VNC over SSH: Difference between revisions

From Alteeve Wiki
Jump to navigation Jump to search
(Created page with "{{howto_header}} This tutorial covers setting up VNC over SSH on EL8.3+ (RHEL 8, CentOS Stream 8, etc). and EL9. {{note|1=Make sure all <span class="code">admin</span> users are logged out (Gnome and terminal). There is a bug we don't know the source of yet that can break the ability to log into gnome.}} = VNC Server Setup = SSH into the Striker dashboard as the root user. <syntaxhighlight lang="bash"> dnf install tigervnc-server </syntaxhighlight> <syntaxh...")
 
No edit summary
 
Line 3: Line 3:
This tutorial covers setting up VNC over SSH on [[EL8]].3+ (RHEL 8, CentOS Stream 8, etc). and EL9.
This tutorial covers setting up VNC over SSH on [[EL8]].3+ (RHEL 8, CentOS Stream 8, etc). and EL9.


{{note|1=Make sure all <span class="code">admin</span> users are logged out (Gnome and terminal). There is a bug we don't know the source of yet that can break the ability to log into gnome.}}
{{note|1=Make sure all <span class="code">vncadmin</span> users are logged out (Gnome and terminal). There is a bug we don't know the source of yet that can break the ability to log into gnome.}}


= VNC Server Setup =
= VNC Server Setup =
Line 68: Line 68:
</syntaxhighlight>
</syntaxhighlight>


Edit <span class="code">/etc/tigervnc/vncserver.users</span> to enable the <span class="code">admin</span> access via VNC.
Edit <span class="code">/etc/tigervnc/vncserver.users</span> to enable the <span class="code">vncadmin</span> access via VNC.


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
Line 81: Line 81:
  # :3=lisa
  # :3=lisa
-
-
+:2=admin
+:2=vncadmin
</syntaxhighlight>
</syntaxhighlight>


Line 133: Line 133:
|}
|}


Switch to the <span class="code">admin</span> user.
{{note|1=You may need to create the <span class="code">vncadmin</span> system user before proceeding.}}
 
Switch to the <span class="code">vncadmin</span> user.


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
su - admin
su - vncadmin
</syntaxhighlight>
</syntaxhighlight>
<syntaxhighlight lang="text">
<syntaxhighlight lang="text">
Line 183: Line 185:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
ssh -L 5902:localhost:5902 admin@an-striker01
ssh -L 5902:localhost:5902 vncadmin@an-striker01
</syntaxhighlight>
</syntaxhighlight>


Line 203: Line 205:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
ssh -L 5902:localhost:5902 admin@an-striker01
ssh -L 5902:localhost:5902 vncadmin@an-striker01
</syntaxhighlight>
</syntaxhighlight>



Latest revision as of 18:25, 29 February 2024

 AN!Wiki :: How To :: VNC over SSH

This tutorial covers setting up VNC over SSH on EL8.3+ (RHEL 8, CentOS Stream 8, etc). and EL9.

Note: Make sure all vncadmin users are logged out (Gnome and terminal). There is a bug we don't know the source of yet that can break the ability to log into gnome.

VNC Server Setup

SSH into the Striker dashboard as the root user.

dnf install tigervnc-server
Last metadata expiration check: 0:19:19 ago on Wed 17 Aug 2022 12:06:35 PM EDT.
Dependencies resolved.
==============================================================================================================
 Package                             Architecture       Version                   Repository             Size
==============================================================================================================
Installing:
 tigervnc-server                     x86_64             1.12.0-5.el8              appstream             285 k
Installing dependencies:
 tigervnc-license                    noarch             1.12.0-5.el8              appstream              40 k
 tigervnc-selinux                    noarch             1.12.0-5.el8              appstream              48 k
 tigervnc-server-minimal             x86_64             1.12.0-5.el8              appstream             1.1 M

Transaction Summary
==============================================================================================================
Install  4 Packages

Total download size: 1.5 M
Installed size: 3.4 M
Is this ok [y/N]: y
Downloading Packages:
(1/4): tigervnc-license-1.12.0-5.el8.noarch.rpm                               223 kB/s |  40 kB     00:00    
(2/4): tigervnc-selinux-1.12.0-5.el8.noarch.rpm                               216 kB/s |  48 kB     00:00    
(3/4): tigervnc-server-1.12.0-5.el8.x86_64.rpm                                982 kB/s | 285 kB     00:00    
(4/4): tigervnc-server-minimal-1.12.0-5.el8.x86_64.rpm                        4.9 MB/s | 1.1 MB     00:00    
--------------------------------------------------------------------------------------------------------------
Total                                                                         2.7 MB/s | 1.5 MB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                      1/1 
  Running scriptlet: tigervnc-selinux-1.12.0-5.el8.noarch                                                 1/4 
  Installing       : tigervnc-selinux-1.12.0-5.el8.noarch                                                 1/4 
  Running scriptlet: tigervnc-selinux-1.12.0-5.el8.noarch                                                 1/4 
  Installing       : tigervnc-license-1.12.0-5.el8.noarch                                                 2/4 
  Installing       : tigervnc-server-minimal-1.12.0-5.el8.x86_64                                          3/4 
  Installing       : tigervnc-server-1.12.0-5.el8.x86_64                                                  4/4 
  Running scriptlet: tigervnc-server-1.12.0-5.el8.x86_64                                                  4/4 
  Verifying        : tigervnc-license-1.12.0-5.el8.noarch                                                 1/4 
  Verifying        : tigervnc-selinux-1.12.0-5.el8.noarch                                                 2/4 
  Verifying        : tigervnc-server-1.12.0-5.el8.x86_64                                                  3/4 
  Verifying        : tigervnc-server-minimal-1.12.0-5.el8.x86_64                                          4/4 

