vncserver for local net

SlowJet · #1 2005-02-08, 03:34 PM CST

Hi all,

I managed to get 5 users accounts running on the vncservser by doing a search on vncserver and reading all l of each thread to get one little tib bit of useful information.

Here is a recap to get the server end going.

1. Stop the vncserver service until all the accounts are ready.

2. create users accounts and strong passwords with a unique group id for easy identification.

3. su - in a term and gedit /etc/sysconfig/vncserver
find the "1:useraccount" and change to a string of accounts as
"1:useraccounta 2:useraccountb 3:useraccountc 4:useraccountd 5:useraccounte"
then change screnn size in next line to desired 1024x768
save file exit out

4. Now you need to logon to each user account and under a local term do
vncpasswd
enter "vncpasswdforuseraccountx"
verify
enter "vncpasswdforuseraccountx"
exit out
After all vncpasswords have been created there is a .vnc folder that contained the vnc files needed to run.
only the passwd file is pressent so we need to get the defaulut pid and log and startup file created for each account.
log in to naormal user account.
Meni Applications, Systems Settings, Server Settings, Servives
enter root passwd when asked.
schroll down to vncserver
check boc if you want this up at boot time (not it takes a bit of time and resources.)
with vncserver slected go to the top of the window and click on start.
You will get a service started ok or an error message.
Assumming it is ok, we'll continue.

5. Logon to each vncuser account and edit the now created home/.vnc startup file.
The files are hidden so click view, show hidden.
Whn you d-click the startup file it asks to run or display, clcik on display and the emac editor opens with the file.
The # comments - do what the fist line says i.e. uncomment the next 2 lines. This makes the Gome work.
Someone said to get rid of the extra green twm boarders to change the last line
twm & to somethin else, I used "startkde &" thinking the uncommended lines were for x11 but more was needed for Gome. Not the case, Gome starts and no Kde is involved but there is no green twn boarders either.
after each user's startup file is completed, save it with the menu opten save current buffer.
exit out and log off
Log on to naormal user.
start applications, system settings, service settings, services.
schroll down to vncserver
slect and go to topp of window and click Restart.
wait for a minute.
start up the sytem monitor and look at proicesses.
There will be everythin defined for a Gome user running for each user.
the vncserver should show five pid's

6. Now it is ready to test and you will need a vncclient for the windows PC >= version 3.8.
I used Realvnc free. it is version 4.0 and the purchased version is 4.1. You do not need the server part unless you are going to reverse the process i.e. logon from linux to a windows vnc.
After the vncclint is on the windows pc start it up and click on options to uncrease colors to full.
Enter into box ip iof Linux vncserver box as such
90.0.0.17:4 to use the forth vncuser account
enter vncpasswd - this is the forth vncuser account's passwd (not the forth user account's passwd. Those were used by the vncserver to logon and get going.)
The client screen of the forth vnc user should pop up instantly.\ (because it's already running on the vncserver.) Make those passwds very strong as this is authorised by not encrypted.

That's all I have for the basics. The compression ratio for the transmits ran from 4.x to 5.8.
The first big notice was that the client menus on the Pent 2.4 HT responsed much faster than on the linux box. So some useful performce boost there. The 5 users took up about 200 MB of memory but the 800 mhz CPU was hardly doing anything, unitl I get erros form the client screen or netgear divce driver etc.

I would like to know how I would change a couple of accounts to KDE and one to IKCE if that is possible.
I would assume I would need to logon to each account with the desire session to get files initially created, then edit a kdestartup of a session file?

Hope this help a few get pass the secerts.

G/L

SJ

killaweegee · #2 2005-02-08, 04:27 PM CST

very good howto slowjet. It has been sometime since I tried to set up vnc and never could get it to work right, so now I'm going to try it with your steps. I have one question for you. In step number 4 you mention "Only the passwd file is pressent so we need to get the defaulut pid and log and startup file created for each account." Could you explain how you done that? I would really appreciate it, and Thanks in advance.

SlowJet · #3 2005-02-08, 04:52 PM CST

Thanks, killaweegee,

The first time the vncserver sevice is started (with the new config/vncserver file) the files that are created are the pid, log, and startup files in user/home/.vnc
(But if you were to connect then you would get a blank box with twm and that's about it.)
So you logon to each user and make changes to the startup to use Gome.
The vncserver is still running but the changes don't take affect until it is restarted or rebooted.

If you add more users later, you may get by with a copy and edit of the startup as you create the vncpasswrd.
(I would think the expert vncserver guys would have a script to set up large groups.)

