
example, you may choose to restrict VNC server to "localhost"
connections and require clients to tunnel their VNC connections using
SSH. You DEFINITELY want use this method if going over the public
Internet. Bear in mind that this will limit available network bandwidth
due to the encryption overhead inherent in the tunnel. If there is not
enough available bandwidth for a given color depth, VNC will
automatically throttle back to the most appropriate color depth.

If your network manager allows, and your perimeter and host security
defenses are sufficient, you can take simple precautions without using
SSH tunneling while maintaining a high degree of VNC functionality.

I highly recommend setting a password for the VNC "Native X Display"
(root console :0) even if you have a secure network. See last item in
examples. All other displays can use the XDM login authentication. The
reason for this is that anyone could take control of a root user session
if, for example, the sysadmin walked away from the terminal. The virtual
displays are only ever visible to the person who made the connection so
there's no danger of this.

## Examples:

The examples shown below come from a working configuration used in a
homogeneous network environment consisting of various MS Windows
platforms, Unix flavors, and Linux distributions. All except the oldest
have VNC server and viewers installed. The example represents only RHEL
4, but configuration would be very similar for other Unixes.

## Our Platform (you don't need that much hardware):

CPU: Dual Dual-core Xeon 3.6 GHz
MEM: 8 GB
DISK: 1.5 TB RAID 0/1
OS: RHEL 4 AS
VNC: 4.1.1-1
Xorg: 6.8.2-1.EL.13.25

################################
## Begin VNC Server on RHEL 4 ##
################################

## Legend:
... The appearance of an ellipsis indicates that the entries
to/from this point are insignificant or repeat.
=== Encloses part or all of the contents of a sample file.
--- Separates sections of a file or separates title or
heading from content

## First, download and install the latest VNC RPM at:
http://www.realvnc.com/products/free/4.1/download.html

## Ensure system security is set to allow VNC connections to ports
you've configured

5900 is default TCP port
I'm also using ports 5952 5953 5962 5963 5972 5973 5980

One simple way is:

===============
/etc/hosts.deny
---------------
ALL: ALL
===============

================
/etc/hosts.allow
----------------
ALL: 192.168.1. 192.168.2. 192.168.3. 192.168.32. 10.1.150.
================


## Ensure that your system is set to startup in run level 5 with XDM
(GDM)

============
/etc/inittab
------------
...
id:5:initdefault:
...
# Run xdm in runlevel 5
x:5:respawn:/etc/X11/prefdm -nodaemon
============


======================
/etc/sysconfig/desktop
----------------------
DESKTOP="GNOME"
======================


=====================================================
diff /etc/X11/gdm/gdm.conf.orig /etc/X11/gdm/gdm.conf
-----------------------------------------------------
52c52
< #RemoteGreeter=/usr/bin/gdmlogin
---
> RemoteGreeter=/usr/bin/gdmlogin
211c211
< Enable=false
---
> Enable=true
214c214
< #HonorIndirect=true
---
> HonorIndirect=true
227a228
> DisplaysPerHost=4
230a232
> PingIntervalSeconds=300
298c300
< #ChooserButton=true
---
> ChooserButton=true
=====================================================


=====================
/etc/X11/gdm/gdm.conf
---------------------
[daemon]
AutomaticLoginEnable=false
AutomaticLogin=
TimedLoginEnable=false
TimedLogin=
TimedLoginDelay=30
Greeter=/usr/bin/gdmgreeter
RemoteGreeter=/usr/bin/gdmlogin
DefaultPath=/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin
RootPath=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X1
1R6/bin
User=gdm
Group=gdm
LogDir=/var/log/gdm
PidFile=/var/run/gdm.pid
PostLoginScriptDir=/etc/X11/gdm/PostLogin/
PreSessionScriptDir=/etc/X11/gdm/PreSession/
PostSessionScriptDir=/etc/X11/gdm/PostSession/
DisplayInitDir=/etc/X11/gdm/Init
XKeepsCrashing=/etc/X11/gdm/XKeepsCrashing
ServAuthDir=/var/gdm
BaseXsession=/etc/X11/xdm/Xsession
DefaultSession=default.desktop
UserAuthDir=
UserAuthFBDir=/tmp
UserAuthFile=.Xauthority
StandardXServer=/usr/X11R6/bin/X
Xnest=/usr/X11R6/bin/Xnest -audit 0 -name Xnest

[security]
AllowRoot=true
AllowRemoteRoot=true
AllowRemoteAutoLogin=false
RelaxPermissions=0
CheckDirOwner=true

[xdmcp]
Enable=true
HonorIndirect=true
DisplaysPerHost=4
PingIntervalSeconds=300

[gui]
GtkTheme=Bluecurve

[greeter]
TitleBar=false
ConfigAvailable=false
Browser=false
MinimalUID=500
Logo=
ChooserButton=true
BackgroundColor=#20305a
ShowGnomeFailsafeSession=false
ShowLastSession=false
GraphicalTheme=Default
GraphicalThemeDir=/usr/share/gdm/themes/

[chooser]
HostImageDir=/usr/share/hosts/
Hosts=
Broadcast=true
Multicast=false

[debug]
Enable=false

[servers]
0=Standard

[server-Standard]
name=Standard server
command=/usr/X11R6/bin/X -audit 0
flexible=true

[server-Terminal]
name=Terminal server
command=/usr/X11R6/bin/X -audit 0 -terminate
flexible=false
handled=false

