Difference between revisions of "Using VNC To Access CS Linux Computers"

 
(23 intermediate revisions by 4 users not shown)
Line 1: Line 1:
VNC ([https://en.wikipedia.org/wiki/Virtual_Network_Computing Virtual Network Computing]) is supported as a method for remotely accessing our [[:Category:Linux Clients]].  Because VNC does not, by default, provide a securely encrypted network connection, you will need to tunnel your connections through SSH.  Instructions for doing so are below.
+
VNC ([https://en.wikipedia.org/wiki/Virtual_Network_Computing Virtual Network Computing]) is supported as a method for remotely accessing our [[:Category:Linux Clients|Linux Clients]].  Because VNC does not, by default, provide a securely encrypted network connection, you will need to tunnel your connections through SSH.  Instructions for doing so are below.
  
Please keep in mind that these machines are for everyone's use and graphical programs can use many system resources.  Do not leave VNC sessions running unless you're actively using them.  We reserve the right to terminate idle sessions in order to free up resources for others' use.
+
Please keep in mind that our Linux clients are for everyone's use and graphical programs can use many system resources.  Do not leave VNC sessions running unless you're actively using them.  We reserve the right to terminate idle sessions in order to free up resources for others' use.
 +
 
 +
'''In the examples used below, we want to view the desktop of the remote system, ''ugradx'' by connecting as user ''joeuser''.'''
  
 
== First Steps... Starting the VNC Service on the Remote Computer ==
 
== First Steps... Starting the VNC Service on the Remote Computer ==
  
You can start a VNC server by logging in to the remote system and running the <code>vncserver</code> program from a command line.  It will print a message similar to the following:
 
  
New 'gradx.cs.jhu.edu:1 (account)' desktop is gradx.cs.jhu.edu:1
+
To start a VNC server on the remote Linux system from your own Windows, Mac,or Linux system:
  
The <tt>:1</tt> gives the X display number for your session. It will usually be 1, but might be higher if there are other graphical sessions active on the system.
+
*Open Windows Powershell, Mac Terminal or Linux shell
 
+
* ssh ''joeuser''@''ugradx''.cs.jhu.edu
If this is the first time you've run <code>vncserver</code>, it will prompt you for a password to use when connecting with a client.  You can use anything you like here; ''it doesn't have to be the same as your CS account password.'' '''Be aware that the password is stored in a file in your home directoryBy default, no one but you can read that file, but if its permissions are changed at some point, others might be able to read the password you set for your VNC sessions.'''
+
* run “vncserver”
 
+
**'''NOTE:''' If this is the ''first time you're running vncserver'', the first thing it will do is prompt you to enter a new password that will be used in later steps when accessing from a vnc client. You will also be asked if this new password is for view-only.  You may say "n" for "no".    (Note that the password is needed because of the way VNC works.  Anyone who can log in to the system can connect to ''any'' VNC session running on the system, regardless of who started that session.  The password ensures that only you can use your sessions.)
When you're done with your session, run <code>vncserver -kill :1</code> (where ":1" is whatever display number you're actually using).
+
* Look for the line indicating a new desktop... '''New ''ugradx'':1 (''joeuser'') desktop is ugradx:1''' (or something similar.)
 +
* Notice what the number after the colon is. e.g. '''''ugradx'':1'''  We'll call the number following the ''':''' the ''display number''.  You might see a different number.  That's okYou'll need the display number you get for next step.
 +
* '''''Add''''' the display number you noticed in the prior step to value of '''5900''' to create a new port number for vncserver to use in later steps.  For example, using ''':1''' from the previous step, add that value of '''''1''''' to '''5900''' to get the new value of '''5901'''.  This is a port number, and we'll need this during the upcoming "tunneling-through-ssh" section.
  
 
== Tunneling Your VNC Session through SSH ==
 
== Tunneling Your VNC Session through SSH ==
  
You must tunnel your VNC session through SSH for remote access to our our CS Linux computers so that your session is secured.  To connect to the remote linux system, you will have to set up an SSH TCP tunnel to the port the server is listening on.  That port number is 5900 plus the X display number, so it will most often be port 5901.
+
You must tunnel your VNC session through SSH for remote access to our our CS Linux computers so that your session is secured.  To connect to the remote linux system, you will have to set up an SSH TCP tunnel to the port the server is listening on.  That port number is '''5900''' '''''plus the X display number,''''' so it will most often be port '''5901''', as in our earlier example.
 
 
Some VNC clients now support SSH tunnelling natively; if there's an option for that in your VNC client, you don't need the instructions on the rest of this page.
 
