Oracle linux vnc server

Install the VNC Remote Access Server on Oracle Linux 8

Introduction

This tutorial shows you how to install and set up the VNC remote access server software on an Oracle Linux 8 system to enable you to remotely operate a graphical desktop environment.

Background

Virtual Network Computing (VNC) is a graphical desktop sharing system that controls remote machines by sending keyboard and mouse events over the network. VNC is particularly useful for remotely controlling Oracle Linux servers that have a graphical desktop environment installed.

You can connect to a VNC server by using any compatible software client. VNC is suitable for thin client computing where multiple dumb terminals can share the same hardware resources that are hosted on an Oracle Linux server.

This tutorial uses TigerVNC to illustrate how to remotely connect to systems. However, you can use a different VNC software of your choice. Some alternative software is listed at the end of the tutorial.

TigerVNC Server was rebased from 1.9.0 to 1.10.1 in Oracle Linux 8 Update 3. This newer version is configured differently to previous versions and no longer requires the creation of systemd unit files. The instructions provided here assume that you are using the latest version.

Objectives

In this tutorial you:

• Install a graphical desktop environment along with the VNC service
• Set the VNC Password for a user on the system
• Configure the VNC service for a specific user
• Start and enablve the VNC service across subsequent boots
• Optionally enable x509 encryption for direct VNC access
• Optionally create firewall rules to allow direct VNC access
• Access the VNC server from a remote client, either directly or using an SSH tunnel

Prerequisite

• Any system with Oracle Linux 8 installed
• Client software such as TigerVNC

Install a graphical desktop environment

Install a GNOME desktop environment and all of its dependencies.

Set graphical mode as the default login type for user accounts, then reboot the server.

Uncomment the following line in the /etc/gdm/custom.conf file to ensure that VNC uses X.org instead of Wayland:

Install the VNC packages

Install the VNC server package and all of its dependencies.

Set the VNC password

Create a VNC password for the user account that you intend to use for remote sessions.

The command prompts you for a password and then prompts you again to validate the password. Optionally you are able to set a ‘view-only’ password that allows you to share the screen but not allow control over the mouse or keyboard.

This action generates configuration information specific to the user account in $HOME/.vnc/ . If this directory already exists from a previous installation, you can either remove the directory prior to running the vncpasswd command; or you can restore the SELinux context on the directory to ensure that you do not have any issues with SELinux for this service. For example:

Configure the VNC service

Append the user account and the X Server display for the VNC service to /etc/tigervnc/vncserver.users file:

Also append the default desktop and screen resolution to the /etc/tigervnc/vncserver-config-defaults file:

By default, the VNC server terminates when the last user signs out. You can manually force the VNC server to persist by creating the /etc/systemd/system/vncserver@.service.d/10-restart.conf file as the root user, and then adding the following content:

Set up the VNC service

Reload the systemd service, then enable and start the VNC server by using X Server display 1:

Configure X509 encryption (optional)

By default, VNC is not an encrypted protocol and you should use an SSH tunnel to access it across an unprotected network. You can configure X509 TLS to encrypt your VNC session, however this requires that your client software supports X509Vnc encryption and has access to the CA certificate used to sign your certificates.

If you do not have a CA signed certificate, you can use self-signed certificates, but your client system must have a copy of the public certificate to be able to connect. To create a self-signed certificate, run:

Edit the user’s custom VNC configuration options in `

/.vnc/config`. If the file does not exist yet, you may need to create it yourself. Update the configuration to enable x509Vnc encryption and to provide the full path to the X509 key file and that x509 certificate file. For example, assuming that the username is opc, the following configuration should work correctly:

Note that you must provide the full path to the key and certificate files. You cannot depend on shell expansion or use variables for this purpose.

When you have finished editing the configuration, you can restart the service:

Configure firewall rules (optional)

If you are using X509 encryption and you are running a custom firewall profile or an Oracle Cloud Infrastructure instance, you can open the firewall port for the VNC service (5901) on your firewall or in your security lists for your network.

If you are using X509 encryption and the firewalld service is running on the host, you can add access for the VNC service. Then, reload the default firewall service.

Note: VNC is not an encrypted protocol and you should not open the firewall to this port and connect directly to a VNC server over an unprotected network. Although we list this step as optional, it is not generally advised and you should consider using SSH tunneling or some other mechanism to protect the connection.

