VNC 的使用

使用vnc - [IT笔记]

版权声明：转载时请以超链接形式标明文章原始出处和作者信息及本声明 http://shenheng.blogbus.com/logs/10226482.html

首先要配置vncserver:

在需要开启VNC服务的用户目录下打开.vnc/xstartup文件，如果是给root用户开vnc，就用以下命令打开：

sudo vi /root/.vnc/xstartup

将该文件的内容修改为如下所示：

#!/bin/sh # Uncomment the following two lines for normal desktop: # unset SESSION_MANAGER # exec /etc/X11/xinit/xinitrc [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic & xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" & gnome-session #startkde #fvwm2 #twm &

最后的四行是选择VNC连接使用的XWINDOWS，gnome-session是使用gnome，startkde是使用KDE，如此类推，但这四行内容中只能使用其中一行，其余三行都要注释掉。

再编辑你的/etc/sysconfig/vncservers文件，指定用户及用户对应的桌面，使用以下命令打开文件： sudo vi /etc/sysconfig/vncservers

修改为如下内容：

# The VNCSERVERS variable is a list of display:user pairs. # # Uncomment the line below to start a VNC server on display :1 # as my 'myusername' (adjust this to your own). You will also # need to set a VNC password; run 'man vncpasswd' to see how # to do that. # # DO NOT RUN THIS SERVICE if your local area network is # untrusted! For a secure way of using VNC, see # <攻破天网的几种办法如何抓ftp/pop3口令明文如何关闭你的NetBIOS 端口，让黑客无法入侵你!能伪装IP地址的攻击工具源码(For Win2000)几种流行的入侵工具与讲解[转]关于Win2000 Server安全一个多功能linux 后门的源代码 破解系统(1-7)port list(from neohapsis)Apche日志系列(1)：访问日志相关链接共 112 篇>','相关的链接')">URL:http://www.uk.research.att.com/vnc/sshvnc.html>. VNCSERVERS="1:root" VNCSERVERARGS[1]="-geometry 1024x768"

VNCServer的默认端口是5801，5901和6001，这里的“1:root”表示为系统用户root开启5801，5901和6001端口，1为桌面号，

如果需要为多个用户开端口，则用以下方式： VNCSERVERS="1:root 2:xiaowei" VNCServer的默认端口是5801，5901和6001，这里的 “1:root 2:xiaowei”表示为系统用户root开启5801，5901和6001端口，1为桌面号，为系统用户xiaowei开启5802、5902和 6002端口，2为桌面号，依此类推。

还要设置登录密码 vncpasswd

启动vncserver

/etc/rc.d/init.d/vncserver start

或

/etc/init.d/vncserver start

如果看到以下类似的内容，则代表启动vncserver成功

Starting VNC server: 1:root [ OK ]

