Configuring VNC Server on Linux
Firewall
Open port OEL 7 :
# firewall-cmd --zone=public --add-port=portnumber/tcp --permanent #firewall-cmd --reload
systemd
Install the VNC Server.
# yum install tigervnc-server
Create a new configuration file for each of the display numbers you want to enable. In the following case, I am setting up the display number “:3”. Notice how the display number is included in the configuration file name.
# cp /lib/systemd/system/vncserver@.service /lib/systemd/system/vncserver@:3.service
Edit the new configuration file, amending the user and startup arguments as necessary. An example of the changed lines is shown below. All other lines should be unmodified.
User=oracle ExecStart=/usr/bin/vncserver %i -geometry 1280x1024
The vncserver service unit file # # Quick HowTo: # 1. Copy this file to /etc/systemd/system/vncserver@:.service # 2. Edit root and vncserver parameters appropriately # ("runuser -l root -c /usr/bin/vncserver %i -arg1 -arg2") # 3. Run `systemctl daemon-reload` # 4. Run `systemctl enable vncserver@: .service` # # DO NOT RUN THIS SERVICE if your local area network is # untrusted! For a secure way of using VNC, you should # limit connections to the local host and then tunnel from # the machine you want to view VNC on (host A) to the machine # whose VNC output you want to view (host B) # # [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB # # this will open a connection on port 590N of your hostA to hostB's port 590M # (in fact, it ssh-connects to hostB and then connects to localhost (on hostB). # See the ssh man page for details on port forwarding) # # You can then point a VNC client on hostA at vncdisplay N of localhost and with # the help of ssh, you end up seeing what hostB makes available on port 590M # # Use "-nolisten tcp" to prevent X connections to your VNC server via TCP. # # Use "-localhost" to prevent remote VNC clients connecting except when # doing so through a secure tunnel. See the "-via" option in the # `man vncviewer' manual page. [Unit] Description=Remote desktop service (VNC) After=syslog.target network.target [Service] Type=simple # Clean any existing files in /tmp/.X11-unix environment ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' ExecStart=/sbin/runuser -l username -c "/usr/bin/vncserver %i -geometry 1280x1024" PIDFile=/home/root/.vnc/%H%i.pid ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' [Install] WantedBy=multi-user.target
Run the following command.
# systemctl daemon-reload
Set the VNC password for the user defined in the new configuration file.
# su - oracle $ vncpasswd Password: Verify: $ exit logout #
Enable the service for autostart and start the service.
# systemctl enable vncserver@:3.service # systemctl start vncserver@:3.service
You should now be able to use a VNC viewer to connect to system using the display number and password defined.
Use the following commands to stop the service and disable autostart.
# systemctl stop vncserver@:3.service # systemctl disable vncserver@:3.service
VNC Clients
Once your VNC server is configured, you can connect to it from any VNC server. On Linux this will often be TigerVNC, installed using the following command.
# yum install tigervnc
Connect to a VNC server using the following command.
# vncviewer machine-name:port # vncviewer maggie.localdomain:3 # vncviewer 192.168.0.4:3
This is bug 896648 in the Red Hat bugzilla. According to comment 15 you can fix it by:
- Add
-session optional pam_systemd.so
to/etc/pam.d/runuser-l
; the whole file should look like:auth include runuser session optional pam_keyinit.so force revoke -session optional pam_systemd.so session include runuser
- Edit
vncserver@:<display>.service
- Change
Type
tosimple
- Add an
-fg
parameter to thevncserver
command inExecStart
- Comment out the
ExecStop
line
- Change