 
 
Otherwise, the process for tunneling through ssh can be different, depending upon which local operating system (Windows, Mac, Linux) you are using.  Each method is described below.
 
 
 
=== Windows SSH Tunnels ===
 
 
 
Windows does not have a built-in SSH client, but [http://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY] is a reasonable, free Windows client.  If you're using a different client, you'll have to consult its documentation on how to tunnell TCP ports.
 
 
 
When you start PuTTY, put the name of the system where you're running VNC into the "Host Name" field.  "Protocol" should be set to "SSH" and "Port" should be 22.
 
 
 
In the lefthand pane, open the "Connection" tree and the "SSH" tree below that.  Click on "Tunnels".  The window will show, among other things, a "Port forwarding" section.  Under "Add a new forwarded port:", put in the appropriate source port (e.g. 5901).  For "Destination", use "localhost:5901", where "5901" is the actual port you're using.  Make sure "Local" is checked below that and then click the "Add" button.
 
  
You can now click the "Open" button at the bottom of the window.  A new window will open and you will have to log in to the system in that window.  You don't need to use this window for anything else, but you must leave it open for as long as you want to be connected to the VNC server.
+
The following steps to set up tunneling should work with Windows, Mac, and Linux clients.
  
Now, open your VNC client.  (If you don't have one, you can use [http://www.tigervnc.com/ TigerVNC].)  Tell it to connect to "localhost:1", where ":1" is the X display number that your server is using.  Type in the password you gave when setting up the VNC server and you'll be connected.
+
On your '''local''' system:
  
When you're done with your VNC session, you can close the PuTTY window.
+
* Open a new terminal (leaving the ''other'' terminal you ran earlier to start "vncserver" still open and running.)
 +
* From the new terminal, run '''ssh -L 5901:localhost:5901  ''joeuser''@''ugradx''.cs.jhu.edu''' and log in as you normally would to ''ugradx''.  (Remember, use the port number you came up with in the earlier steps.)
  
=== Mac SSH Tunnels ===
+
The tunnel is now set.  Onto starting the vnc-type client on your local system...
  
OSX has a built in command line SSH client.  To use it, open Terminal and type something like the following:
+
== Starting the VNC client on your Local system==
  
  ssh -L 5901:localhost:5901 account@gradx
+
<br>
 +
'''''IMPORTANT:'' Leave those ''two'' ssh sessions from earlier running.'''
  
You should replace both occurrences of "5901" with the actual TCP port your VNC server is using; you should replace "account" with the name of your CS account; and you should replace "gradx" with the name of the system on which you're running your VNC server.
+
===Starting a Windows or Linux VNC Client===
  
After you log in, you will have to leave the ssh session running for as long as you want to be connected to your VNC server.
+
* Open your Windows or Linux VNC client on your local system. (If you don't have a VNC client, try [http://www.tigervnc.com/ TigerVNC] and the following steps will assume you're using TigerVNC.)
 +
* Connect to "localhost:1", where ":1" is the actual display number used by your VNC server.  You might've used a different display number in earlier steps.  And for this step, you do not need the 590x part.
 +
* Type in the password you gave when setting up the VNC server for ugradx
 +
* You are now connected, with the remote ugradx desktop now displayed securely on your local desktop.
  
Once ssh is running, open your VNC client.  (If you don't have one, one suggestion is [http://chicken.sourceforge.net/ Chicken].)  Connect to "localhost:1", where ":1" is the actual display number used by your VNC server.  Type in the password you gave when setting up the VNC server and you'll be connected.
 
  
When you're done with your VNC session, you can log out of your SSH session.
+
===Starting a Mac VNC Client===
 +
* Point your mouse on the Mac desktop (not on a mac app or window), and click to make sure the desktop is activated.
 +
* Press  '''&#8984; k'''
 +
* A ''Connect to Server'' window pops up.
 +
* In the empty field, type in the following:  '''vnc://localhost:5901'''  (or whichever ''port number'' you calculated from an earlier step.)
 +
* A ''Screen Sharing'' window will open.
 +
* Type in the password you gave when setting up the VNC server for ugradx
 +
* You are now connected, with the remote ugradx desktop now displayed securely on your local desktop.
  