如果你的客户端是LINUX，你可以使用vncviewer进行连接，这个软件应该是在很多LINUX发行版中都带有的。

例如vncserver所在服务器的ip为192.168.0.1，配置的桌面号为1，则连接命令如下：

vncviewer 192.168.0.1:1

在弹出窗口中输入密码即可。

*********************************************************************************

查看vnc已启用的桌面号及监听进程 [root@linux /]# netstat -tlnp |grep vnc vncserver 命令带有一些很有用的参数，用vncserver --help 查看。 简单解释一下： vncserver [:] [-name ] [-geometry x] [-depth ] [-pixelformat format] vncserver -kill :display : vnc服务的display号，可以自行指定，尽量不要使用系统默认的以保证安全，必须为非0的正整数 vncserver :99 使用时必须输入正确的display号才能连接；用浏览器要在端口号加上display号，默认端口5800，远程连接输入 XXX.XXX.XXX.XXX:5899 -name 指定vncserver桌面名字 比如要让名字显示为 “红帽” vncserver -name 红帽 -geometry x指定显示桌面的分辨率，默认为1024x768 vncserver -geometry 800x600 这个命令实际中很有用，例如本地分辨率为1024x768 如果不设定远程vnc服务分辨率就会造成桌面显示不全的问题。 -depth 指定显示颜色,设定范围8～32 vncserver -depth 16 用16bits颜色显示 -pixelformat 指定色素格式 与-depth大致相同，只是表示方法不一样 vncserver -pixelformat RGB888 用24bits颜色显示 vncserver -kill :display 结束vnc服务及远程桌面 vncserver -kill :1 其它更详细的使用请用man查看。 vnc内定的窗口管理器是twm与大家使用的可能不同，通过修改vnc的配置文件可以更换为自己喜欢的，方法如下： 修改用户目录下的 .vnc/xstartup 文件 #!/bin/sh [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic & xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" & twm & 将#!/bin/sh后面的内容全部注释掉，改成 ~/.Xclients 保存文件 现在可以测试修改是否成功，先kill vncserver服务 vncserver -kill : 或 pa aux|grep Xvnc kill PID 重新启动vncserver ，用vncviewer连接远程桌面是不是已经变成自己喜欢的类型了。 在 前面有vnc server 设置的文章（http: //bbs.chinaunix.net/forum/viewtopic.php?t=368552&highlight=yunqing） 里, 我们已经可以在一个linux的服务器上运行vncserver来进行远程访问了,但需要注意的是,如果直接使用vncviewer来进行访问,有 两点不利因素: 1. 口令传输是明文,很容易被侦听到. 2. 防火墙需要打开59xx端口,这在通常的单位里是不可能的. 幸运的是,我们有ssh这个强大的工具,象X11 Forwarding(另文论述),我们可以使用ssh隧道来保护通讯过程,下面就进行简单介绍. 假设vncserver运行在服务器 myserver (ip地址为:192.168.x.x)的屏幕1,也就是侦听 192.168.x.x:5901, 用户名为foo 情形一: vnc客户端为linux 这种情形很简单,一般的linux发行版本里面都默认安装了ssh套件. 1. 用ssh登录到服务器 ssh -L 5901:localhost:5901 -l foo myserver 或者直接用ip地址 ssh -L 5901:localhost:5901 -l foo 192.168.x.x 2. 在本机的另外开的终端上,运行vncviewer (或其它的类似工具) vncviewer localhost:1 情形二: vnc客户端为windows 1. 下载一个ssh客户端,个人推荐putty,只有一个程序,不需要安装,简单而功能齐全. 到这里下载http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html 下载putty.exe到桌面上直接运行即可。 2. 运行putty,输入服务器的ip地址,输入一个名字,这里myserver作为session的名字，按save保存。见附图一 3. 单击对话框左边的tunnels来选择相关设置，在source port里输入5901，在Destination里输入localhost：5901，按Add添加，如附图二 4. 单击左边session，回到session设置，按save重新保存。按open即可登录到服务器。 5. 运行vnc-viewer （如果没有，到这里下载http://www.realvnc.com/download.html，只要一个 exe的文件就行），在Server里输入localhost:1,见附图三, 输入口令后一个linux的桌面就会出现在windows里，并且是非常 安全的

 

