Configuring VNC
Posted: Mon Nov 22, 2010 5:17 am
I cannot edit http://wiki.amahi.org/index.php/VNC and I have a MUCH different way of installing VNC and a MUCH different experience.
First off the instructions there say to:
yum -y install tigervnc-server
chkconfig vncserver on
service vncserver start
My experience has been that the start will fail if you don't configure it first.
So after the install and before the service start (time wrt chkconfig independent):
Edit /etc/sysconfig/vncservers, uncommenting VNCSERVERS="2:username" line and changing username to user of choice. Plus add additional users (eg VNCSERVERS="2:user1 3:user2")
Even at this point, the start will fail. You have to login as each user with VNC auth (e.g su usern) and run vncpasswd. This command does the basic user configuration. NOW you can start vncserver. Then if you want users to have a GNOME experience, STOP vncserver, login to each user and edit ~/.vnc/xstart and REPLACE the line:
twm &
with the line
exec gnome-session &
NOW once again start vncserver and you are ready to go. Each user gets to THEIR VNC session by connecting to port 590n where n is the value in VNCSERVERS=. Note you ARE limited to 9 users have access via the VNC service.
I go through this process every time I install a Centos/Fedora system. It is the third thing I do in a new install after 'yum update' and customizing SSHD to my tastes.
A couple of security notes about VNC.
It is totally insecure unless you run it through SSH; there are a couple of ways to do that.
Terminating your VNC client does NOT log off the user! Restarting the client brings you right back to your session as you left it. I actually find this as a feature, as I can leave a long-running program going and not worry about a disconnect that I might get through a SSH session.
If you configure root as a user with access via VNC, you do log in as root. And by default, root login does not time and throw up the screensaver and login prompt, leaving your system quite exposed, At one point tigervnc did not allow root to be an acceptable user for VNC, but people complained about this and you can vnc in as root, hopefully knowing the risk.
First off the instructions there say to:
yum -y install tigervnc-server
chkconfig vncserver on
service vncserver start
My experience has been that the start will fail if you don't configure it first.
So after the install and before the service start (time wrt chkconfig independent):
Edit /etc/sysconfig/vncservers, uncommenting VNCSERVERS="2:username" line and changing username to user of choice. Plus add additional users (eg VNCSERVERS="2:user1 3:user2")
Even at this point, the start will fail. You have to login as each user with VNC auth (e.g su usern) and run vncpasswd. This command does the basic user configuration. NOW you can start vncserver. Then if you want users to have a GNOME experience, STOP vncserver, login to each user and edit ~/.vnc/xstart and REPLACE the line:
twm &
with the line
exec gnome-session &
NOW once again start vncserver and you are ready to go. Each user gets to THEIR VNC session by connecting to port 590n where n is the value in VNCSERVERS=. Note you ARE limited to 9 users have access via the VNC service.
I go through this process every time I install a Centos/Fedora system. It is the third thing I do in a new install after 'yum update' and customizing SSHD to my tastes.
A couple of security notes about VNC.
It is totally insecure unless you run it through SSH; there are a couple of ways to do that.
Terminating your VNC client does NOT log off the user! Restarting the client brings you right back to your session as you left it. I actually find this as a feature, as I can leave a long-running program going and not worry about a disconnect that I might get through a SSH session.
If you configure root as a user with access via VNC, you do log in as root. And by default, root login does not time and throw up the screensaver and login prompt, leaving your system quite exposed, At one point tigervnc did not allow root to be an acceptable user for VNC, but people complained about this and you can vnc in as root, hopefully knowing the risk.