[server-Chooser]
name=Chooser server
command=/usr/X11R6/bin/X -audit 0
flexible=false
chooser=true
=====================


## Add entries to /etc/services for display variations you will use

=============
/etc/services
-------------
...
# VNC Servers
vnc 5950/tcp # VNC Service (using defaults)
vnc1024x768x8 5952/tcp # VNC Service 1024x768, 8-bit color
depth
vnc1280x1024x8 5953/tcp # VNC Service 1280x1024, 8-bit color
depth
vnc1024x768x16 5962/tcp # VNC Service 1024x768, 16-bit color
depth
vnc1280x1024x16 5963/tcp # VNC Service 1280x1024, 16-bit color
depth
vnc1024x768x24 5972/tcp # VNC Service 1024x768, 24-bit color
depth
vnc1280x1024x24 5973/tcp # VNC Service 1280x1024, 24-bit color
depth
vnc1280x960x24 5980/tcp # VNC Service 1280x960, 24-bit color
depth
...
=============


## Create a VNC startup script for xinetd to start all necessary
services for your virtual VNC displays.

=================
/etc/xinetd.d/vnc
-----------------
# default: off
# description: VNC accepts connections from VNC viewers using XDMCP to \
# manage the connections.

## [50] Default options: Color Depth: 16 Geometry 1024x768
service vnc
{
flags = REUSE
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once
-securitytypes=none
disable = no
}

## [52] Color Depth: 8-bit Geometry: 1024x768
service vnc1024x768x8
{
flags = REUSE
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once -geometry
1024x768 -depth 8 -securitytypes=none
disable = no
}

## [53] Color Depth: 8-bit Geometry: 1280x1024
service vnc1280x1024x8
{
flags = REUSE
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once -geometry
1280x1024 -depth 8 -securitytypes=none
disable = no
}

## [62] Color Depth: 16-bit Geometry: 1024x768
service vnc1024x768x16
{
flags = REUSE
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once -geometry
1024x768 -depth 16 -securitytypes=none
disable = no
}

## [63] Color Depth: 16-bit Geometry: 1280x1024
service vnc1280x1024x16
{
flags = REUSE
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once -geometry
1280x1024 -depth 16 -securitytypes=none
disable = no
}

## [72] Color Depth: 24-bit Geometry: 1024x768
service vnc1024x768x24
{
flags = REUSE
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once -geometry
1024x768 -depth 24 -securitytypes=none
disable = no
}

## [73] Color Depth: 24-bit Geometry: 1280x1024
service vnc1280x1024x24
{
flags = REUSE
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once -geometry
1280x1024 -depth 24 -securitytypes=none
disable = no
}

## [80] Color Depth: 24-bit Geometry: 1280x960
## (special for Dennis)
service vnc1280x960x24
{
flags = REUSE
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once -geometry
1280x960 -depth 24 -securitytypes=none
disable = no
}
=================


## Setup X to use the VNC Native display server for the root console :0

==================
/etc/X11/xorg.conf
------------------
...
Section "Module"
...
Load "vnc"
EndSection
...
Section "Screen"
Identifier "Screen0"
...
Option "SecurityTypes" "VncAuth"
Option "UserPasswdVerifier" "VncAuth"
Option "PasswordFile" "/root/.vnc/passwd"
EndSection
...
==================

## As "root" user set a vnc password for the VNC "Native Display" server

vncpasswd
(creates /root/.vnc/passwd)

## You'll have to restart the X server and xinetd to get things rolling.

## You may be able to do this using <Ctrl><Alt><Backspace> at a login
prompt.
If you're not already setup to boot into run level 5 with a respawning
xdm you may need to do a system restart.

## You'll need to restart xinetd to get it to re-read the config files.

service xinetd restart

## Lastly, you need to test connections from another machine upon which
you've already installed a VNC Viewer (client).

################################
## Begin VNC Server on RHEL 4 ##
################################


##################################
## Begin Java VNC Viewer Client ##
##################################

## To get the web server to offer a Java VNC client:

mkdir /var/www/html/vnc
cp /usr/share/vnc/classes/* /var/www/html/vnc/

## Add something like this to one of your html pages:
(I have a support page where we maintain tool links)

/var/www/html/support.html
=========================================================
...
<P><B><A HREF="documentation.html"> Documentation</A></B>
<P><B><A HREF="http://pegasus/vnc/index.vnc">VNC Viewer (Java)</A></B>
<P><B><A HREF=JavaScript: onclick="mindTerm();"
...
=========================================================

## You may have authentication problems when trying to connect to
machines other than the one on which the VNC jar file is installed. If
you want to use it this way you may need to "sign" the jar file. That's
beyond the scope of this post. A simpler way to use the Java client is
to copy it to your client machine and run it directly.

## Run the Java VNC client directly:

Note: It's just as simple, if not more so, to install the Windows VNC
version so that's what I do.


## Install the latest JRE from the Sun Java site:
http://www.java.com/en/download/index.jsp

## Copy the "vncviewer.jar" file to the (windoze) client machine

C:\Program Files\RealVNC\VNC4\vncviewer.jar

## Create a menu item or shortcut executing the jar file:

Target: "C:\Program Files\RealVNC\VNC4\vncviewer.jar"
Start in: "C:\Program Files\RealVNC\VNC4\"

################################
## End Java VNC Viewer Client ##
################################


Previous message: Connecting to RHL from Windows?
Next message: Connecting to RHL from Windows?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You might also like