G/L,

Let us know how yours goes.,

SJ

killaweegee · #4 2005-02-08, 05:14 PM CST

SlowJet Thanks alot for your help and quick reply. I would not have misunderstood your first post, but I made the mistake of not uncommenting my changes in the vncserver config file. Then when I restarted it those files was not in my .vnc directory. Thanks again and great post. VNC and gnome are working great now!

killaweegee · #5 2005-02-08, 10:55 PM CST

SlowJet I continued to play with your vnc config and now have it tunneling through ssh. It works really good and the only port still needed to forward throught he firewall is port 22 for ssh.

1. If you do

Code:

ssh -L 5901:remoteserveripaddress:5901 username@remoteserveripaddres

this will get you logged in like a normal ssh session except it has created a tunnel to the port 5901 which would be corrosponding to your user number. If you the user was vnc user number 2 then they would be 5902.

2. Once connected open up the vnc viewer and connect to 127.0.0.1:1 or whatever user number you are.

SlowJet · #6 2005-02-10, 01:57 PM CST

Hello killaweegee and all,

I'm glade you got the vncserver to work and with ssh.

I am just not getting the ssh application.
I read several sites articles and the man pages and it is really broad based.
I like it. I would like to use Triple DES(3des)

I do not understand why you are referring to a remoteseverip.
I can not determine which end of the stick or what chair one is sitting in when they describe shh commands. (Remote, server, client = who, where, direction)

I entered the command as a root term
ssh -L 5905:myvncserverip:5905 5thvncusername@myvncserverip

I got a message from RSA – the finger print is hh:hh: ...:hh
do you want to continue yes or no?
I said yes
It said the host is now recorded
write failed
broken pipe.

I don't understand why I would use 127.0.01:5 from a client(whoes client)
but I tried it anyway.
logon from a client with 127.0.0.1:5
No go
I tried ssh 5thvncuser@myvncserverip
no go
I tried the normal way myvncserverip:5
enter 5thvncuser password *****
it worked as it used to.

I have yet to find an ssh example that explains what the command is supposed to do in the proper context or scope of the networked computers.

The good news is I can start a vnc on a windows box then RDP-desktop to the windows box from my Linux user account and TA-DA, Gome on Windows on Gome.
(Discovered RDPv5 for Windows XP and is tends to degrade the color from 32 bit to 16 bit for all connections so I will use RDP so I can have full color with mismatched resolution)

So lets leave this thread for simple vncserver help and some one may create a detailed How-to for ssh with the proper terms in the correct context with good examples. (coz I'm lost in space.)

SJ

P.S. This time is used a spell checker. I keep forgetting I have Open Office on this Linux box. Amazing stuff.

killaweegee · #7 2005-02-10, 02:05 PM CST

Hello SlowJet,

Sorry for bad example, let me try again. The -L switch tells ssh to create a tunnel. So if you did

Code:

ssh -L 5901:vncserverip:5901 vncusername@vncserverip

This creates a tunnel through ssh using source port 5901 and destination port 5901. As for the broken pipe you are getting. I have got this on two machines, but I have not got it on two machines. I'm not sure what is causing that error to come up but I want to find out. Once we get you connected without the broken pipe you can open your vnc client and connect to 127.0.0.1:1 or what ever your vncuser number may be. The reason the 127.0.0.1 is because where made a tunnel with our ssh we are directly connected to our vncserver now from our client on port 5901 or what ever port you chose. So in the vnc client 127.0.0.1:1 is essentially connecting to your personal machines loopback, but our loopback is disguised as connecting to the vncserver. Hope this is a little more clear and if not please let me know. Lets figure out where the broken pipe is coming from.

Ph34rT3hP3ngu1n · #8 2005-02-23, 08:10 AM CST

i am having troubles with my own basic vnc server connection...
it works just fine in my local network (192.168...:1) i've disabled the fedora firewall and opened the ports on my router for vnc use... However, i cannot connect over the internet on my XP box. i have no experience with ssh but i know it works over my lan cause i've connected with hyper terminal...
i'm basically trying to see if i can access fedora from the school yearbook computers...
-ph34r

talz13 · #9 2005-02-24, 01:19 PM CST

I stumbled across a good vnc tutorial over at the gentoo forums. it has good step by step instructions on getting vnc over ssh using putty (for windows). I just set it up this morning, and it's been working great so far.

