VNC over SSH
Revision as of 17:01, 18 August 2022 by Digimer (talk | contribs) (→If connection via a gateway ssh machine)
Alteeve Wiki :: How To :: VNC over SSH |
This tutorial covers setting up VNC over SSH on EL8.3+ (RHEL 8, CentOS Stream 8, etc). and EL9.
Note: Make sure all admin users are logged out (Gnome and terminal). There is a bug we don't know the source of yet that can break the ability to log into gnome. |
VNC Server Setup
SSH into the Striker dashboard as the root user.
dnf install tigervnc-server
Last metadata expiration check: 0:19:19 ago on Wed 17 Aug 2022 12:06:35 PM EDT.
Dependencies resolved.
==============================================================================================================
Package Architecture Version Repository Size
==============================================================================================================
Installing:
tigervnc-server x86_64 1.12.0-5.el8 appstream 285 k
Installing dependencies:
tigervnc-license noarch 1.12.0-5.el8 appstream 40 k
tigervnc-selinux noarch 1.12.0-5.el8 appstream 48 k
tigervnc-server-minimal x86_64 1.12.0-5.el8 appstream 1.1 M
Transaction Summary
==============================================================================================================
Install 4 Packages
Total download size: 1.5 M
Installed size: 3.4 M
Is this ok [y/N]: y
Downloading Packages:
(1/4): tigervnc-license-1.12.0-5.el8.noarch.rpm 223 kB/s | 40 kB 00:00
(2/4): tigervnc-selinux-1.12.0-5.el8.noarch.rpm 216 kB/s | 48 kB 00:00
(3/4): tigervnc-server-1.12.0-5.el8.x86_64.rpm 982 kB/s | 285 kB 00:00
(4/4): tigervnc-server-minimal-1.12.0-5.el8.x86_64.rpm 4.9 MB/s | 1.1 MB 00:00
--------------------------------------------------------------------------------------------------------------
Total 2.7 MB/s | 1.5 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: tigervnc-selinux-1.12.0-5.el8.noarch 1/4
Installing : tigervnc-selinux-1.12.0-5.el8.noarch 1/4
Running scriptlet: tigervnc-selinux-1.12.0-5.el8.noarch 1/4
Installing : tigervnc-license-1.12.0-5.el8.noarch 2/4
Installing : tigervnc-server-minimal-1.12.0-5.el8.x86_64 3/4
Installing : tigervnc-server-1.12.0-5.el8.x86_64 4/4
Running scriptlet: tigervnc-server-1.12.0-5.el8.x86_64 4/4
Verifying : tigervnc-license-1.12.0-5.el8.noarch 1/4
Verifying : tigervnc-selinux-1.12.0-5.el8.noarch 2/4
Verifying : tigervnc-server-1.12.0-5.el8.x86_64 3/4
Verifying : tigervnc-server-minimal-1.12.0-5.el8.x86_64 4/4
Installed:
tigervnc-license-1.12.0-5.el8.noarch tigervnc-selinux-1.12.0-5.el8.noarch
tigervnc-server-1.12.0-5.el8.x86_64 tigervnc-server-minimal-1.12.0-5.el8.x86_64
Complete!
Edit /etc/tigervnc/vncserver.users to enable the admin access via VNC.
diff -u /root/vncserver.users /etc/tigervnc/vncserver.users
--- /root/vncserver.users 2022-08-17 13:59:09.924844674 -0400
+++ /etc/tigervnc/vncserver.users 2022-08-17 14:02:37.893980059 -0400
@@ -5,4 +5,4 @@
#
# :2=andrew
# :3=lisa
-
+:2=admin
Now edit to enable defaults.
diff -u /root/vncserver-config-mandatory /etc/tigervnc/vncserver-config-mandatory
--- /root/vncserver-config-mandatory 2022-08-17 13:53:31.861747957 -0400
+++ /etc/tigervnc/vncserver-config-mandatory 2022-08-17 13:58:45.678479131 -0400
@@ -9,8 +9,8 @@
# Several common settings are shown below. Uncomment and modify to your
# liking.
-# session=gnome
-# securitytypes=vncauth,tlsvnc
-# geometry=2000x1200
-# localhost
-# alwaysshared
+session=gnome
+securitytypes=vncauth,tlsvnc
+geometry=1920x1080
+localhost
+alwaysshared
Variables | Description |
---|---|
session | Is set to a valid Xsession name as per configuration files in /usr/share/xsessions/ |
securitytypes | Denotes the authentication options presented to clients |
desktop | Sets the name of the desktop session displayed by various components, including the vnc client |
geometry | Denotes the aspect ratio and native resolution of the session |
localhost | Denotes the host to which the server will bind |
alwaysshared | Sets all incoming connections as shared, regardless of client settings |
Switch to the admin user.
su - admin
Last login: Wed Aug 17 12:13:44 EDT 2022 on tty2
[admin@an-striker01 ~]$
Now run vncpasswd and enter the password you will use to connect.
vncpasswd
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
A view-only password is not used
Exit back to the root user.
exit
logout
[root@an-striker01 ~]#
Now enable the daemon;
systemctl enable --now vncserver@:2.service
Created symlink /etc/systemd/system/multi-user.target.wants/vncserver@:2.service → /usr/lib/systemd/system/vncserver@.service.
Connect
Now you can try to connect!
If connecting directly to the target
Open the tunnel;
ssh -L 5902:localhost:5902 -N -f -l $user $host_name
Then on the local machine, run tigervnc, then connect to localhost:2:
If connection via a gateway ssh machine
Connect to the gateway;
- The 5903 is the next available port opened by default when firewalld is told to enable the vnc-server service. The 590 is then dropped, and 3 will be used for the localhost:3 later. Or you can use the full 5903.
- The 5902 is the VNC port the target is listening on.
- The 2502 is the port forward setup by the target's firewall port forwarding, and could be 22 or whatever other port the target setup.
ssh -L 5903:localhost:5902 root@gateway.example.com -p 2502
Then from the gateway, connect to the target;
ssh -L 5902:localhost:5902 root@an-striker01
- The localhost:5903 uses the same port as the initial call above. You could use localhost:3 as well.
Then on the local machine, run tigervnc, then connect to localhost:5903:
Any questions, feedback, advice, complaints or meanderings are welcome. | ||||
Us: Alteeve's Niche! | Support: Mailing List | IRC: #clusterlabs on Libera Chat | ||
© Alteeve's Niche! Inc. 1997-2023 | Anvil! "Intelligent Availability™" Platform | |||
legal stuff: All info is provided "As-Is". Do not use anything here unless you are willing and able to take responsibility for your own actions. |