Softpanorama (slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-) Softpanorama Search

VNC Articles

News

VNCViewer for PocketPC

eTrust Spyware Encyclopedia - VNC -- vnc can be installed as a Trojan

Top Articles

•  VNC on Solaris 10: Installing and configuring VNC from the software companion CD by Alex Smart. 

  This is a very useful article as the author explains not only what he did but also how he did the tuning. Still you need to be very careful with some of the recommendations and do not use supplied ksh script without modifications. At least comment out all procedures after package installation. This is pretty old article and it can get you into troubles with the latest Solaris 10.  Also Xserver files that the author supplees does not work well with the Solaris 10 07/05. Patch for Java desktop (don't know for sue, I prefer CEDE)  now might be redundant too.

   

• Virtual Network Computing (VNC) Utility a useful article by Ray Ballisti, June 2000 (Last rev. 20th November 2003)

  1. Short description and name of binaries
  2. Usage: how to start, how to use it
  3. Making the connection secure with SSH
  4. Official Documentation on local server

  ... ... ...

  Let try to use VNC between two SUN machines (this do not make much sense but is good as a test):

  Machine AA is the display server, i.e. your local one.
  Machine BB is the application server, i.e. the remote one.

  Please note: do NOT use ssh at this stage because VNC will not work then.

  AA% rlogin BB
  BB% top <== check that there is enough memory and CPU power
  BB% vncserver :1

  Comment:
  The ":1" here means DISPLAY no. 1.
  Please do NOT use display nr. 0 as this is already your present (telnet or rlogin) session.
  In some special cases (for instance if you are running more then one vnc server) there is a conflict with the display numbering: just enter an higher number.
  Check your ~/.vnc/server_name:1.log file to see if everything is OK
  For instance this is a possible log file's name:
  ~/.vnc/sirrah.ee.ethz.ch:71.log for machine 'sirrah' and DISPLAY ':71'
  The content of this file looks like this:

  24/11/03 15:05:04 Xvnc version 3.3.3r1
  24/11/03 15:05:04 Copyright (C) AT&T Laboratories Cambridge.
  24/11/03 15:05:04 All Rights Reserved.
  24/11/03 15:05:04 See http://www.uk.research.att.com/vnc for information on VNC
  24/11/03 15:05:04 Desktop name 'X' (sirrah.ee.ethz.ch:71)
  24/11/03 15:05:04 Protocol version supported 3.3
  24/11/03 15:05:04 Listening for VNC connections on TCP port 5971
  24/11/03 15:05:04 Listening for HTTP connections on TCP port 5871
  24/11/03 15:05:04   URL http://sirrah.ee.ethz.ch:5871
  

  If this is the first time that you are using vncserver then you will be asked to enter (define) a password.

  You may want to check if the server is really running. Do it with the command:

  ps -ef | grep Xvnc | grep -v grep

  you should see something like this:
  BB% ps -ef | grep Xvnc | grep -v grep
  your_name 335 1 0 18:53:41 pts/4 0:01 Xvnc :1 -desktop X -httpd /usr/pack/vnc-3.3.3r1-rb/vnc_sun4_sosV_5.5/classes -a

  in the case above we are using the display BB:1.0 (more about it later)
  To kill the server program LATER on (but do NOT forget it), execute:
  BB% vncserver -kill :1

  you can now exit the application server leaving the VNC-server program running

  BB% exit

  Back on your local machine (here AA) starts the Viewer having the name of the server and the DISPLAY number as parameter:

  AA % vncviewer BB:1
  VNC server supports protocol version 3.3 (viewer 3.3)
  Password:
  VNC authentication succeeded
  Desktop name "your_name's X desktop (BB:1)"
  Connected to VNC server, using protocol version 3.3
  VNC server default format:
  8 bits per pixel.
  True color: max red 7 green 7 blue 3, shift red 0 green 3 blue 6
  Using default color map and translating from BGR233. Pixel format:
  8 bits per pixel.
  True color: max red 7 green 7 blue 3, shift red 0 green 3 blue 6
  Got 8 exact BGR233 colors out of 256
  Using 77 existing shared colors
   

  On your screen you will see a big window which represent a desktop similar to the one that you would have if you would have logged on the application server's console.
  In this big windows one xterm is already open and there you can start all the utilities you wish on the server.

• x11vnc a VNC server for real X displays

VNC (Virtual Network Computing) is a very useful network graphics protocol (applications running on one computer but displaying their windows on another) in the spirit of X, however, unlike X, the viewing-end is very simple and maintains no state. It is a remote framebuffer (RFB) protocol

Some VNC links:

• http://www.uk.research.att.com/vnc/
• http://www.realvnc.com
• http://www.tightvnc.com

For Unix, the VNC implementation includes a virtual X11 server Xvnc (usually launched via the vncserver command) that is not associated with a physical display, but provides a "fake" one X11 clients (xterm, mozilla, etc.) can attach to. A remote user then connects to Xvnc via the VNC client vncviewer from anywhere on the network to view and interact with the whole virtual X11 desktop.

The VNC protocol is in most cases better suited for remote connections with low bandwidth and high latency than is the X11 protocol (the exception is cached pixmap data on the viewing-end). Also, with no state maintained the viewing-end can crash, be rebooted, or relocated and the applications and desktop continue running. Not so with X11.

So the standard Xvnc/vncserver program is very useful, I use it for things like:

• Desktop conferencing with other users (e.g. codereviews).
• Long running apps/tasks I want to be able to view from many places.
• Motif, GNOME, and similar applications that would yield very poor performance over a high latency link.

However, sometimes one wants to connect to a real X11 display (i.e. one attached to a physical monitor, keyboard, and mouse: a Workstation or a SunRay session) from far away. Maybe you want to close down an application cleanly rather than using kill, or want to work a bit in an already running application, or would like to help a distant colleague solve a problem with their desktop. This is where x11vnc is useful.

• VNC over SSH2 - A TightVNC Tutorial Van Emery - June, 2003
  
  If you have ever needed to access a GUI desktop on a remote machine, you will appreciate TightVNC.  It is cross-platform, Open Source, works well, and is free.  When coupled with SSH, it is also very secure.  It solves some of the same problems as X over SSH, but uses less bandwidth to do it.  System administrators and power users alike will appreciate TightVNC, as it will add another flexible tool to their repertoire.  
  
  This tutorial is not about using VNC through a web browser, or via the traditional unencrypted methods.  This tutorial focuses on the following:
  
  -  Linux/Unix to Linux/Unix secure connections, especially over low-bandwidth WAN links
  -  Win32 to Linux secure connections
  
  We will also take a look at bandwidth utilization and quality compared to X over SSH, and security considerations.  When complete, you should be able to use TightVNC over SSH2 to assist you in your daily work.
  
  TightVNC and VNC both have excellent documentation on their respective webpages, and I urge you to take a look for yourself if you want more information on how to use VNC for other tasks.  Also, the man pages that come with the TightVNC packages are well-written and thorough.
   

• Setting up TightVNC and SSH on a Windows NT machine Note: I have switched to TightVNC, an enhanced version of VNC. The old page about setting up WinVNC and SSH is here.

  With TightVNC and Cygwin ported packages, we can log onto a Windows box and even run Windows GUI programs remotely. TightVNC is based on WinVNC. VNC stands for Virtual Network Computing. It allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. WinVNC is a VNC server that allows you to view your Windows desktop from any VNC viewer. WinVNC makes the existing desktop of the PC available remotely, rather than creating a separate desktop as happens with the Unix server. TightVNC offers good enhancement such as better compression ratio and easier configuration.

  Although TightVNC does not send your VNC password directly on the network, it sends all other information unencrypted. Therefore, your key strokes sending from the client may be eavesdropped on the net, which raises serious security concerns. To make TightVNC secure, we need the TCP forwarding support from SSH (Secure Shell). SSH will also give us an interactive shell so that if we only want to run some console-based programs, we do not need VNC. SSH console uses much less network bandwidth than VNC because no graphics information is tranferred. In addition, SSH provides the file tranfer support through simple scp or the more sophisticated sftp utilities. OpenSSH is the most popular free (and open source) implementation of the SSH protocol suite of network connectivity tools for Unix like platforms. Through Cygwin, a UNIX emulation layer providing substantial UNIX API functionality, OpenSSH has been ported to Windows platforms.

  I have a Windows NT machine in the lab with high speed Internet connection and a Windows 2000 machine at my home that can only dial up to the Internet. Here's how I set up the two computers so that I can run programs remotely on my lab computer from my home. The Windows NT machine in the lab acts as the server, the machine at home as the client. I am a member of the Administrators group on the lab machine. The following procedures are based on my experience.

  Setting up Cygwin OpenSSH on the server

  NOTE: The procedures here are mainly for using the machine as a personal computer. If you want to allow other users to log on, there are more security concerns. Please consult the "SSHD Setup" webpage on Mike's Technical Website.
  1. Download the setup.exe program from Cygwin website and run it. This stub program will guide you through the installation process and download each package. Please select the following packages as well as all your other favorite utilities.
     • cygrunsrv: NT/W2K service initiator
     • shutdown: Shutdown, reboot, hibernate or suspend the machine. (This is optional, but I installed it so that I can reboot the machine remotely if all other means fail.)
     • openssh: The OpenSSH server and client programs
     The setup program will also select the packages thoses packages depend upon and some other basic packages, so don't de-select any package even if the package name does not sound familiar to you.
  2. When you first install Cygwin, the package "base-passwd" has generated the two files, /etc/passwd and /etc/group, for you. If you change Windows NT user accounts later, you need to re-generate the two files.
     mkpasswd -l >/etc/passwd
     mkgroup -l >/etc/group
      
  3. Open Control Panel | System. Add a system envioronment variable CYGWIN with the value "ntsec binmode".
  4. Now start bash and run /bin/ssh-host-config in bash prompt. This script will set up the sshd server for you. It is a shell script, you can take a look at the source code if you are curious. Briefly, it automatically does the following:
     • Create /var/log/lastlog
     • Create /var/empty (for previlege separation)
     • Process your old installtion
     • Generate host keys (public and private keys for your server)
     • Create /etc/ssh_config (system-wide ssh client configuration file)
     • Create /etc/sshd_config (configuration file for sshd server)
     • Modify service file (eg. c:\winnt\system32\drivers\etc\services) to add entries for sshd
     • Add sshd to inetd.conf file.
     • Configure privilege separation, if you want. (I have no experience using it)
     • Install sshd as an NT service
     If you are interested in doing the above manually, take a look at the old doc. It has the bare minimum instructions needed to get your sshd running.
  5. OPTIONAL: The script installs the sshd service in the Local System account. This account has more privilege than Administrators by default. Sometimes you (an Administrator) may want to run sshd from command line to see the debug information. You will need more privileges for this.
     Start the Windows NT User Manager. Select menu Policy | User Rights, check "Show advanced user rights" box, and grant the following rights to Administrators:
     • Act as part of the operating system
     • Replace process level token
     • Increase quotas
  6. OPTIONAL: If you want to control client access based on clients' IP addresses or domain names, you can create /etc/hosts.allow and /etc/hosts.deny. This capability is based on tcp_wrappers library but you don't need tcp_wrappers package to use the capability. You can still install tcp_wrappers so that you will have the documentation. Consult hosts_access(5) and hosts_options(5) manpages for the format of the two configuration files. Also take a look at /usr/doc/tcp_wrappers-<version>/README.
  7. Start sshd service:
     cygrunsrv --start sshd
     or
     net start sshd

  Setting up TightVNC on the server

  1. Download and install TightVNC from TightVNC website.
  2. From the TightVNC start menu, run Administration | Install Default Registy Settings and Administration | Install VNC Service
  3. Run Administration | Show Default Settings. First, set the password. Then click Advanced button to bring up the Advanced Properties window. Check "Allow loopback connection". If you allow clients to access the server only through SSH port forwarding, also check "Allow ONLY loopback".
  4. Start TightVNC service: net start winvnc.

  Setting up the client

  1. Putty is my favorite SSH client. Download the latest putty and pscp program from putty website. Version 0.52 and above supports TCP forwarding.
  2. I assume you can setup the putty client. Here is only the information about configuring Putty for TCP forwarding: In the configuration window, select Connection | SSH | Tunnels. Put 5900 (the port number the VNC server is listening at) in Source port. Decide which VNC display number (port) you want to use on the client machine. If you want to use display 0 ( port 5900), put localhost:5900 in Destination. If this port is used by another application such as a VNC server on the client machine, you can use other display number. Just remember to change the above port number to (display number + 5900). Make sure the Local radio button is selected and click Add button. Connect the putty session to the server and you will get an interactive bash shell.
  3. Run vncviewer. You can choose either the Best Compression mode or the Fast Compression mode. Set VNC Server as localhost:0 (or the display number you used in the last step) and click OK. After inputing the password you will see the desktop of the server.

  Etc

• Tightvnc, Chicken of the VNC
   

• TightVNC
   

• [PDF] VNC Neighborhood Help  -- scanning for VNC enabled servers.
   

• How to setup ssh to tunnel VNC traffic throught the Internet
   

• TightVNC Remote X the secure, fast & easy way (LinuxWorld) This is a typical Joe Barr blah-blah-blah all over the place :-)

   (LinuxWorld) — My dear friend Susan is happily running Red Hat 8.0 on my Sony Vaio laptop in her new home while she waits for me to build her a real desktop machine. I set up an account for myself on the laptop so that when I visit her I can get online and check my e-mail. We both connect to the Internet using Time-Warner's Road Runner cable service.

  Sometimes I forget to shut down Evolution on my own desktop before I leave home. As a result, every ten minutes it retrieves my e-mail and deletes it from the various servers where I have an account. Then, when I check it from Susan's house, there's nothing there. I needed a better solution. Discussing the problem on the #linuxhelp channel on the irc.freenode.net network, I was told that VNC (Virtual Network Computing) might be the answer. More specifically, I was told to give TightVNC a try.

  The original VNC was created at the Olivetti and Oracle Research Labs in Cambridge, England. The software allowed a desktop on one computer to be used by others, usually providing Windows-users with access to applications running on Unix machines — a panacea for those cross-platform blues. VNC became so popular that Olivetti released it as free software licensed under the GPL. When ATT acquired Olivetti in 1999, the name of the labs was changed to the ATT Laboratories at Cambridge.

  Constantin Kaplinski, a Russian teaching assistant at Tomsk Polytechnic Institute in Russia, and his team of TightVNC developers have enhanced the original VNC in a number of ways to make it faster, more flexible, and more secure. There are full versions of TightVNC for both Windows and Unix. If you're using a Mac, you can try the Java version, but only the viewer (client) is available in Java. TightVNC is licensed under the GPL, and the source code is available for download from the Web site.

  I was a little hesitant to try TightVNC — not just because I had never used VNC, but also because I was pretty sure that the installation and configuration was going to be a real chore. Not to worry; that definitely is not the case. If you're running Red Hat 7.x or later, there are RPMS available to make installation a breeze. All in all, TightVNC was as easy to configure and use as it was to install, even when I opted for extra privacy by using a secure tunnel between Susan's machine and mine. Here's how I did it.