Difference between revisions of "Using VNC To Access CS Linux Computers"
| Line 70: | Line 70: | ||
When you're done with your VNC session, you can log out of your SSH session. | When you're done with your VNC session, you can log out of your SSH session. | ||
| + | |||
| + | '''''Alternatively,''''' we were recently made aware that you can utilize Mac's built-in Screen Sharing app to provide similar results. One of our users provided us his method for doing so: n(note, in this example, the username is ''joeuser'' and the host being logged into is ''ugradx'' | ||
| + | |||
| + | :# ssh ''joeuser''@''ugradx''.cs.jhu.edu | ||
| + | :# run “vncserver” | ||
| + | :# Notice what the number after the colon is. e.g. ugradx:1 | ||
| + | :# New terminal, run “ssh -L /5901/:localhost:/5901/ /'''joeuser'''/@''ugradx''.cs.jhu.edu” 1. 5900 + whatever number is after the colon | ||
| + | :# Open Screen Sharing (on mac) | ||
| + | :# Enter “localhost:5901” in the address bar | ||
| + | :# When done, “vncserver -kill :1” | ||
=== Linux SSH Tunnels === | === Linux SSH Tunnels === | ||
Revision as of 12:25, 12 April 2022
VNC (Virtual Network Computing) is supported as a method for remotely accessing our Linux Clients. Because VNC does not, by default, provide a securely encrypted network connection, you will need to tunnel your connections through SSH. Instructions for doing so are below.
Please keep in mind that our Linux clients are for everyone's use and graphical programs can use many system resources. Do not leave VNC sessions running unless you're actively using them. We reserve the right to terminate idle sessions in order to free up resources for others' use.
First Steps... Starting the VNC Service on the Remote Computer
You can start a VNC server by logging in to the remote system and running the vncserver program from a command line. It will print a message similar to the following:
New 'gradx.cs.jhu.edu:1 (account)' desktop is gradx.cs.jhu.edu:1
The :1 gives the X display number for your session. It will usually be 1, but might be higher if there are other graphical sessions active on the system.
If this is the first time you've run vncserver, it will prompt you for a password to use when connecting with a client. You can use anything you like here; it doesn't have to be the same as your CS account password. Be aware that the password is stored in a file in your home directory. By default, no one but you can read that file, but if its permissions are changed at some point, others might be able to read the password you set for your VNC sessions.
Note: The password is needed because of the way VNC works. Anyone who can log in to the system can connect to any VNC session running on the system, regardless of who started that session. The password ensures that only you can use your sessions.
When you're done with your session, run vncserver -kill :1 (where ":1" is whatever display number you're actually using).
Tunneling Your VNC Session through SSH
You must tunnel your VNC session through SSH for remote access to our our CS Linux computers so that your session is secured. To connect to the remote linux system, you will have to set up an SSH TCP tunnel to the port the server is listening on. That port number is 5900 plus the X display number, so it will most often be port 5901.
Some VNC clients now support SSH tunnelling natively; if there's an option for that in your VNC client, you don't need the instructions on the rest of this page.
Otherwise, the process for tunneling through ssh can be different, depending upon which local operating system (Windows, Mac, Linux) you are using. Each method is described below.
Windows SSH Tunnels
Tunneling using the new built-in SSH client in Windows
Windows now has a built-in SSH client, which you can access via the CMD prompt or through powershell. And this built-in openssh client works very similarly to Linux and Mac for ssh tunneling.
For example, you can use:
ssh -L 5901:localhost:5901 account@gradx.cs.jhu.edu
You should replace both occurrences of "5901" with the actual TCP port your VNC server is using; you should replace "account" with the name of your CS account; and you should replace "gradx" with the name of the system on which you're running your VNC server.
After you log in, you will have to leave the ssh session running for as long as you want to be connected to your VNC server.
Once ssh is running, open your VNC client. (If you don't have one, one suggestion is TigerVNC.) Connect to "localhost:1", where ":1" is the actual display number used by your VNC server. Type in the password you gave when setting up the VNC server and you'll be connected.
When you're done with your VNC session, you can log out of your SSH session.
Tunneling Using Putty
Up until recently, Windows did not have a built-in SSH client, but now it does (see directly above). However, over the years, some of you might have been using PuTTY and feel more comfortable still using it as opposed to a command line option. (PuTTy is still a reasonable, free Windows client.)
You can tunnel through ssh using PuTTY. When you start PuTTY, put the name of the system where you're running VNC into the "Host Name" field. "Protocol" should be set to "SSH" and "Port" should be 22.
In the left-hand pane, open the "Connection" tree and the "SSH" tree below that. Click on "Tunnels". The window will show, among other things, a "Port forwarding" section. Under "Add a new forwarded port:", put in the appropriate source port (e.g. 5901). For "Destination", use "localhost:5901", where "5901" is the actual port you're using. Make sure "Local" is checked below that and then click the "Add" button.
You can now click the "Open" button at the bottom of the window. A new window will open and you will have to log in to the system in that window. You don't need to use this window for anything else, but you must leave it open for as long as you want to be connected to the VNC server.
Now, open your VNC client. (If you don't have one, you can use TigerVNC.) Tell it to connect to "localhost:1", where ":1" is the X display number that your server is using. Type in the password you gave when setting up the VNC server and you'll be connected.
When you're done with your VNC session, you can close the PuTTY window.
Mac SSH Tunnels
OSX has a built in command line SSH client. To use it, open Terminal and type something like the following:
ssh -L 5901:localhost:5901 account@gradx.cs.jhu.edu
You should replace both occurrences of "5901" with the actual TCP port your VNC server is using; you should replace "account" with the name of your CS account; and you should replace "gradx" with the name of the system on which you're running your VNC server.
After you log in, you will have to leave the ssh session running for as long as you want to be connected to your VNC server.
Once ssh is running, open your VNC client. (If you don't have one, one suggestion is Chicken.) Connect to "localhost:1", where ":1" is the actual display number used by your VNC server. Type in the password you gave when setting up the VNC server and you'll be connected.
When you're done with your VNC session, you can log out of your SSH session.
Alternatively, we were recently made aware that you can utilize Mac's built-in Screen Sharing app to provide similar results. One of our users provided us his method for doing so: n(note, in this example, the username is joeuser and the host being logged into is ugradx
- ssh joeuser@ugradx.cs.jhu.edu
- run “vncserver”
- Notice what the number after the colon is. e.g. ugradx:1
- New terminal, run “ssh -L /5901/:localhost:/5901/ /joeuser/@ugradx.cs.jhu.edu” 1. 5900 + whatever number is after the colon
- Open Screen Sharing (on mac)
- Enter “localhost:5901” in the address bar
- When done, “vncserver -kill :1”
Linux SSH Tunnels
Linux's SSH client works almost exactly like OSX's, so you can follow the #Mac SSH Tunnels instructions, except that you will be using a different VNC client. If you don't have one installed already, you can try TigerVNC or vinagre.