Setting Up VNC on RHEL 4Calvin Webstercwebster "at" ec.rr.comFri Apr 28 22:47:01 2006 Previous message:Connecting to RHL from Windows? Next message:Connecting to RHL from Windows? Messages sorted by:[ date ][ thread ][ subject ][ author ]

I've been meaning to do this for quite some time. I figured this was agood opportunity to pass on my experience in setting up VNC on ournetwork. VNC has become one of the most useful tools I've ever used. Itallows me to do the work of several administrators by eliminating mostof the time required to physically touch a remote computer.

I manage several interconnected LANs and network services spread across4 buildings. Each building houses one or more offices and trainingfacilities consisting of various blends of hardware/software platforms,applications, and users. If your network is anywhere near as diversifiedas ours, you'll need to do some research to get VNC running on all yourplatforms, but this should get you started using it in the way I thinkmost people expect.

This collection of notes is very simplified, assuming the reader hasreasonable Linux sysadmin skills and experience. Although the VNCdocumentation is comprehensive, some key configuration details seemed tobe missing or hard to find for the setup we needed here. I've tried tocover them below.

MS Windows installations are pretty straightforward since it's asingle-user OS. Just login as Administrator and run the InstallShieldinstaller, then configure. I setup all our Windows machines with theAdministrator password. Unfortunately (or fortunately, depending on yourperspective) this means that only the sysadmin can connect to thesemachines. However, it also installs the VNC client with which users canconnect to network servers. On our network we have Unix/Linuxdevelopment machines to which they connect this way.

Any Unix/Linux machine that you can get GCC on will support VNC. MostUnix users I talk to expect to get a graphical login when they connectso I set it up to use the XDM login, just like it would if you werestanding in front of the console.

I'll keep an eye on this thread for a while. If I've left anything outI'll try to fill in the blanks. One last warning: watch out for wrappedlines below.

--Cal Webster

## References:

Documentation for VNC Free Edition 4.1:http://www.realvnc.com/products/free/4.1/

Other Multi-resolution Examples:http://www.realvnc.com/pipermail/vnc-list/2005-March/049889.html

Documentation for RHEL 4:https://www.redhat.com/docs/manuals/enterprise/

## Notes:

32-bit color depths didn't work for me I'm offering only 8, 16, and 24bit

"True colour" for 32-bit setting is uneven for rgb and shift settings

24-bit setting evaluates to "32 bits per pixel" in the "VNC serverdefault format"

Native X display (root console :0) uses default resolution of 8-bit1024x768

## Goals:

To provide users with a method of connecting to servers with agraphical user interface from any workstation platform withoutsaturating network bandwidth or requiring expensive, bandwidth-hungry3rd party connectivity solutions (like Hummingbird Exceed).

To provide system/network administrators with a method of remotelysupporting and maintaining server and client computers regardless oftheir host platform.

To provide the means to support on-the-spot training andtroubleshooting during a helpdesk call.

## Security:

Examples shown below use somewhat relaxed security settings. You maywant to use more paranoid settings if your network is at high risk. Forexample, you may choose to restrict VNC server to "localhost"connections and require clients to tunnel their VNC connections usingSSH. You DEFINITELY want use this method if going over the publicInternet. Bear in mind that this will limit available network bandwidthdue to the encryption overhead inherent in the tunnel. If there is notenough available bandwidth for a given color depth, VNC willautomatically throttle back to the most appropriate color depth.

If your network manager allows, and your perimeter and host securitydefenses are sufficient, you can take simple precautions without usingSSH tunneling while maintaining a high degree of VNC functionality.

I highly recommend setting a password for the VNC "Native X Display"(root console :0) even if you have a secure network. See last item inexamples. All other displays can use the XDM login authentication. Thereason for this is that anyone could take control of a root user sessionif, for example, the sysadmin walked away from the terminal. The virtualdisplays are only ever visible to the person who made the connection sothere's no danger of this.

## Examples:

The examples shown below come from a working configuration used in ahomogeneous network environment consisting of various MS Windowsplatforms, Unix flavors, and Linux distributions. All except the oldesthave VNC server and viewers installed. The example represents only RHEL4, but configuration would be very similar for other Unixes.

## Our Platform (you don't need that much hardware):

CPU:Dual Dual-core Xeon 3.6 GHzMEM:8 GBDISK:1.5 TB RAID 0/1OS:RHEL 4 ASVNC:4.1.1-1Xorg:6.8.2-1.EL.13.25

################################## Begin VNC Server on RHEL 4 ##################################

## Legend:...The appearance of an ellipsis indicates that the entriesto/from this point are insignificant or repeat.===Encloses part or all of the contents of a sample file.---Separates sections of a file or separates title orheading from content

## First, download and install the latest VNC RPM at:http://www.realvnc.com/products/free/4.1/download.html

## Ensure system security is set to allow VNC connections to portsyou've configured

5900 is default TCP portI'm also using ports 5952 5953 5962 5963 5972 5973 5980

One simple way is:

===============/etc/hosts.deny---------------ALL: ALL===============

================/etc/hosts.allow----------------ALL: 192.168.1. 192.168.2. 192.168.3. 192.168.32. 10.1.150.================

## Ensure that your system is set to startup in run level 5 with XDM(GDM)

============/etc/inittab------------...id:5:initdefault:...# Run xdm in runlevel 5x:5:respawn:/etc/X11/prefdm -nodaemon============

======================/etc/sysconfig/desktop----------------------DESKTOP="GNOME"======================

=====================================================diff /etc/X11/gdm/gdm.conf.orig /etc/X11/gdm/gdm.conf-----------------------------------------------------52c52< #RemoteGreeter=/usr/bin/gdmlogin---> RemoteGreeter=/usr/bin/gdmlogin211c211< Enable=false---> Enable=true214c214< #HonorIndirect=true---> HonorIndirect=true227a228> DisplaysPerHost=4230a232> PingIntervalSeconds=300298c300< #ChooserButton=true---> ChooserButton=true=====================================================

=====================/etc/X11/gdm/gdm.conf---------------------[daemon]AutomaticLoginEnable=falseAutomaticLogin=TimedLoginEnable=falseTimedLogin=TimedLoginDelay=30Greeter=/usr/bin/gdmgreeterRemoteGreeter=/usr/bin/gdmloginDefaultPath=/usr/local/bin:/usr/bin:/bin:/usr/X11R6/binRootPath=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/binUser=gdmGroup=gdmLogDir=/var/log/gdmPidFile=/var/run/gdm.pidPostLoginScriptDir=/etc/X11/gdm/PostLogin/PreSessionScriptDir=/etc/X11/gdm/PreSession/PostSessionScriptDir=/etc/X11/gdm/PostSession/DisplayInitDir=/etc/X11/gdm/InitXKeepsCrashing=/etc/X11/gdm/XKeepsCrashingServAuthDir=/var/gdmBaseXsession=/etc/X11/xdm/XsessionDefaultSession=default.desktopUserAuthDir=UserAuthFBDir=/tmpUserAuthFile=.XauthorityStandardXServer=/usr/X11R6/bin/XXnest=/usr/X11R6/bin/Xnest -audit 0 -name Xnest

[security]AllowRoot=trueAllowRemoteRoot=trueAllowRemoteAutoLogin=falseRelaxPermissions=0CheckDirOwner=true

[xdmcp]Enable=trueHonorIndirect=trueDisplaysPerHost=4PingIntervalSeconds=300

[gui]GtkTheme=Bluecurve

[greeter]TitleBar=falseConfigAvailable=falseBrowser=falseMinimalUID=500Logo=ChooserButton=trueBackgroundColor=#20305aShowGnomeFailsafeSession=falseShowLastSession=falseGraphicalTheme=DefaultGraphicalThemeDir=/usr/share/gdm/themes/

[chooser]HostImageDir=/usr/share/hosts/Hosts=Broadcast=trueMulticast=false

[debug]Enable=false

[servers]0=Standard

[server-Standard]name=Standard servercommand=/usr/X11R6/bin/X -audit 0flexible=true

[server-Terminal]name=Terminal servercommand=/usr/X11R6/bin/X -audit 0 -terminateflexible=falsehandled=false

[server-Chooser]name=Chooser servercommand=/usr/X11R6/bin/X -audit 0flexible=falsechooser=true=====================

## Add entries to /etc/services for display variations you will use

=============/etc/services-------------...# VNC Serversvnc 5950/tcp # VNC Service (using defaults)vnc1024x768x8 5952/tcp # VNC Service 1024x768, 8-bit colordepthvnc1280x1024x8 5953/tcp # VNC Service 1280x1024, 8-bit colordepthvnc1024x768x16 5962/tcp # VNC Service 1024x768, 16-bit colordepthvnc1280x1024x16 5963/tcp # VNC Service 1280x1024, 16-bit colordepthvnc1024x768x24 5972/tcp # VNC Service 1024x768, 24-bit colordepthvnc1280x1024x24 5973/tcp # VNC Service 1280x1024, 24-bit colordepthvnc1280x960x24 5980/tcp # VNC Service 1280x960, 24-bit colordepth...=============

## Create a VNC startup script for xinetd to start all necessaryservices for your virtual VNC displays.

=================/etc/xinetd.d/vnc-----------------# default: off# description: VNC accepts connections from VNC viewers using XDMCP to \# manage the connections. ## [50] Default options: Color Depth: 16 Geometry 1024x768service vnc{ flags = REUSE protocol = tcp socket_type = stream wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -query localhost -once-securitytypes=none disable = no} ## [52] Color Depth: 8-bit Geometry: 1024x768service vnc1024x768x8{ flags = REUSE protocol = tcp socket_type = stream wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -query localhost -once -geometry1024x768 -depth 8 -securitytypes=none disable = no} ## [53] Color Depth: 8-bit Geometry: 1280x1024service vnc1280x1024x8{ flags = REUSE protocol = tcp socket_type = stream wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -query localhost -once -geometry1280x1024 -depth 8 -securitytypes=none disable = no} ## [62] Color Depth: 16-bit Geometry: 1024x768service vnc1024x768x16{ flags = REUSE protocol = tcp socket_type = stream wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -query localhost -once -geometry1024x768 -depth 16 -securitytypes=none disable = no} ## [63] Color Depth: 16-bit Geometry: 1280x1024service vnc1280x1024x16{ flags = REUSE protocol = tcp socket_type = stream wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -query localhost -once -geometry1280x1024 -depth 16 -securitytypes=none disable = no} ## [72] Color Depth: 24-bit Geometry: 1024x768service vnc1024x768x24{ flags = REUSE protocol = tcp socket_type = stream wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -query localhost -once -geometry1024x768 -depth 24 -securitytypes=none disable = no} ## [73] Color Depth: 24-bit Geometry: 1280x1024service vnc1280x1024x24{ flags = REUSE protocol = tcp socket_type = stream wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -query localhost -once -geometry1280x1024 -depth 24 -securitytypes=none disable = no} ## [80] Color Depth: 24-bit Geometry: 1280x960## (special for Dennis)service vnc1280x960x24{ flags = REUSE protocol = tcp socket_type = stream wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -query localhost -once -geometry1280x960 -depth 24 -securitytypes=none disable = no}=================

## Setup X to use the VNC Native display server for the root console :0

==================/etc/X11/xorg.conf------------------...Section "Module" ... Load "vnc"EndSection...Section "Screen" Identifier "Screen0" ... Option "SecurityTypes" "VncAuth" Option "UserPasswdVerifier" "VncAuth" Option "PasswordFile" "/root/.vnc/passwd"EndSection...==================

## As "root" user set a vnc password for the VNC "Native Display" server

vncpasswd(creates /root/.vnc/passwd)

## You'll have to restart the X server and xinetd to get things rolling.

## You may be able to do this using at a loginprompt.If you're not already setup to boot into run level 5 with a respawningxdm you may need to do a system restart.

## You'll need to restart xinetd to get it to re-read the config files.

service xinetd restart

## Lastly, you need to test connections from another machine upon whichyou've already installed a VNC Viewer (client).

################################## Begin VNC Server on RHEL 4 ##################################

#################################### Begin Java VNC Viewer Client ####################################

## To get the web server to offer a Java VNC client:

mkdir /var/www/html/vnccp /usr/share/vnc/classes/* /var/www/html/vnc/

## Add something like this to one of your html pages:(I have a support page where we maintain tool links)

/var/www/html/support.html=========================================================... DocumentationVNC Viewer (Java)