Open a VNC client and test your deployment

If your client is running Oracle Linux 8, you can install the TigerVNC software client:

On the client machine, use the VNC software to connect to the remote Oracle Linux server domain or IP address. Make sure to specify the correct port. The default VNC port is 5900, but that number is incremented according to the configured display number. Thus, display 1 corresponds to 5901, display 2 to 5902, and so on.

Note that if you enabled X509 encryption, you may need to provide the CA certificate used to sign your keys, or if you used a self-signed certificate you can use the public certificate as the CA certificate. Some clients may be willing to allow you to simply accept a self-signed certificate automatically.

If you encounter connectivity problems, troubleshoot these issues by connecting to the remote server over an SSH connection that has been configured for an SSH tunnel. Then, use the tigervnc client to connect to the local host:

Video demonstration

The video demonstration and tutorial provided at https://www.youtube.com/watch?v=Z5vhER7K34E may also be useful if you need more information on configuring a VNC server.

For More Information

Other related resources include:

• Tiger VNC Server configuration documentation in /usr/share/doc/tigervnc/HOWTO.md/
• GNOME desktop sharing with Vino at https://wiki.gnome.org/Projects/Vino
• KDE desktop sharing with Krfb at https://kde.org/applications/internet/org.kde.krfb
• Using VNC client software such as:
  • Vinagre; or
  • KRDC
• Oracle Linux Documentation

The basic steps included in this tutorial are available in the shell script at ol8-vnc-setup.sh

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

Install the VNC Remote Access Server on Oracle Linux 8

Copyright © 2021, Oracle and/or its affiliates.

Источник

ChapterВ 9В Configuring the VNC Service

This chapter describes how to enable a Virtual Network Computing (VNC) server to provide remote access to a graphical desktop.

9.1В About VNC

Virtual Network Computing (VNC) is a system for sharing a graphical desktop over a network. A VNC client (the «viewer») connects to, and can control, a desktop that is shared by a VNC server on a remote system. Because VNC is platform independent, you can use any operating system with a VNC client to connect to a VNC server. VNC makes remote administration using graphical tools possible.

By default, all communication between a VNC client and a VNC server is not secure. You can secure VNC communication by using an SSH tunnel. Using an SSH tunnel also reduces the number of firewall ports that need to be open. Oracle recommends that you use SSH tunnels.

9.2В Configuring a VNC Server

To configure a VNC server:

Install the tigervnc-server package:

Create the VNC environment for the VNC users.

Each VNC desktop on the system runs a VNC server as a particular user. This user must be able to log in to the system with a user name and either a password or an SSH key (if the VNC desktop is to be accessed through an SSH tunnel).

Use the vncpasswd command to create a password for the VNC desktop. The password must be created by the user that runs the VNC server and not root , for example:

The password must contain at least six characters. If the password is longer than eight characters, only the first eight characters are used for authentication. An obfuscated version of the password is stored in $HOME/.vnc/passwd unless the name of a file is specified with the vncpasswd command.

Create a service unit configuration file for each VNC desktop that is to be made available on the system.

Copy the vncserver@.service template file, for example:

In the previous command, display is the unique display number of the VNC desktop, starting from 1 . Use a backslash character ( \ ) to escape the colon ( : ) character.

Each VNC desktop is associated with a user account. For ease of administration if you have multiple VNC desktops, you can include the name of the VNC user in the name of the service unit configuration file, for example:

Edit the service unit configuration files.

The following sections in the configuration file should resemble the sample entries. Replace vncuser with the actual VNC user name.

Optionally, you can add command-line arguments for the VNC server. In the following example, the VNC server only accepts connections from localhost , which means the VNC desktop can only be accessed locally or through an SSH tunnel; and the size of the window has been changed from the default 1024×768 to 640×480 using the geometry flag:

Start the VNC desktops.

Make systemd reload its configuration files:

For each VNC desktop, start the service, and configure the service to start after a system reboot. Remember to use the username and the display number that you specified in the service unit configuration file to be associated with that service. For example:

If you make any changes to a service unit configuration file, you must reload the configuration file and restart the service.

Configure the firewall to allow access to the VNC desktops.

