Difference between revisions of "VNC over SSH"
Jump to navigation
Jump to search
(Created page with "{{howto_header}} This tutorial covers setting up VNC over SSH on EL8.3+ (RHEL 8, CentOS Stream 8, etc). and EL9. {{note|1=Make sure all <span class="code">admin</span> users are logged out (Gnome and terminal). There is a bug we don't know the source of yet that can break the ability to log into gnome.}} SSH into the Striker dashboard as the root user. <syntaxhighlight lang="bash"> dnf install tigervnc-server </syntaxhighlight> <syntaxhighlight lang="text">...") |
|||
(5 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
{{note|1=Make sure all <span class="code">admin</span> users are logged out (Gnome and terminal). There is a bug we don't know the source of yet that can break the ability to log into gnome.}} | {{note|1=Make sure all <span class="code">admin</span> users are logged out (Gnome and terminal). There is a bug we don't know the source of yet that can break the ability to log into gnome.}} | ||
= VNC Server Setup = | |||
SSH into the [[Striker]] dashboard as the root user. | SSH into the [[Striker]] dashboard as the root user. | ||
Line 81: | Line 83: | ||
+:2=admin | +:2=admin | ||
</syntaxhighlight> | </syntaxhighlight> | ||
{{note|1=If you want the VNC access to work without SSH (normal use), comment-out or delete the "<span class="code">localhost</span>" line.}} | |||
Now edit <span class="code"></span> to enable defaults. | Now edit <span class="code"></span> to enable defaults. | ||
Line 128: | Line 132: | ||
|Sets all incoming connections as shared, regardless of client settings | |Sets all incoming connections as shared, regardless of client settings | ||
|} | |} | ||
Switch to the <span class="code">admin</span> user. | |||
<syntaxhighlight lang="bash"> | |||
su - admin | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="text"> | |||
Last login: Wed Aug 17 12:13:44 EDT 2022 on tty2 | |||
[admin@an-striker01 ~]$ | |||
</syntaxhighlight> | |||
Now run <span class="code">vncpasswd</span> and enter the password you will use to connect. | |||
<syntaxhighlight lang="bash"> | |||
vncpasswd | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="text"> | |||
Password: | |||
Verify: | |||
Would you like to enter a view-only password (y/n)? n | |||
A view-only password is not used | |||
</syntaxhighlight> | |||
Exit back to the <span class="code">root</span> user. | |||
<syntaxhighlight lang="bash"> | |||
exit | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="text"> | |||
logout | |||
[root@an-striker01 ~]# | |||
</syntaxhighlight> | |||
Now enable the daemon; | |||
<syntaxhighlight lang="bash"> | |||
systemctl enable --now vncserver@:2.service | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="text"> | |||
Created symlink /etc/systemd/system/multi-user.target.wants/vncserver@:2.service → /usr/lib/systemd/system/vncserver@.service. | |||
</syntaxhighlight> | |||
= Connect = | |||
Now you can try to connect! | |||
== If connecting directly to the target == | |||
Open the tunnel; | |||
<syntaxhighlight lang="bash"> | |||
ssh -L 5902:localhost:5902 admin@an-striker01 | |||
</syntaxhighlight> | |||
Then on the local machine, run <span class="code">tigervnc</span>, then connect to <span class="code">localhost:2</span>: | |||
== If connection via a gateway ssh machine == | |||
Connect to the gateway; | |||
* The initial <span class="code">5903</span> is used if the source computer is already using <span class="code">5902</span>. If not, <span class="code">5902</span> can be used. The next available port opened by default when firewalld is told to enable the <span class="code">vnc-server</span> service. The <span class="code">590</span> is then dropped, and <span class="code">3</span> will be used for the <span class="code">localhost:3</span> later. Or you can use the full <span class="code">5903</span>. | |||
* The <span class="code">5902</span> is the VNC port the target is listening on. | |||
* The <span class="code">2502</span> is the port forward setup by the target's firewall port forwarding, and could be <span class="code">22</span> or whatever other port the target setup. | |||
<syntaxhighlight lang="bash"> | |||
ssh -L 5903:localhost:5902 root@gateway.example.com -p 2502 | |||
</syntaxhighlight> | |||
Then from the gateway, connect to the target; | |||
<syntaxhighlight lang="bash"> | |||
ssh -L 5902:localhost:5902 admin@an-striker01 | |||
</syntaxhighlight> | |||
* The <span class="code">localhost:5903</span> uses the same port as the initial call above. You could use <span class="code">localhost:3</span> as well. | |||
Then on the local machine, run <span class="code">tigervnc</span>, then connect to <span class="code">localhost:5903</span>: | |||
<span class="code"></span> | <span class="code"></span> |
Latest revision as of 18:35, 23 December 2022
Alteeve Wiki :: How To :: VNC over SSH |
This tutorial covers setting up VNC over SSH on EL8.3+ (RHEL 8, CentOS Stream 8, etc). and EL9.
Note: Make sure all admin users are logged out (Gnome and terminal). There is a bug we don't know the source of yet that can break the ability to log into gnome. |
VNC Server Setup
SSH into the Striker dashboard as the root user.
dnf install tigervnc-server
Last metadata expiration check: 0:19:19 ago on Wed 17 Aug 2022 12:06:35 PM EDT.
Dependencies resolved.
