Overview of VNC

VNC, or Virtual Networked Computing, is a way of controlling a remote computer just as

though you are sitting in front of it. In the Windows world it is also known as remote desktop but
it's normally referred to as VNC in the Linux world. All that happens is that you connect using a
VNC client to a remote computer running the VNC server, then an image of the remote desktop
is transmitted to your local computer and you can see and control the desktop just as though you
are there since all keyboard and mouse commands are sent from your client machine to the
server.

Gnome Remote Desktop

If you are running the Gnome desktop on Fedora Core then you already have a VNC server built
in. Click on the Fedora icon > Desktop > Preferences > Remote Desktop to open the dialog
shown.

The screen is pretty self explanatory but basically when set up this way another computer can
connect to your computer using the command listed on the dialog. There are a few important
things to note, you must open port 5900 on the server for this to work since by default the
Gnome Remote Desktop (called vino) listens on this port, also the person connecting will see the
same session that you are currently logged in as. This means that any programs you have open
will also be visible to the client, of course this is very useful if you are helping someone
remotely.
A more flexible way to use VNC is to install the VNC server and client software via yum, these
are rpm's based on RealVNC.

vncserver and vncviewer

Check what's installed

First check if you already have them installed on your system, open a terminal and type:

$ rpm -qa|grep vnc

vnc-server-4.1.1-36
vnc-4.1.1-36

If you get an output something like this then you're all ready, if not you need to install them via
yum.

Add a user(s)

Next we need to add at least 1 VNC user, open the file /etc/sysconfig/vncservers as root and add
the information shown:

$ vi /etc/sysconfig/vncservers

# The VNCSERVERS variable is a list of display:user pairs.

#
# Uncomment the lines below to start a VNC server on display :2
# as my 'myusername' (adjust this to your own). You will also
# need to set a VNC password; run 'man vncpasswd' to see how
# to do that.
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted! For a secure way of using VNC, see
# <URL:http://www.uk.research.att.com/archive/vnc/sshvnc.html>.

# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.

# Use "-nohttpd" to prevent web-based VNC clients connecting.

# Use "-localhost" to prevent remote VNC clients connecting except when

# doing so through a secure tunnel. See the "-via" option in the
# `man vncviewer' manual page.

VNCSERVERS="1:bobpeers"
VNCSERVERARGS[1]="-geometry 1024x768 -depth 16"

The important part is the VNCSERVERS="1:bobpeers", this sets up a users for the vnc server,
you can add as many as you like here. The VNCSERVERARGS[1] line refers to the arguments
for user 1, in this case the only user. Geometry sets the size and depth sets the colour depth, you
can adjust these to suit your preferences but in my case the client machine has a resolution of
1024x768 and the depth 16 makes the connection a bit faster since the less information that
needs to be sent the more responsive the session will feel.

Knowing which port to use

It's also important to note the session number user as this will tell us which port vncserver will
listen on. Remember the Gnome Remote Desktop asked us to use computername:0 as the
connection string, the number needs to be added to 5900 to get the listening port. In this case we
need to use port 5901 since we are using session 1. In the same way we could use any number,
for example:

VNCSERVERS="2000:bobpeers"
VNCSERVERARGS[2000]="-geometry 1024x768 -depth 16"

In this case we need to use port 5900+2000 so port 7900.

Setting a password

To add some security we need to add a password that must be given before a connection can be
established, open a terminal and type:

$ vncpasswd
Password:
Verify:

This creates a hidden folder called .vnc in your home folder containing the password file.

Starting the server and startup options

To start the server we type the command 'vncserver' and the session you wish to start (if you
have set up more than 1 entry in the /etc/sysconfig/vncservers file:

$ vncserver :1
Starting VNC server: 1:bobpeers
New 'linux.bobpeers:1 (bobpeers)' desktop is linux.bobpeers:1

Starting applications specified in /home/bobuser/.vnc/xstartup

Log file is /home/bobuser/.vnc/linux.bobpeers:1.log

[ OK ]

Now the server is started and a user could connect, however they will get a plain grey desktop by
default as the connection will not cause a new session of X to start by default, to fix this we need
to edit the startup script in the .vnc folder in your home directory.

$ vi ~/.vnc/xstartup

#!/bin/sh
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup

[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

As the file says make sure the two lines at the top are uncommented by removing the leading #
sign. Next we need to restart vncserver to pick up the changed we just made. To restart the
vncserver we need to kill the process and start a new one as root:

$ vncserver -kill :1
Killing Xvnc process ID 13728
$ vncserver :1
Starting VNC server: 1:bobpeers
New 'linux.bobpeers:1 (bobpeers)' desktop is linux.bobpeers:1

Starting applications specified in /home/bobuser/.vnc/xstartup

Log file is /home/bobuser/.vnc/linux.bobpeers:1.log

[ OK ]

Using vncviewer

To start the viewer type:

$ vncviewer localhost:5901

This open a dialog as shown for us to enter our password we set earlier, enter the password and
you should now see a copy of your desktop. Note that unlike the Gnome Remote Desktop this
has started a new session of X so any applications open on the host machine are not visible to the
new session, it's basically a whole new logon running at the same time.

If you just type 'vncviewer' at the prompt then you will asked for the host to connect to, then you
can type localhost:5901 for example. Remember to use the correct port number when
connecting, if you set your VNCSERVERS to be 2000:myname then you would need to connect
on localhost:7900.
Stopping the vncserver

There are two ways to stop the server, either as root:

$ /sbin/service vncserver stop

Shutting down VNC server: 1:bobpeers [ OK ]

or you can explicitly kill a particular session without being root:

$ vncserver -kill :1
Killing Xvnc process ID 13728

Just replace the 1 with the vnc session you wish to stop.

Allowing remote connections

So far we have only connected to our own computer using localhost so we have not needed to
open any ports in the firewall, however if we want to allow remote connection we will have to do
the following. This can either be done from the command line or using system-config-security if
you have it installed.

Using system-config-security to opens ports.

First we'll look into the GUI system-config-security. Go to the Fedora start menu > Desktop >
Administration > Security Level and Firewall, then type your root password when prompted to
see this:
Click on other ports at the bottom and enter the port you wish to open, 5901 in my case, select
tcp, then click OK and OK again to save your settings. That's all there is to it, but remember to
close the port again when you are finished.

Editing the iptables manually to opens ports.

To do the same from the command line add the line in bold to the file /etc/sysconfig/iptables
while logged in as root:

# Firewall configuration written by system-config-securitylevel

# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j
ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Finally we need to restart the iptables service to reload the changes.

$ sudo /sbin/service iptables restart

Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]

Connecting from the remote machine.

Now from the remote client computer start up vncviewer but this time use the IP address of the
host computer followed by the port number. So on my home network this might be:

$ vncviewer 192.168.1.105:5901

You should see a copy of the hosts desktop, if things seem a bit slow you can try adjusting the
colour depth or screen resolution on the vncserver to see if that helps.