If users will access the VNC desktops through an SSH tunnel and the SSH service is enabled on the system, you do not need to open additional ports in the firewall. SSH is enabled by default. For information on enabling SSH, see Oracle В® Linux: Connecting to Remote Systems With OpenSSH.

If users will access the VNC desktops directly, you must open the required port for each desktop. The required ports can be calculated by adding the VNC desktop service display number to 5900 (the default VNC server port). So if the display number is 1, the required port is 5901 and if the display number is 67, the required port is 5967.

To open ports 5900 to 5903, you can use the following commands:

To open additional ports, for example port 5967, use the following commands:

Configure the VNC desktops.

By default, the VNC server runs the user’s default desktop environment. This is controlled by the VNC user’s $HOME/.vnc/xstartup file, which is created automatically when the VNC desktop service is started.

If you did not install a desktop environment when you installed the system (for example because you selected Minimal Install as the base environment), you can install one with the following command:

When the installation is complete, use the systemctl get-default command to check that the default system state is multi-user.target (multi-user command-line environment). Use the systemctl set-default command reset the default system state or to change it to the graphical.target (multi-user graphical environment) if you prefer.

The $HOME/.vnc/xstartup file is a shell script that specifies the X applications to run when the VNC desktop is started. For example, to run a KDE Plasma Workspace, you could edit the file as follows:

If you make any changes to a user’s $HOME/.vnc/xstartup file, you must restart the VNC desktop for the changes to take effect:

See the vncserver(1) , Xvnc(1) , and vncpasswd(1) manual pages for more information.

9.3В Connecting to VNC Desktop

You can connect to a VNC desktop on an Oracle Linux 7 system using any VNC client. The following example instructions are for the TigerVNC client. Adapt the instructions for your client.

Install the TigerVNC client ( vncviewer ).

Start the TigerVNC client and connect to a desktop.

To connect directly to a VNC desktop, you can start the TigerVNC client and enter host : display to specify the host name or IP address of the VNC server and the display number of the VNC desktop to connect to. Alternatively, you can specify the VNC desktop as an argument for the vncviewer command. For example:

To connect to a VNC desktop through an SSH tunnel, use the -via option for the vncviewer command to specify the user name and host for the SSH connection, and use localhost: display to specify the VNC desktop. For example:

See the vncviewer(1) manual page for more information.

Copyright В© 2020, 2021, Oracle and/or its affiliates. Legal Notices

Источник

Configuring VNC Server on Linux

sysvint (Original Method)

The sysvinit method works for RHEL and it’s clones (Oracle Linux and CentOS) up to and including RHEL6. It also works for Fedora up to and including Fedora 15. Although Fedora 15 includes systemd, the VNC server configuration is unchanged, so you should still use this method.

Install the VNC Server.

Edit the «/etc/sysconfig/vncservers» file to configure the required displays. The following entries enable VNC for display numbers «:2» and «:3». Notice multiple «display:user» pairs are defined on a single line, but the arguments for each display are defined separately.

Set the VNC password for any users defined in the «/etc/sysconfig/vncservers» file.

Enable the «vncserver» service for autostart and start the service.

You should now be able to use a VNC viewer to connect to system using the display numbers and passwords defined.

Use the following commands to stop the service and disable autostart.

systemd (New Method)

The systemd method works for Fedora 16 and above. Although Fedora 15 uses systemd, the VNC server configuration is unchanged so you still use the previous configuration method. This method also works for RHEL7/OL6/CentOS7.

Install the VNC Server.

Create a new configuration file for each of the display numbers you want to enable. In the following case, I am setting up the display number «:3». Notice how the display number is included in the configuration file name. In some Fedora releases they suggest not including the display number, as systemd will spawn correct config in memory on first request.

Edit the new configuration file, amending the user and startup arguments as necessary. An example of the changed lines is shown below. All other lines should be unmodified. The geometry is set below, but this line doesn’t have to be modified if the default geometry of «1280×1024» is acceptable.

Run the following command.

Set the VNC password for the user defined in the new configuration file.

Enable the service for autostart and start the service.

You should now be able to use a VNC viewer to connect to system using the display number and password defined.

Use the following commands to stop the service and disable autostart.

VNC Clients

Once your VNC server is configured, you can connect to it from any VNC server. On Linux this will often be TigerVNC, installed using the following command.

Connect to a VNC server using the following command.

Источник