==============================================================================================================
Package Architecture Version Repository Size
==============================================================================================================
Installing:
tigervnc-server x86_64 1.12.0-5.el8 appstream 285 k
Installing dependencies:
tigervnc-license noarch 1.12.0-5.el8 appstream 40 k
tigervnc-selinux noarch 1.12.0-5.el8 appstream 48 k
tigervnc-server-minimal x86_64 1.12.0-5.el8 appstream 1.1 M
Transaction Summary
==============================================================================================================
Install 4 Packages
Total download size: 1.5 M
Installed size: 3.4 M
Is this ok [y/N]: y
Downloading Packages:
(1/4): tigervnc-license-1.12.0-5.el8.noarch.rpm 223 kB/s | 40 kB 00:00
(2/4): tigervnc-selinux-1.12.0-5.el8.noarch.rpm 216 kB/s | 48 kB 00:00
(3/4): tigervnc-server-1.12.0-5.el8.x86_64.rpm 982 kB/s | 285 kB 00:00
(4/4): tigervnc-server-minimal-1.12.0-5.el8.x86_64.rpm 4.9 MB/s | 1.1 MB 00:00
--------------------------------------------------------------------------------------------------------------
Total 2.7 MB/s | 1.5 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: tigervnc-selinux-1.12.0-5.el8.noarch 1/4
Installing : tigervnc-selinux-1.12.0-5.el8.noarch 1/4
Running scriptlet: tigervnc-selinux-1.12.0-5.el8.noarch 1/4
Installing : tigervnc-license-1.12.0-5.el8.noarch 2/4
Installing : tigervnc-server-minimal-1.12.0-5.el8.x86_64 3/4
Installing : tigervnc-server-1.12.0-5.el8.x86_64 4/4
Running scriptlet: tigervnc-server-1.12.0-5.el8.x86_64 4/4
Verifying : tigervnc-license-1.12.0-5.el8.noarch 1/4
Verifying : tigervnc-selinux-1.12.0-5.el8.noarch 2/4
Verifying : tigervnc-server-1.12.0-5.el8.x86_64 3/4
Verifying : tigervnc-server-minimal-1.12.0-5.el8.x86_64 4/4
Installed:
tigervnc-license-1.12.0-5.el8.noarch tigervnc-selinux-1.12.0-5.el8.noarch
tigervnc-server-1.12.0-5.el8.x86_64 tigervnc-server-minimal-1.12.0-5.el8.x86_64
Complete!
Edit /etc/tigervnc/vncserver.users to enable the admin access via VNC.
diff -u /root/vncserver.users /etc/tigervnc/vncserver.users
--- /root/vncserver.users 2022-08-17 13:59:09.924844674 -0400
+++ /etc/tigervnc/vncserver.users 2022-08-17 14:02:37.893980059 -0400
@@ -5,4 +5,4 @@
#
# :2=andrew
# :3=lisa
-
+:2=admin
Note: If you want the VNC access to work without SSH (normal use), comment-out or delete the "localhost" line. |
Now edit to enable defaults.
diff -u /root/vncserver-config-mandatory /etc/tigervnc/vncserver-config-mandatory
--- /root/vncserver-config-mandatory 2022-08-17 13:53:31.861747957 -0400
+++ /etc/tigervnc/vncserver-config-mandatory 2022-08-17 13:58:45.678479131 -0400
@@ -9,8 +9,8 @@
# Several common settings are shown below. Uncomment and modify to your
# liking.
-# session=gnome
-# securitytypes=vncauth,tlsvnc
-# geometry=2000x1200
-# localhost
-# alwaysshared
+session=gnome
+securitytypes=vncauth,tlsvnc
+geometry=1920x1080
+localhost
+alwaysshared
Variables | Description |
---|---|
session | Is set to a valid Xsession name as per configuration files in /usr/share/xsessions/ |
securitytypes | Denotes the authentication options presented to clients |
desktop | Sets the name of the desktop session displayed by various components, including the vnc client |
geometry | Denotes the aspect ratio and native resolution of the session |
localhost | Denotes the host to which the server will bind |
alwaysshared | Sets all incoming connections as shared, regardless of client settings |
Switch to the admin user.
su - admin
Last login: Wed Aug 17 12:13:44 EDT 2022 on tty2
[admin@an-striker01 ~]$
Now run vncpasswd and enter the password you will use to connect.
vncpasswd
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
A view-only password is not used
Exit back to the root user.
exit
logout
[root@an-striker01 ~]#
Now enable the daemon;
systemctl enable --now vncserver@:2.service
Created symlink /etc/systemd/system/multi-user.target.wants/vncserver@:2.service → /usr/lib/systemd/system/vncserver@.service.
Connect
Now you can try to connect!
If connecting directly to the target
Open the tunnel;
ssh -L 5902:localhost:5902 admin@an-striker01
Then on the local machine, run tigervnc, then connect to localhost:2:
If connection via a gateway ssh machine
Connect to the gateway;
- The initial 5903 is used if the source computer is already using 5902. If not, 5902 can be used. The next available port opened by default when firewalld is told to enable the vnc-server service. The 590 is then dropped, and 3 will be used for the localhost:3 later. Or you can use the full 5903.
- The 5902 is the VNC port the target is listening on.
- The 2502 is the port forward setup by the target's firewall port forwarding, and could be 22 or whatever other port the target setup.
ssh -L 5903:localhost:5902 root@gateway.example.com -p 2502
Then from the gateway, connect to the target;
ssh -L 5902:localhost:5902 admin@an-striker01
- The localhost:5903 uses the same port as the initial call above. You could use localhost:3 as well.
Then on the local machine, run tigervnc, then connect to localhost:5903:
Any questions, feedback, advice, complaints or meanderings are welcome. | ||||
Us: Alteeve's Niche! | Support: Mailing List | IRC: #clusterlabs on Libera Chat | ||
© Alteeve's Niche! Inc. 1997-2023 | Anvil! "Intelligent Availability™" Platform | |||
legal stuff: All info is provided "As-Is". Do not use anything here unless you are willing and able to take responsibility for your own actions. |