=== Linux SSH Tunnels ===
+
==When you are finished with your VNC connection==
  
Linux's SSH client works almost exactly like OSX's, so you can follow the [[#Mac SSH Tunnels]] instructions, except that you will be using a different VNC client. If you don't have one installed already, you can try [http://www.tigervnc.com/ TigerVNC] or [http://www.gnome.org/projects/vinagre/ vinagre].
+
* Choose either ssh terminal window for which you have a connection to ''ugradx''
 +
* Run:  “vncserver -kill :1”  (for the :number, use the display number from the earlier steps.)
 +
* Close your VNC client on your local system.
 +
* Close your SSH terminals.
  
 
[[Category:Linux Clients]]
 
[[Category:Linux Clients]]
 
[[Category:Software]]
 
[[Category:Software]]
 
[[Category:Networking]]
 
[[Category:Networking]]
 +
[[Category:SSH]]

Latest revision as of 14:16, 15 March 2024

VNC (Virtual Network Computing) is supported as a method for remotely accessing our Linux Clients. Because VNC does not, by default, provide a securely encrypted network connection, you will need to tunnel your connections through SSH. Instructions for doing so are below.

Please keep in mind that our Linux clients are for everyone's use and graphical programs can use many system resources. Do not leave VNC sessions running unless you're actively using them. We reserve the right to terminate idle sessions in order to free up resources for others' use.

In the examples used below, we want to view the desktop of the remote system, ugradx by connecting as user joeuser.

First Steps... Starting the VNC Service on the Remote Computer

To start a VNC server on the remote Linux system from your own Windows, Mac,or Linux system:

  • Open Windows Powershell, Mac Terminal or Linux shell
  • ssh joeuser@ugradx.cs.jhu.edu
  • run “vncserver”
    • NOTE: If this is the first time you're running vncserver, the first thing it will do is prompt you to enter a new password that will be used in later steps when accessing from a vnc client. You will also be asked if this new password is for view-only. You may say "n" for "no". (Note that the password is needed because of the way VNC works. Anyone who can log in to the system can connect to any VNC session running on the system, regardless of who started that session. The password ensures that only you can use your sessions.)
  • Look for the line indicating a new desktop... New ugradx:1 (joeuser) desktop is ugradx:1 (or something similar.)
  • Notice what the number after the colon is. e.g. ugradx:1 We'll call the number following the : the display number. You might see a different number. That's ok. You'll need the display number you get for next step.
  • Add the display number you noticed in the prior step to value of 5900 to create a new port number for vncserver to use in later steps. For example, using :1 from the previous step, add that value of 1 to 5900 to get the new value of 5901. This is a port number, and we'll need this during the upcoming "tunneling-through-ssh" section.

Tunneling Your VNC Session through SSH

You must tunnel your VNC session through SSH for remote access to our our CS Linux computers so that your session is secured. To connect to the remote linux system, you will have to set up an SSH TCP tunnel to the port the server is listening on. That port number is 5900 plus the X display number, so it will most often be port 5901, as in our earlier example.

The following steps to set up tunneling should work with Windows, Mac, and Linux clients.

On your local system:

  • Open a new terminal (leaving the other terminal you ran earlier to start "vncserver" still open and running.)
  • From the new terminal, run ssh -L 5901:localhost:5901 joeuser@ugradx.cs.jhu.edu and log in as you normally would to ugradx. (Remember, use the port number you came up with in the earlier steps.)

The tunnel is now set. Onto starting the vnc-type client on your local system...

Starting the VNC client on your Local system


IMPORTANT: Leave those two ssh sessions from earlier running.

Starting a Windows or Linux VNC Client

  • Open your Windows or Linux VNC client on your local system. (If you don't have a VNC client, try TigerVNC and the following steps will assume you're using TigerVNC.)
  • Connect to "localhost:1", where ":1" is the actual display number used by your VNC server. You might've used a different display number in earlier steps. And for this step, you do not need the 590x part.
  • Type in the password you gave when setting up the VNC server for ugradx
  • You are now connected, with the remote ugradx desktop now displayed securely on your local desktop.


Starting a Mac VNC Client

  • Point your mouse on the Mac desktop (not on a mac app or window), and click to make sure the desktop is activated.
  • Press ⌘ k
  • A Connect to Server window pops up.
  • In the empty field, type in the following: vnc://localhost:5901 (or whichever port number you calculated from an earlier step.)
  • A Screen Sharing window will open.
  • Type in the password you gave when setting up the VNC server for ugradx
  • You are now connected, with the remote ugradx desktop now displayed securely on your local desktop.

When you are finished with your VNC connection

  • Choose either ssh terminal window for which you have a connection to ugradx
  • Run: “vncserver -kill :1” (for the :number, use the display number from the earlier steps.)
  • Close your VNC client on your local system.
  • Close your SSH terminals.