Installed:
  tigervnc-license-1.12.0-5.el8.noarch               tigervnc-selinux-1.12.0-5.el8.noarch                     
  tigervnc-server-1.12.0-5.el8.x86_64                tigervnc-server-minimal-1.12.0-5.el8.x86_64              

Complete!

Edit /etc/tigervnc/vncserver.users to enable the vncadmin access via VNC.

diff -u /root/vncserver.users /etc/tigervnc/vncserver.users
--- /root/vncserver.users	2022-08-17 13:59:09.924844674 -0400
+++ /etc/tigervnc/vncserver.users	2022-08-17 14:02:37.893980059 -0400
@@ -5,4 +5,4 @@
 #
 # :2=andrew
 # :3=lisa
-
+:2=vncadmin
Note: If you want the VNC access to work without SSH (normal use), comment-out or delete the "localhost" line.

Now edit to enable defaults.

diff -u /root/vncserver-config-mandatory /etc/tigervnc/vncserver-config-mandatory
--- /root/vncserver-config-mandatory	2022-08-17 13:53:31.861747957 -0400
+++ /etc/tigervnc/vncserver-config-mandatory	2022-08-17 13:58:45.678479131 -0400
@@ -9,8 +9,8 @@
 # Several common settings are shown below. Uncomment and modify to your
 # liking.
 
-# session=gnome
-# securitytypes=vncauth,tlsvnc
-# geometry=2000x1200
-# localhost
-# alwaysshared
+session=gnome
+securitytypes=vncauth,tlsvnc
+geometry=1920x1080
+localhost
+alwaysshared
Variables Description
session Is set to a valid Xsession name as per configuration files in /usr/share/xsessions/
securitytypes Denotes the authentication options presented to clients
desktop Sets the name of the desktop session displayed by various components, including the vnc client
geometry Denotes the aspect ratio and native resolution of the session
localhost Denotes the host to which the server will bind
alwaysshared Sets all incoming connections as shared, regardless of client settings
Note: You may need to create the vncadmin system user before proceeding.

Switch to the vncadmin user.

su - vncadmin
Last login: Wed Aug 17 12:13:44 EDT 2022 on tty2
[admin@an-striker01 ~]$

Now run vncpasswd and enter the password you will use to connect.

vncpasswd
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
A view-only password is not used

Exit back to the root user.

exit
logout
[root@an-striker01 ~]#

Now enable the daemon;

systemctl enable --now vncserver@:2.service
Created symlink /etc/systemd/system/multi-user.target.wants/vncserver@:2.service → /usr/lib/systemd/system/vncserver@.service.

Connect

Now you can try to connect!

If connecting directly to the target

Open the tunnel;

ssh -L 5902:localhost:5902 vncadmin@an-striker01

Then on the local machine, run tigervnc, then connect to localhost:2:

If connection via a gateway ssh machine

Connect to the gateway;

  • The initial 5903 is used if the source computer is already using 5902. If not, 5902 can be used. The next available port opened by default when firewalld is told to enable the vnc-server service. The 590 is then dropped, and 3 will be used for the localhost:3 later. Or you can use the full 5903.
  • The 5902 is the VNC port the target is listening on.
  • The 2502 is the port forward setup by the target's firewall port forwarding, and could be 22 or whatever other port the target setup.
ssh -L 5903:localhost:5902 root@gateway.example.com -p 2502

Then from the gateway, connect to the target;

ssh -L 5902:localhost:5902 vncadmin@an-striker01
  • The localhost:5903 uses the same port as the initial call above. You could use localhost:3 as well.

Then on the local machine, run tigervnc, then connect to localhost:5903:


 

Any questions, feedback, advice, complaints or meanderings are welcome.
Alteeve's Niche! Enterprise Support:
Alteeve Support
Community Support
© Alteeve's Niche! Inc. 1997-2024   Anvil! "Intelligent Availability®" Platform
legal stuff: All info is provided "As-Is". Do not use anything here unless you are willing and able to take responsibility for your own actions.