Using VNC with Linux

Nelson Pereira I want to use VNC (Virtual Network Computing) in Linux to remote administer my various machines. 1. Introduction 1.1 What is VNC? VNC (Virtual Network Computing) is a remote display system which allows the user to view the desktop of a remote machine anywhere on the internet. It can be directed through SSH for security. It is a great tool for remote administration and thin clients. It does, however, have its drawbacks. It, unlike Tarentella (TM) or Citrix (TM), is not an application server. It also has the tendency to take more time refreshing over low-bandwidth links. 1.2 Layout and content of this document This document is designed to be a quick-start guide to using VNC on Linux RedHat 8.0, but may be the same for Mandrake and/other distro's. The document will cover three basic configurations in detail. These configurations are: Linux Desktop on Windows, Windows Desktop on Linux, and Linux desktop on Linux. This document will also address the use of SSH to provide a secure VNC connection, allowing multiple users to view (not modify) a Windows desktop, and use VNC on other platforms. This is not designed to be comprehisive. 2. Installing VNC on RedHat 8.0 You should get the lates version of VNC Server and Client from http://www.realvnc.com/download.html. Read the INSTALL file included on the tar file. After the the tar file is installed there are some additional steps needed to configure VNC to use kde or GNOME as the desktop. VNC must be configured for each user on the Linux system, I will use the username "john" as the user I will configure VNC for (Note: each user has his/her own settings for VNC and also several different incidences of VNC can be run on Linux at the same time, so if you are viewing Linux desktops then it could work as a thin client server). The problem is that VNC is somewhat resource intensive (uses about half the resources of a full X server) so the more VNC instances you run the worse the preformance will be). First I log in as john and open a terminal window (you can also ssh or telnet to the machine that will be running vnc server). I first enter this command: Then I am prompted for the password to connect to the VNCserver. The password has to be at least six characters. Now the VNCserver is running but if you log in you will not have any window manager, so to add this first kill the server using this command: If you have more that one VNCserver running then replace the 1 with the correct number of the VNCserver you want to kill (the number is given when you start the VNCserver). Now you need to edit the ~/.VNC/xstartup (you can use any text editor to do this). In this file uncomment (remove the # signs) from these lines: Now, when you login to VNC as a viewer, a default GNOME session will start. 3. Installing VNC on Windows VNC for Windows is also available at http://www.realvnc.com/download.html. To install just unzip the VNCwin32-X.X.X.zip file then run setup.exe in the new directory that is created. You will need winzip or similar utlitiy for Windows in order to install it. Select the options during setup. 4. Configuration and usage 4.1 Scenario 1 - Linux Desktop on a Windows Client Because Linux is a multi-tasking, multi-user system you can have muliple instances of VNC running. Each user on a Linux machine can start a VNC session, and they don't have to worry about stepping on other user's toes. To do this first start the vncserver on Linux by issuing the command: You have to start the VNC server in 16 bit mode or GNOME will not work. You can use whatever values for geometry you want (800x600 is a good size too). More bandwidth is required for deeper color depths or larger geometries. After you start the vncserver something similar to this will be returned in terminal: Now, on the Windows machine just double click the vncviewer icon and as the address put the hostname or IP address of the VNC Server with a :1 to specify display #1. If the hostname of the machine is not resolvable then you need to enter the :1 to connect to the vncserver. Once you enter the correct address for the VNC server and the correct password then you will be presented with a GNOME desktop on your Windows desktop. For each new instance of the VNC server, the screen number (:1 in our example above) will be incremented by one. If I start another vncserver without stopping the first one I started the display number would be :2. To stop the VNC server just issue this command: So to kill the vncserver in our example the command would be: Only the user who started the VNC server can kill it. It is a good idea to clean up VNC servers for security reasons and to free up system resources. 4.2 Scenario 2 - Making the VNC Server Come Up at Boot This requires an entry in the /etc/rc.d/rc.local file. You can call the vncserver directly but this will start it as root, which is a bad idea, so we are going to start it as a regular user. The user name we will use for this "user"; just replace all instances of "user" with the username on your machine. Basically we just add this line to the end of the rc.local file: 4.3 Scenario 3 - Windows Desktop on a Linux Client Unlike Linux, Windows is not a true multi-tasking, multi-user system, so only one instance of the VNC server can run on it. Also what ever changes are made from the VNC client are viewedon the local desktop. In other words a user sitting at the Windows machine can watch everything a remote user is doing through VNC, and vice versa. There are many different configuration setting for the vncserver in Windows. I will only cover the basics; for more information see the additional resources section. To start the server just go to the start button->programs->Vnc->Run WinVNC (app mode). This will start a vncserver. When the machine reboots the VNC server will not start automatically. To have the vncserver start automatically go to start->programs->Vnc->Administrative tools->Install WinVNC Service. Once the vncserver is running to connect to the server from Linux open a terminal window and type: 4.4 Scenario 4 - Allowing Multiple Users to View the Same Windows Desktop If one client is connected to winVNC and another user tries to connect the first user will be disconnected. To stop this, you would use the -shared option to vncviewer in Linux. For example, if I were viewed a Windows screen along with other clients I would type this command: User's can also be prevented from having any control over the Windows desktop too. To do this right click on the VNC icon in the system tray, then choose properties. Now check the box "Disable Remote Keyboard & Pointer" then click OK. 4.5 Scenario 5 - Linux Desktop on Linux I don't really need to cover this scenario in much detail, but to start the vncserver on one machine just follow the instructions in scenario 1. To start the vncviewer on the client just follow the instructions on in scenario 2. 5. Using SSH for a Secure VNC Connection SSH stands for Secure Shell. It uses public key cryptology to encript data sent between two computers. This makes it very hard for anyone to eavesdrop on the communication and steal important information, such as passwords. To use SSH with VNC we are going to setup ssh to listen on a port on the local machine then forward that port through the secure channel to the vncserver. The basic form of the command is this: The command works like this: start an SSH connection to (the vncserver), listen on port x on my local machine and forward all data to port y on the vncserver. VNC runs on port 59xx, where xx are replaced with the screen number. So, in our example from scenario 1 the vncserver is listening on port 5901. WinVNC listens on port 5900. One example applies to connection to a vncserver from Linux using SSH. Using the example from Scenario 1, we have a vncserver running on screen :1 on 134.199,40.64. Lets also add that user 'bob' has started the vncserver, so to setup ssh to forward the ports we would run this command on the Linux client: when we hit enter we will be prompted for the password for bob. The vncserver has to be started prior to running the above comamnd. Enter the password and now the connection is up and the port is being forwarded. Now to start the vncviewer we use this command in another terminal window on the client machine: