Softpanorama
May the source be with you, but remember the KISS principle ;-)

Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

VNC -- The Essential Sysadmin Tool

News Recommended Links Recommended Articles Solaris main page Xwindows X11VNC on Solaris
Rc scripts VNC installation & configuration VNC on Solaris VNC on Linux VNC for Windows Etc

VNC stands for Virtual Network Computing. This great tool was developed at AT&T Laboratories in Cambridge, England. This tool should be in every sysadmins arsenal.

VNC is a  network graphics protocol (applications running on one computer but displaying their windows on another) in the spirit of X, however, unlike X, the viewing-end is very simple and maintains no state.

It is a remote framebuffer (RFB) protocol. Some VNC links:

For Unix, the traditional VNC implementation includes a "virtual" X11 server Xvnc (usually launched via the vncserver command) that is not associated with a physical display, but provides a "fake" one X11 clients (xterm, mozilla, etc.) can attach to. A remote user then connects to Xvnc via the VNC client vncviewer from anywhere on the network to view and interact with the whole virtual X11 desktop.

The VNC protocol is in most cases better suited for remote connections with low bandwidth and high latency than is the X11 protocol because it involves far fewer "roundtrips" (an exception is the cached pixmap data on the viewing-end provided by X). Also, with no state maintained the viewing-end can crash, be rebooted, or relocated and the applications and desktop continue running. Not so with X11.

So the standard Xvnc/vncserver program is very useful for things like:

However, sometimes one wants to connect to a real X11 display (i.e. one attached to a physical monitor, keyboard, and mouse: a Workstation or a SunRay session) from far away. Maybe you want to close down an application cleanly rather than using kill, or want to work a bit in an already running application, or would like to help a distant colleague solve a problem with their desktop, or would just like to work out on the deck for a while. This is where x11vnc is useful.

VNC is perfect for those who use Windows desktop to manage Unix servers. It not only allows you to view other Unix desktop from PC and other architectures that do not have X it also have several additional benefits.  One of the most important is that it preserves state of the session.  So if you left your office and reconnect from home the session will be at the state you left it up to the last cursor position. That saves a lot of time if you administer multiple servers.

Being able to access a userís desktop remotely is also very important for network administrators, as they donít have to run around all over the place doing troubleshooting. There are various commercial packages that have been providing this capability for a long time (pcAnywhere was available for DOS, Hummingbird is 10 years old, etc).  Win XP Professional has Remote Desktop Connection and Remote Assistance that allows you to access the machine remotely, whether over a LAN or even the Internet.  And this is a high quality free product that works for Unix.

It is, in essence, a remote display system which allows you to view a whole computing 'desktop' environment.

VNC is very similar to Windows Terminal Services. There are, however, some key differences, such as:

Although VNC is great, it does not make an efficient use of bandwidth. It seems Windows XP Remote Desktop makes significantly better job in comparison. Also, when the VNC server is running on Linux/Unix, I cannot see the current desktop (on the console) remotely.  There is a special version of VNC called TightVNC which helps to overcome this problem. Some Linux distributions like Fedora are working on integrating VNC as a core technology. There is also NX, the version of VNC that is leaner and meaner then VNC. NX gives you a free (as in speech and beer) "CITRIX-style"  solution. You can download Knoppix 3.6 and give FreeNX a try.

VNC offers a server for Windows as well and it works reasonably well. The best windows implementation is  TightVNC VNC-Based Free Remote Control Solution (native port is much weaker).  You need to use TightVNC client too (actually this is a better client for any VNC version, not only for TightVNC).

VNC ports to Windows have an important limitation: when the VNC server is running on Windows, multiple people cannot have remote independent sessions.

For Solaris vnc package is provided on Software Companion CD and X11vnc prcompiled package from http://sunfreeware.com

The VNC is launched using   vncserver  Perl script.  The script vncserver  is a wrapper for Xvnc.

   vncserver

The example of modified 'vncserver' is shown below.

. . .
. . .
$defaultXStartup
    = ("#!/bin/sh\n\n".
       "xrdb \$HOME/.Xresources\n".
       "xsetroot -solid grey\n".
       "xterm -geometry 80x24+10+10 -ls -title \"\$VNCDESKTOP Desktop\" &\n".
       "startkde &\n");

chop($host = `uname -n`);

. . .

The first time you run vncserver, it will prompt you for a password (it launches vncpasswd), then it terminates without creating your desktop. To create your desktop, you have to run vncserver again. The password file and startup scripts are stored in your ~/.vnc directory. You have several choices of desktop environments and can either make an envelope scripts or to modify vncpasswd to launch CDE,  Gnome or KDE. You can create  several scripts, one for each desktop that you are using: 

vnccde :n  -  CDE on display number 'n'
vnckde :n  - KDE on display number 'n'

Leaving off the ":n" gives you the lowest available number. To connect to your desktop and use it, you'll need a VNC viewer program on your client machine.

vncserver is a perl script that you can (and probably should) customize

You can start a vncserver from RC scripts or manually by logging on to the system you want to administer remotely and launching it with the command:

    # vncserver hostname:session_number

With VNC, you can run multiple sessions and connect to different servers. By default, the session numbers start at 1 and go up from there, but you can specify session 3 (for instance) right from the start by typing vncserver hostname:3. This highlights another benefit of VNC. Until you kill a VNC session, it retains its current state.

That means you can disconnect from a session, reconnect later, and return right where you left off. In fact, you can even share a session so multiple users can access it.

When you start the vncserver for the first time, you will be prompted for a password to access the server. You can always change it later using the vncpasswd command. Once the server is activated, you can connect to it using the vncviewer command. The format is as follows:

   # vncviewer host:session_number

To exit the viewer (or send specific key sequences), use the F8  key. Then click on "Quit Viewer" to close the session. You can also start a shared session so that others may use the same X Window session with this version of the command:

   # vncviewer -shared host:session_number

When you start the vncserver, it creates a .vnc  directory under your home directory (/root/.vnc). Several files are kept here. You'll find a log file associated with each server you run and a .pid  file to allow for removal of the server. By the way (since I mentioned it earlier), you kill a vncserver process like this:

   # vncserver -kill :1

Remember that the :1  could be a :2  or :3, depending on the session you are trying to kill. That said, the other file I want you to look at is this one: -- xstartup. If you do a cat on the file, you get something that looks like this:

   #!/bin/sh
 
   xrdb $HOME/.Xresources
   xsetroot -solid grey
   xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
   # twm &
   startkde &

Notice the second-to-last line is commented out, and a "startkde" line is added below. This is because VNC uses twm (the Tab Window Manager) as its default desktop.  If you prefer another window manager, add the startup here.


Top updates

Bulletin Latest Past week Past month
Google Search


NEWS CONTENTS

Old News ;-)

TightVNC 2.7 Features

Single Application Sharing Mode

Now there is no need to share the whole desktop if you need to remotely control only one application. For that, run a server via the command line, specify -shareapp CLI option and pass a process ID as its argument. In the Viewer window, only the application window will be shown (if any, non-used space in the Viewer viewport is filled with black).

Check more details in the documentation: TightVNC for Windows: Server Command-Line Options (PDF)

Performance Optimization for Windows 8

Now servers run on Windows 8 are ultra fast and there are no desktop update lags when the Viewer connects to it. This was made possible due to added support for the Desktop Duplication API.

Password Protection for Server-Side Changes

Now access to remote server settings can be additionally secured with a new Administration -> Ask password for each operation option. If checked, an Administrative password is required to open settings and alter them (rather than asking for it only once, on the server start-up). Securing each operation makes it impossible to reconfigure the server during a session without appropriate rights for that.

If necessary, a corresponding option is available in the MSI TightVNC installer (SET_REPEATCONTROLAUTHENTICATION). Read more in the documentation: TightVNC for Windows: Installing from MSI Packages (PDF).

ZRLE and RRE Encoding Support

The list of supported encoding types is extended with ZRLE and RRE compression. Now TightVNC Server is fully compliant to the latest RFB protocol specification.

Read more

Features of Version 2.7.10

Bugfixes, improved file transfer UI, extended key combination support in the full-screen mode and more.

 

[Nov 12, 2014] Download TightVNC Java Viewer (Version 2.7.2)

TightVNC Java Viewer works on any system where Java is supported. It requires Java SE version 1.6 or later.

TightVNC Java Viewer JAR in a ZIP archive (720,395 bytes)

[Nov 12, 2014]  Announcing Remote Ripple 2.0

March 19, 2014 | http://tightvnc.com

Remote Ripple is our VNC-compatible remote desktop client for Android. Version 2.0 is a complete redesign of the application. Install Remote Ripple now!

Vino. The Remote Desktop Project

RFB[1] (Remote FrameBuffer) is the protocol used by VNC. The emphasis in the design of the protocol was to make very few requirements of the client. The client has no need to maintain explicit state and clients are able to disconnect and re-connect to the server while preserving the state of the user interface.

The dislay part of the protocol is based around a single simple graphics primitive "put a rectangle of pixel data at a given position". Each rectangle may be encoded in any one of a number of encodings allowing for compression or usage of parts of the client's existing copy of the framebuffer. Updates are requested by the client rather than pushed out by the server allowing the protcol to adapt to slower networks and/or clients - i.e. with a slow network or client the rate of updates are greatly reduced and the client ignores the transient state of the framebuffer.

The protocol is quite extensible. Extra encodings can be advertised by the server and used if the client supports the encoding. Use of encodings are not only limited to how frame buffer updates are encoded on the wire, but also extra psuedo-encodings may be added which can do anything from inform the client of a change in cursor shape, a change in the size of the screen or even things like extra in-band communication between the server and client.

There seems to be many different implementations of VNC available. Available RFB server implementations include:

I won't list the VNC client's available, there seem to be many, but suffice to say there are X11, Windows and OS X clients available along with, interestingly, several implementations of a Java client which can be run embedded in the browser as an applet.

Tim Waugh has written a nice article[6] on VNC and the many projects around the technology.

In summary, the RFB protocol has a number of advantages:

  1. Simple and open protocol.
  2. Rate-limited by the client, pretty low bandwidth/latency requirements.
  3. Extensible.
  4. Several open source implementations available.
  5. Many existing clients available for different platforms.

[Jun 4, 2007] VNC and Similar

undated,linuxmafia.com

VNC implementations (also known as "RFB" = Remote Frame Buffer)

You'll find a number of resources about VNC over SSH in my ssh-clients
file, http://linuxmafia.com/ssh/.

Also worth looking into:

Citrix Metaframe: This is the old-established proprietary remote-Win32-access technology (implementing ICA = Independent Computing Architecture remote imaging), whose predecessor Citrix Winframe was licensed by Microsoft Corporation and rebranded as Microsoft Terminal Server. (Microsoft also rebranded ICA as Microsoft Remote Desktop Protocol = RDP.)
http://www.citrix.com/

For completeness:
Sun Secure Global Desktop: This is a proprietary remote-Win32-access technology formerly called Tarantella, until Sun Microsystems bought Tarantella, Inc., formerly Santa Cruz Operation (dubbed "old SCO" to distinguish it from the Utah company formerly named Caldera Systems that renamed itself The SCO Group). Santa Cruz Operation in turn had developed Tarantella from code acquired when it bought IXI Limited of Cambridge, UK and Visionware Limited of Leeds, UK, in 1993 and 1994, respectively.
http://www.sun.com/software/products/sgd

[Apr 5, 2007] freshmeat.net Project Reviews - vnc2swf

by jeff covey, in Project Reviews - Sat, Feb 5th 2005 00:00 PDT

Screenshots have always been invaluable tools for graphical user interfaces. They let programmers flaunt their wares to prospective users; even with console tools, I usually zoom right in on a screenshot link to get my first impression of a program. They let the desktop-inclined show off their backgrounds and theme authors show why you must have their work. And when things go wrong, a screenshot can often save a thousand words of bug reporting. vnc2swf puts all these benefits in motion.

vnc2swf is a Virtual Network Computing client which can record a VNC session and save it as a Shockwave Flash file.

[Mar 24, 2007] freshmeat.net Project details for Enhanced TightVNC Viewer

Enhanced TightVNC Viewer 1.0.14 released
The Enhanced TightVNC Viewer package is part of the x11vnc VNC server project. It provides a native VNC viewer that takes advantage of new features in x11vnc, e.g. cursor alpha blending and automatic SSL tunnelling. Some features apply to any VNC server, e.g. automatic SSH tunnelling. Another goal is to provide a package that conveniently bundles everything needed for the user to have the enhanced viewer running quickly. This includes pre-built binaries of the viewer and utility programs for Windows and many Unix variants, and a GUI to configure and launch the viewer. The short name for this project is "ssvnc", for SSL/SSH VNC viewer.

Release focus: Minor bugfixes

Changes:
Using port numbers lower than VNC's default port (5900) now works on Windows (for example, myhost.com:443).

Author:
Karl Runge [contact developer]

LinuxPlanet - Tutorials - Using VNC Tunneling over SSH - Temporary Access

While working on a project to create tutorials, I needed a way to watch how a user stepped through the process of using an application without being on-site.

VNC turned out to be a viable solution. I could remotely connect and view all the steps, while conversing about the process over the phone.

The trouble was there were firewalls at both ends. It would have been easy to just open the port normally used for VNC connectivity (5900) in the firewall, but it's definitely not secure.

Using VNC while tunneling over SSH was a quick and more secure way to accomplish the process/application watching goal.

Several steps are required to make it work.

Ideally, all inbound ports are closed on an Internet facing firewall. That will go a long way to keeping out the bad guys. Of course, any other remote access is then limited as well.

Opening up port 22 on the distant IPCop firewall works well for the purpose of tutorial generation and is easily accomplished using the IPCop Web-based GUI. A similar process is used if the user machine is behind a dedicated firewall appliance. The idea is to port forward the SSH traffic from the Internet to the VNC-equipped user desktop machine.

Port 22 on the user's Linux desktop also needs to be available for logging in via SSH. When the session is finished, the firewall's SSH port can then again be closed to inbound traffic.

Specialized remote access techniques should be considered, like port-knocking or using hardened firewall devices when a more permanent or bulletproof connection is needed.

"Sharing computers on a Linux (or heterogeneous) network, Part 1" (developerWorks, December 2001)

compares ssh to VNC. "Sharing computers on a Linux (or heterogeneous) network, Part 2" (developerWorks, March 2002) covers VNC in more detail and also discusses remote X and security.

Logging into NT service from Linux VNC client 

TightVNC client has an option sending this key sequence to Windows (left-click mouse of the client and see "send Ctrl-Alt-Del" option.

Q. How can I send an ALT-CTRL-DEL from a Linux XFree VNC client to an NT server (running VNC as a service) to login? It seems that the Alt-Ctrl-Del to gobbled up by Xfree (or maybe something else?) and not sent to the server. My SunOS client sends the Alt-Ctrl-Del fine. There is no pull-down item to sent it like on a Win95 client.

TIA...

I would suggest that this be added to the FAQ.

TightVNC Remote X the secure, fast & easy way (LinuxWorld)

John Wilson tug "at" wilson.co.uk
Tue, 22 Jun 1999 17:08:56 +0000

My VncMonitor program will allow you to connect to a remote system without
the need to type in details (it gets the information from a configuration
file). My VncProxy program allows the number of connections to a proxied VNC
server to be restricted to any number.

They are both Java programs so should run on your machines.

http://www.wilson.co.uk/Software/vnc/VncMonitor.htm
http://www.wilson.co.uk/Software/vnc/proxy/VncProxy.htm

I'm about to release new versions in the next day or so.

John Wilson
The Wilson Partnership
5 Market Hill, Whitchurch, Aylesbury, Bucks HP22 4JB, UK
+44 1296 641072, +44 976 611010(mobile), +44 1296 641874(fax)
Mailto: tug "at" wilson.co.uk

----- Original Message -----
From: Pavel Satny <pavel.satny "at" alcatel.cz>
To: <vnc-list "at" uk.research.att.com>
Cc: <aarnout.wieers "at" alcatel.cz>
Sent: 22 June 1999 15:19
Subject: VNC Configuration


> Dear all,
>
> can somebody help me with configuring VNC? I have an idea to instal it as
> "semi-videoconferencing tool", where two persons can discuss by phone
about
> what they are showing themselves on shared screen.
> What are possibilities to make it very easy startable, without typing
> comands with (for ordinary users) nonunderstandable options.
>

---------------------------------------------------------------------
The VNC mailing list - see http://www.uk.research.att.com/vnc/intouch.html

Recommended Links

Softpanorama Top Visited

Softpanorama Recommended

Clones/Forks

TightVNC: Manual Page for Xvnc(1) Const Kaplinsky const@ce.cctpu.edu.ru has developed TightVNC, a version of VNC providing better compression for use with slow links than the standard VNC 3.3.3 release. Although it includes a number of extensions to the standard VNC distribution, TightVNC remains compatible with existing versions. The TightVNC homepage is at http://www.tightvnc.com/

TightVNC is fully compatible with the standard RFB protocol used in VNC, so you can use TightVNC viewer with the standard VNC server and vice versa. But note that protocol enhancements implemented in TightVNC will work only if these enhancements are supported on both sides of the connection.

TightVNC Features

Here is a brief list of TightVNC features absent in the standard VNC.

... please look at the Xvnc -help output and read the Xserver(1) manual page for ... rfbwait
time Maximum time, in milliseconds, to wait for an RFB client (VNC viewer ...
www.tightvnc.com/Xvnc.1.html - 14k - Cached - Similar pages

TightVNC: Manual Page for vncviewer(1)
vncviewer(1) Manual Page. [DONATE], Get a better TightVNC: make a donation
($10 is ok)! ... NAME. vncviewer - an X viewer client for VNC SYNOPSIS. ...
www.tightvnc.com/vncviewer.1.html - 24k - Cached - Similar pages
[ More results from www.tightvnc.com ]

x0rfbserver - accessing a standard X server with VNC

Jens Wagner has written some VNC-related tools, amongst which is a program called x0rfbserver. This is a VNC server which serves a standard X server desktop thus behaving more like WinVNC and MacVNC than does Xvnc. It is available in the rfb-n.n.n.tar.gz package from http://www.hexonet.de/software.en/

 http://ultravnc.sourceforge.net Want to remote control your computer?  If you have Windows XP Professional, you can use Remote Desktop.  If you don't use Windows XP Professional, you can still get remote control using UltraVNC.  UltraVNC is an excellent fast & free remote control, and file transfer program.

Harakan - Software - PalmVNC
... Ultra-thin client uses less than 40Kb of Palm memory. VNC servers available
for a wide variety of platforms. ... Please download the binaries and manual. ...
Description: Remote access and collaboration client for Palm Platform. A Virtual Network Computing client for the palm.
Category: Computers > Software > ... > Thin Clients > Virtual Network Computing
www.btinternet.com/~harakan/PalmVNC/ - 5k - Cached - Similar pages

PalmVNC v1.40 User's Guide
... Features and Compatibility. Ultra-thin client uses less than 40Kb of
Palm memory. VNC servers available for a wide variety of platforms. ...
www.btinternet.com/~harakan/PalmVNC/Manual/manual.htm - 13k - Cached - Similar pages

[PDF]Using VNC (3
File Format: PDF/Adobe Acrobat - View as HTML
... Tower, 545-2836 C:\My Documents\Word\documentation\vnc\VNCVIEWER_web.doc 06/30/2003
5 Troubleshooting Note: For troubleshooting involving VNC Server, you must ... 
www.math.umass.edu/~scc/software/ handouts/VNCVIEWER.pdf - Similar pages

x11vnc a VNC server for real X displays

x11vnc: a VNC server for real X displays    (to FAQ)    (to downloads)    (to building)

x11vnc allows one to remotely view and interact with real X displays (i.e. a display corresponding to a physical monitor, keyboard, and mouse) with any VNC viewer. In this way it plays the role for Unix/X11 that WinVNC plays for Windows.

I wrote x11vnc because x0rfbserver was basically impossible to build on Solaris and had poor performance. The primary x0rfbserver build problems centered around esoteric C++ toolkits. x11vnc is written in plain C and uses only standard libraries. I also added a few enhancements to improve the interactive response, add esoteric features, etc. The FAQ contains a lot of information and solutions to problems, but please feel free to contact me if you have problems or questions.

Background:

VNC (Virtual Network Computing) is a very useful network graphics protocol in the spirit of X, however, unlike X, the viewing-end is very simple and maintains no state. It is a remote framebuffer (RFB) protocol

 

Some VNC links:

 

For Unix, the VNC implementation includes a virtual X11 server Xvnc (usually launched via the vncserver command) that is not associated with a real display, but provides a "fake" one X11 clients (xterm, mozilla, etc.) can attach to. A remote user then connects to Xvnc via the VNC client vncviewer from anywhere on the network to view and interact with the whole virtual X11 desktop.

The VNC protocol is in most cases better suited for remote connections with low bandwidth and high latency than is the X11 protocol. Also, with no state maintained the viewing-end can crash, be rebooted, or relocated and the applications and desktop continue running. Not so with X11.

So the standard Xvnc program is very useful, I use it for things like:

 

However, sometimes one wants to connect to a real X11 display (i.e. one attached to a physical monitor, keyboard, and mouse: a Workstation or a SunRay session) from far away. Maybe you want to close down an application cleanly rather than using kill, or want to work a bit in an already running application, or would like to help a distant colleague solve a problem with their desktop. This is where x11vnc is useful.


How to use x11vnc:

In this example let's assume the remote machine with the X display you wish to view is "far-away.east:0" and the workstation you are presently working at is "sitting-here.west".

Step 0. Download x11vnc (see below) and have it available to run (e.g. via $PATH) on far-away.east. Similarly, have a VNC viewer (e.g. vncviewer) ready to run on sitting-here.west. We recommend TightVNC Viewers.

Step 1. By some means log in to far-away.east and get a command shell running there. You can use ssh, rlogin, telnet, or any other method to do this. x11vnc needs to be run on the same machine the X server process is running on (because MIT-SHM shared memory is used to poll the X11 framebuffer).

Step 2. In that far-away.east shell (with command prompt "far-away>" in this example) run x11vnc directed at the far-away.east X session display:

 

  far-away> x11vnc -display :0

You could have also set the environment variable DISPLAY=:0 instead of using -display. This step attaches x11vnc to the far-away.east:0 X display (no viewer clients yet).

 

To get X11 permissions right, you may also need to set the XAUTHORITY environment variable (or use the -auth option) to point to the correct MIT-MAGIC-COOKIE file (e.g. /home/joe/.Xauthority). More on this below.

There will then be much chatter printed out from x11vnc, until it finally says something like:

  .
  .
  13/05/2004 14:59:54 Autoprobing selected port 5900
  13/05/2004 14:59:54 screen setup finished.
  13/05/2004 14:59:54 The VNC desktop is far-away:0
  PORT=5900

which means all is OK, and we are ready for the final step.

 

Step 3. At the place where you are sitting (sitting-here.west in this example) you now want to run a VNC viewer program. There are VNC viewers for Unix, Windows, MacOS, Java-enabled web browsers, and even for PDA's like the Palm Pilot! You can use any of them to connect to x11vnc (see the above VNC links under "Background:" on how to obtain a viewer for your platform or this FAQ. For Solaris, vncviewer is available in the Companion CD package SFWvnc ).

In this example we'll use the Unix vncviewer program on sitting-here by typing the following command in a second terminal window:

 

  sitting-here> vncviewer far-away.east:0

That should pop up a viewer window on sitting-here.west showing and allowing interaction with the far-away.east:0  X11 desktop. Pretty nifty! When finished, exit the viewer: the remote x11vnc process will shutdown automatically (or you can use the -forever option to have it wait for additional viewer connections).

 

Desktop Sharing: The above more or less assumed nobody was sitting at the workstation display "far-away.east:0". This is often the case: a user wants to access her workstation remotely. Another usage pattern has the user sitting at "far-away.east:0" and invites one or more other people to view and interact with his desktop. Perhaps the user gives a demo or presentation this way (using the telephone for vocal communication). A "Remote Help Desk" mode would be similar: a technician remotely connects to the user's desktop to interactively solve a problem the user is having.

For these cases it should be obvious how it is done. The above steps will work, but more easily the user sitting at far-away.east:0 simply starts up x11vnc from a terminal window, after which the guests would start their VNC viewers. For this usage mode the -accept popup option discussed in the FAQ below may be of use to allow the user at far-away.east:0 to accept or reject incoming connections.


Tunnelling x11vnc via ssh:

The above example had no security or privacy at all. When logging into remote machines (certainly when going over the internet) it is best to use ssh, or use a VPN. For x11vnc one can tunnel the VNC protocol through the encrypted ssh channel. It would look something like this:

  sitting-here> ssh -L 5900:localhost:5900 far-away.east 'x11vnc -display :0'

(you will likely have to provide passwords/passphrases for the ssh login) and then in another terminal window on sitting-here run the command:

  sitting-here> vncviewer -encodings "copyrect tight zrle hextile" localhost:0

The -encodings option is very important: vncviewer will default to "raw" encoding if it thinks the connection is to the local machine, and so vncviewer gets tricked this way by the ssh redirection. "raw" encoding will be extremely slow over a networked link, so you need to force the issue with -encodings "copyrect tight ...".

 

If the machine you SSH into is not the same machine with the X display you wish to view (e.g. your company provides incoming SSH access to a gateway machine), then you need to change the above to, e.g.: -L 5900:otherhost:5900. Once logged in, you'll need to do a second login (ssh, rsh, etc.) to the workstation machine 'otherhost' and then start up x11vnc on it.

Scripts to automate tunneling: As discussed below, there may be some problems with port 5900 being available. If that happens, the above port and display numbers may change a bit (e.g. -> 5901 and :1). However, if you "know" port 5900 will be free on the local and remote machines, you can easily automate the above two steps by using the x11vnc option -bg (forks into background after connection to the display is set up) or using the -f option of ssh. A simple example script, assuming no problems with port 5900 being taken on the local or remote sides, looks like:

#!/bin/sh
# usage: x11vnc_ssh <host>:<xdisplay>
#  e.g.: x11vnc_ssh snoopy.peanuts.com:0

host=`echo $1 | awk -F: '{print $1}'`
disp=`echo $1 | awk -F: '{print $2}'`
if [ "x$disp" = "x" ]; then disp=0; fi

cmd="x11vnc -display :$disp -localhost -rfbauth .vnc/passwd"
enc="copyrect tight zrle hextile zlib corre rre raw"

ssh -f -L 5900:localhost:5900 $host "$cmd"

for i in 1 2 3
do
        sleep 2
        if vncviewer -encodings "$enc" :0; then break; fi
done

See also rx11vnc.pl below.

 

Another method is to start the VNC viewer in listen mode "vncviewer -listen" and have x11vnc initiate a reverse connection using the -connect option:

#!/bin/sh
# usage: x11vnc_ssh <host>:<xdisplay>
#  e.g.: x11vnc_ssh snoopy.peanuts.com:0

host=`echo $1 | awk -F: '{print $1}'`
disp=`echo $1 | awk -F: '{print $2}'`
if [ "x$disp" = "x" ]; then disp=0; fi

cmd="x11vnc -display :$disp -localhost -connect localhost"   # <-- note new option
enc="copyrect tight zrle hextile zlib corre rre raw"

vncviewer -encodings "$enc" -listen &
pid=$!
ssh -R 5500:localhost:5500 $host "$cmd"
kill $pid

 

A third way is specific to the TightVNC vncviewer special option -via for gateways. The only tricky part is we need to start up x11vnc and give it some time to start listening for connections (so we cannot use the TightVNC default setting for VNC_VIA_CMD):

#!/bin/sh
# usage: x11vnc_ssh <host>:<xdisplay>
#  e.g.: x11vnc_ssh snoopy.peanuts.com:0

host=`echo $1 | awk -F: '{print $1}'`
disp=`echo $1 | awk -F: '{print $2}'`
if [ "x$disp" = "x" ]; then disp=0; fi

VNC_VIA_CMD="ssh -f -L %L:%H:%R %G x11vnc -localhost -rfbport 5900 -display :$disp; sleep 5" 
export VNC_VIA_CMD

vncviewer -via $host localhost:0      # must be TightVNC vncviewer.

Of course if you already have the x11vnc running waiting for connections (or have it started out of inetd(1)), you can simply use the TightVNC vncviewer -via gateway host:port in its default mode to provide secure ssh tunnelling.

 

VNC password file: Also note in the first example script that the option "-rfbauth .vnc/passwd" provides additional protection by requiring a VNC password for every VNC viewer that connects. The vncpasswd or storepasswd programs, or the x11vnc -storepasswd option can be used to create the password file. x11vnc also has the slightly less secure -passwdfile and "-passwd XXXXX" options.

Important: It is up to you to tell x11vnc to use password protection, it will not do it for you automatically. The same goes for encrypting the channel between the viewer and x11vnc: it is up to you to use ssh, stunnel, VPN, etc. Also look into the -allow and -localhost options and building x11vnc with tcp_wrappers support to limit host access.


 

Downloading x11vnc:

x11vnc is a contributed program to the libvncserver project at SourceForge.net. I use libvncserver for all of the VNC aspects; I couldn't have done without it. The full source code may be found and downloaded (either file-release tarball or CVS tree) from the above link. As of Aug 2004, the x11vnc-0.6.2.tar.gz source package is released (recommended download) . The x11vnc package is the subset of the libvncserver package needed to build the x11vnc program. Please do not use the LibVNCServer-0.6 tarball: it contains an older, more buggy version of x11vnc (Oct 2003) that you likely want to avoid. Also, you can get a copy of my latest, bleeding edge x11vnc.c file to replace the one in the above packages or the one in the CVS tree and then rebuild.

See the FAQ below for information about where you might obtain a precompiled x11vnc binary from 3rd parties.

To obtain VNC viewers for the viewing side (Windows, Mac OS, or Unix) try here:

More tools: Here is a rsh/ssh wrapper script rx11vnc that attempts to automatically do the above Steps 1-3 for you (provided you have rsh/ssh login permission on the machine x11vnc is to be run on). The above example would be: rx11vnc far-away.east:0 typed into a shell on sitting-here.west. Also included is an experimental script rx11vnc.pl that attempts to tunnel the vnc traffic through an ssh port redirection (and does not assume port 5900 is free). Have a look at them to see what they do and customize as needed:




Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2014 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting hosting of this site with different providers to distribute and speed up access. Currently there are two functional mirrors: softpanorama.info (the fastest) and softpanorama.net.

Disclaimer:

The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: November 12, 2014