因工作需要,配置VPC,好多年没用过VNC了,所以梳理整理一下,以防止以后再用
1.安装vnc server
查看系统是否安装:
rpm -qa | grep vnc
如果没有,则执行:
yum install vnc-server
# rpm -qa | grep vnc-server tigervnc-server-module-1.1.0-16.el6.centos.x86_64 tigervnc-server-1.1.0-16.el6.centos.x86_64
2.配置VNC
# vi /etc/sysconfig/vncservers # The VNCSERVERS variable is a list of display:user pairs. # # Uncomment the lines below to start a VNC server on display :2 # as my 'myusername' (adjust this to your own). You will also # need to set a VNC password; run 'man vncpasswd' to see how # to do that. # # DO NOT RUN THIS SERVICE if your local area network is # untrusted! For a secure way of using VNC, see this URL: # https://access.redhat.com/knowledge/solutions/7027 # Use "-nolisten tcp" to prevent X connections to your VNC server via TCP. # Use "-localhost" to prevent remote VNC clients connecting except when # doing so through a secure tunnel. See the "-via" option in the # `man vncviewer' manual page. # VNCSERVERS="2:myusername" VNCSERVERS="1:root" VNCSERVERARGS[2]="-geometry 800x600" #VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -localhost"
配置文件说明:
VNCSERVERS 是用来设定可以使用VNC的服务器账号,可以设定多个,例如上面root、ckl,但是中间要用空格隔开。vncviewer登录时,192.168.1.10:1表示是以root账号登录,以此类推。
如下:
VNCSERVERS="1:root 2:ckl"
VNCSERVERARGS说明: -geometry 表示桌面分辨率,默认为1024x768,所以上面的1024x768也可以不写。 -nohttpd 表示不监听HTTP端口(58xx)。 -nolisten tcp 表示不监听TCP端口(60xx) -localhost 只运行从本机访问。 AlwaysShared 默认只允许一个VNCVIEWER连接,此参数表示同一个显示端口允许多用户同时登录. -depth 表示色深,参数有8,16,24,32. SecurityTypes None 登录不需要密码认证VncAuth默认值,要密码认证。
此处设置:
VNCSERVERARGS[2]="-geometry 800x600" 配置了桌面分辨率,其它都没配置
3.设置密码
当前用户设置密码:
#vncpasswd Password XXX Verify: XXXX
4.启动服务
# /etc/init.d/vncserver start 正在启动 VNC 服务器:1:root New 'localhost.localdomain:1 (root)' desktop is localhost.localdomain:1 Starting applications specified in /root/.vnc/xstartup Log file is /root/.vnc/localhost.localdomain:1.log [确定]
5.查看日志
# cat /root/.vnc/localhost.localdomain:1.log Xvnc TigerVNC 1.1.0 - built Oct 30 2014 12:46:27 Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt) See http://www.tigervnc.org for information on TigerVNC. Underlying X server release 11500000, The X.Org Foundation Initializing built-in extension Generic Event Extension Initializing built-in extension SHAPE Initializing built-in extension MIT-SHM Initializing built-in extension XInputExtension Initializing built-in extension XTEST Initializing built-in extension BIG-REQUESTS Initializing built-in extension SYNC Initializing built-in extension XKEYBOARD Initializing built-in extension XC-MISC Initializing built-in extension XFIXES Initializing built-in extension RENDER Initializing built-in extension RANDR Initializing built-in extension DAMAGE Initializing built-in extension MIT-SCREEN-SAVER Initializing built-in extension DOUBLE-BUFFER Initializing built-in extension RECORD Initializing built-in extension DPMS Initializing built-in extension X-Resource Initializing built-in extension XVideo Initializing built-in extension XVideo-MotionCompensation Initializing built-in extension VNC-EXTENSION Initializing built-in extension GLX Tue May 3 17:48:45 2016 vncext: VNC extension running! vncext: Listening for VNC connections on all interface(s), port 5901 vncext: created VNC server for screen 0 GNOME_KEYRING_SOCKET=/tmp/keyring-V3vbTs/socket SSH_AUTH_SOCK=/tmp/keyring-V3vbTs/socket.ssh GNOME_KEYRING_PID=6239 .....
查看端口及进程
# cat /root/.vnc/localhost.localdomain:1.log Xvnc TigerVNC 1.1.0 - built Oct 30 2014 12:46:27 Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt) See http://www.tigervnc.org for information on TigerVNC. Underlying X server release 11500000, The X.Org Foundation Initializing built-in extension Generic Event Extension Initializing built-in extension SHAPE Initializing built-in extension MIT-SHM Initializing built-in extension XInputExtension Initializing built-in extension XTEST Initializing built-in extension BIG-REQUESTS Initializing built-in extension SYNC Initializing built-in extension XKEYBOARD Initializing built-in extension XC-MISC Initializing built-in extension XFIXES Initializing built-in extension RENDER Initializing built-in extension RANDR Initializing built-in extension DAMAGE Initializing built-in extension MIT-SCREEN-SAVER Initializing built-in extension DOUBLE-BUFFER Initializing built-in extension RECORD Initializing built-in extension DPMS Initializing built-in extension X-Resource Initializing built-in extension XVideo Initializing built-in extension XVideo-MotionCompensation Initializing built-in extension VNC-EXTENSION Initializing built-in extension GLX Tue May 3 17:48:45 2016 vncext: VNC extension running! vncext: Listening for VNC connections on all interface(s), port 5901 vncext: created VNC server for screen 0 GNOME_KEYRING_SOCKET=/tmp/keyring-V3vbTs/socket SSH_AUTH_SOCK=/tmp/keyring-V3vbTs/socket.ssh GNOME_KEYRING_PID=6239 ....
# ps -ef | grep vnc root 6157 1 0 17:48 pts/0 00:00:00 /usr/bin/Xvnc :1 -desktop localhost.localdomain:1 (root) -auth /root/.Xauthority -geometry 1024x768 -rfbwait 30000 -rfbauth /root/.vnc/passwd -rfbport 5901 -fp catalogue:/etc/X11/fontpath.d -pn root 6164 6162 0 17:48 pts/0 00:00:00 vncconfig -iconic
防火墙设置开放
iptables -I INPUT -p tcp --dport 5901 -j ACCEPT /etc/init.d/iptable save
访问:
此处是vncpaswd 设置的密码
问题:vnc配置完成连不上,查看防火墙和进程都ok,测试连接的时候,死活连接不上,别人给的服务器,ssh远程端口是3344
# ss -ntpl | grep ssh LISTEN 0 128 :::22 :::* users:(("sshd",2585,4)) LISTEN 0 128 *:22 *:* users:(("sshd",2585,3))
进程的端口是22
telnet X.X.X.X 3344 是ok的,那就是做了端口映射,咨询过去,果然是,哎,这种问题不知道要浪费多少时间了,最后对vnc也做端口映射ok。