EDIT:

wow, I guess it helps if I post the link that I was referencing

http://forums.gentoo.org/viewtopic-t...+internet.html

SlowJet · #10 2005-02-24, 03:04 PM CST

Hi talz13,

I think a lot of the examples are too old for FC3 on 2.6.10 Kernal with the SELinux and Firewall in place.
Also Win Xp with Sp2 has a new FW that blocks all incoming on ports (except the standard set)
On my local net ever box is running a FW - things going out are fine but things coming in must be set up.

I tried to use Putty but it was over my head with so many options.
But now I see an example on Gentoo that shows how to use Putty and it is from the client. Putty sets up the SSH tunnel and the session. The (piece I was missing) vnc client is opened as normal (after Putty) and it logs in with localhost:1.
The password and data is now going through the SSH tunnel.

I have re-installed FC3 since then and will need to set up the accounts, passwords, and get VNCserver going again before I can try it but I think it may work if I can get the FC3 box set up with the correct ports open on the FW without totally turning it off. (I did say to use port 22 when I installed for SSH but I don't know if that automatically ties back into 59xx set? But I will try 22 also on Putty.)

Thanks for the comment.

SJ

kosmosik · #11 2005-02-24, 04:11 PM CST

Quote:

Originally Posted by SlowJet

2. create users accounts and strong passwords with a unique group id for easy identification.

strong passwords? what for? what strong password gives you when you are using unsecure protocol for authentication? VNC sends passwords unencrypted, anyone can sniff it, so the strenght of the password has no matter... I would rather consider using VNC over SSH... some clues:
http://www.uk.research.att.com/archive/vnc/sshvnc.html
nice gui client for SSH/VNC:
http://freshmeat.net/projects/sshvnc/

SlowJet · #12 2005-02-24, 11:32 PM CST

Hi everybody,

***Update for SSH from Client side.

Prereq's
1.FC3 is listening on port 22 for SSH (from install or setup later)

2.The vncserver setup as described above and tested connection with vncclient.
i. vnclogon 90.0.0.17:4 - as above
ii. vncpassword as above.

Establishing SSH from client.

0.Start up the vncserver on the FC3 box.
1.Download and install Putty client software on the Windows Xp client.

2.Startup Putty.

3.In the left pane click on tunnel sub section of SSH section near the bottom.
ii. In Source Port – enter 590n where n is (1 2 3 4 5)
iii.In Destination box – enter “localhost:590n” without quotes.
iv. click on ADD button to create entry into large box above it.

4.In left pane click on Session section.
i. enter ip of FC3 box 90.0.0.17 – as above
ii. SSH Port – over to the right is a box for listening port. Default is 22.
iii. click OPEN – near the bottom of screen.

5.Xterm comes up and asks for logon.
0. (There is a RSA message – click NO until you get things working.)
i. enter the account's real username and real password – as if you were at the FC3 box.
ii. The user@host prompt will return – The SSH tunnel is now established.
iii. Minimize screen – it is not used.

6.Start up the Windows Realvnc client.
i. Options – full color
ii. Connection – enter “localhost:n” where n is (1 2 3 4 5) as above
iii VNCPASSWD – The password set up via the command vncpasswd.

7.The connection is going out through the established SSH link.

8.Gome window pops up.

SJ

M4rk · #13 2006-11-28, 06:54 AM CST

Sorry if you have already answered this but i can't understand it. But I think it's a little different.

I have a Lan with one WinXP machine and two fedora machines. I want to be able to have access to the second fedora machine through vnc from winXP machine. I don't want to log in through vnc in another session at the fedora machine...I want to use the remote desktop feature and access the same desktop some other remote user will if he tries to access the same fedora machine and interact in the same desktop. The problem is that the default port for remote desktop is 5900 and is taken by the first fedora machine.
My question is how i will change that port if this is possible.

M4rk · #14 2006-11-30, 06:59 AM CST

Problem solved using an x11vnc server on the remote machine...everything worked fine...

ggiles · #15 2006-12-05, 08:44 PM CST

Good thread, but I'm having a problem. I'm running FC6, GDM and accessing the FC6 box from a WinXP Pro machine running RealVNC. I reviewed the original post in the thread and everything matches what I'm doing, although I've setup vncservers file to use "1:root 2:gregg". I know :0 is root, so I wanted to do :1 as root anyway for remote logins for the heck of it. I can connect just fine as :1 and :2.

Problem is that after I logout the root user on :1, then try to reconnect to :1, my login is authenticated fine, and a display appears, but all I see is the GDM background with no icons, no menus, no nothing - just the background image. It's odd. I do notice that the Package Updater pop-up bubble will appear, but that's it. (Same thing happens with :2, BTW).

Any idea how I can get the icons and menus to reappear after I logout remotely and log back in?

Cheers,
Gregg