Aug 10, 2007

Using VNC

Most of us work in hybrid environments.  In most cases end users will have Windows machines, designers will be on OS X, and the servers will be running some form of *nix.  Rdesktop is a very good solution if one just needs to RDP into a Windows box, but what if you need to get on an OS X machine or need to see Xorg on another machine.  VNC is available for all three of these platforms.  VNC performs its job well although slow.

I'll mainly be describing the FreeBSD configuration as this is a BSD site and FreeBSD it the flavor I'm most familiar with.  This process should be very similar across all the *nix.  Feel free to add OS specific instructions.  I'll gladly post them.  Use the relevant porting system or package manager in your case.  For FreeBSD it is available in the ports tree.  If the machine which will be installed on only needs the client, VNC can be compiled without it.  From /usr/ports/net/vnc type `make -DWITHOUT_SERVER install clean` and only the client will be built.  All the options can be seen in the MakeFile for ports.

If the computer is going to accept VNC clients the server needs to be started as the user that will be logging in.  For example, if user guest01 wants to vnc into a FreeBSD VNC server from a Windows machine he/she must log into the FreeBSD machine as guest01 (or `su` as guest01) and run `vncserver`.  VNCserver will ask for a password.  Whatever you provide as a password is what will be used to authenticate the client.  For simplicity I recommend using the same password that is used to login to the FreeBSD machine.  VNCserver will then show the hostname followed by :1 .  This shows what port VNCserver for user guest01 is running on.  Now user guest01 can start VNCviewer from his/her windows machine, fill the host field with "hostname:1", type password that was set, and should connect.

When VNCviewer is started for the first time it defaults to the TWM window manager.  Each user has a .vnc directory in his/her home directory containing a file called xstartup.  This file is used similarly to .xinitrc.  If one prefers to use Fluxbox for example, simply comment out or delete the line containing twm and add fluxbox&.  This will cause VNCviewer to start in Fluxbox from now on.  The file will look similar to the following.

#!/bin/sh

[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#twm &
fluxbox&

As sessions are started by different users the port numbers will increase.  A lock file is created in /tmp for each session.  This tells the vncserver what is available for users to use.  Using the above example, there will be a file called /tmp/.X1-lock .  These lock files remain and as users forget what port they were on and start new VNCserver instances port numbers and lock files can grow out of control.  Investigate which sessions are not being used and then `kill` them.  Running `ps aux|grep vnc` returns the vnc sessions, their owner, and what port it is running on.  Finnally go into /tmp and remove the lock file for the relevant port.

VNC does not have good security.  Although it is beyond the scope of this quick how-to, it is possible to tunnel VNC over SSH.  This adds great encryption with a minimal hit on performance.  Below are two good articles explaining how tunneling can be accomplished.

http://www.vnc.com/pipermail/vnc-list/2005-October/052697.html

http://www.oreillynet.com/cs/user/view/cs_msg/24540


Although VNC is not the smoothest or most secure way to graphically connect different operating systems it is one of the most compatible and easiest to use. 

No comments: