|
|
| Line 1: |
Line 1: |
| {{howto_header}}
| | #REDIRECT [[Build an M3 Anvil! Cluster]] |
| | |
| This tutorial covers setting up VNC over SSH on [[EL8]].3+ (RHEL 8, CentOS Stream 8, etc). and EL9.
| |
| | |
| {{note|1=Make sure all <span class="code">vncadmin</span> users are logged out (Gnome and terminal). There is a bug we don't know the source of yet that can break the ability to log into gnome.}}
| |
| | |
| = VNC Server Setup =
| |
| | |
| SSH into the [[Striker]] dashboard as the root user.
| |
| | |
| <syntaxhighlight lang="bash">
| |
| dnf install tigervnc-server
| |
| </syntaxhighlight>
| |
| <syntaxhighlight lang="text">
| |
| Last metadata expiration check: 0:19:19 ago on Wed 17 Aug 2022 12:06:35 PM EDT.
| |
| Dependencies resolved.
| |
| ==============================================================================================================
| |
| Package Architecture Version Repository Size
| |
| ==============================================================================================================
| |
| Installing:
| |
| tigervnc-server x86_64 1.12.0-5.el8 appstream 285 k
| |
| Installing dependencies:
| |
| tigervnc-license noarch 1.12.0-5.el8 appstream 40 k
| |
| tigervnc-selinux noarch 1.12.0-5.el8 appstream 48 k
| |
| tigervnc-server-minimal x86_64 1.12.0-5.el8 appstream 1.1 M
| |
| | |
| Transaction Summary
| |
| ==============================================================================================================
| |
| Install 4 Packages
| |
| | |
| Total download size: 1.5 M
| |
| Installed size: 3.4 M
| |
| </syntaxhighlight>
| |
| <syntaxhighlight lang="bash">
| |
| Is this ok [y/N]: y
| |
| </syntaxhighlight>
| |
| <syntaxhighlight lang="text">
| |
| Downloading Packages:
| |
| (1/4): tigervnc-license-1.12.0-5.el8.noarch.rpm 223 kB/s | 40 kB 00:00
| |
| (2/4): tigervnc-selinux-1.12.0-5.el8.noarch.rpm 216 kB/s | 48 kB 00:00
| |
| (3/4): tigervnc-server-1.12.0-5.el8.x86_64.rpm 982 kB/s | 285 kB 00:00
| |
| (4/4): tigervnc-server-minimal-1.12.0-5.el8.x86_64.rpm 4.9 MB/s | 1.1 MB 00:00
| |
| --------------------------------------------------------------------------------------------------------------
| |
| Total 2.7 MB/s | 1.5 MB 00:00
| |
| Running transaction check
| |
| Transaction check succeeded.
| |
| Running transaction test
| |
| Transaction test succeeded.
| |
| Running transaction
| |
| Preparing : 1/1
| |
| Running scriptlet: tigervnc-selinux-1.12.0-5.el8.noarch 1/4
| |
| Installing : tigervnc-selinux-1.12.0-5.el8.noarch 1/4
| |
| Running scriptlet: tigervnc-selinux-1.12.0-5.el8.noarch 1/4
| |
| Installing : tigervnc-license-1.12.0-5.el8.noarch 2/4
| |
| Installing : tigervnc-server-minimal-1.12.0-5.el8.x86_64 3/4
| |
| Installing : tigervnc-server-1.12.0-5.el8.x86_64 4/4
| |
| Running scriptlet: tigervnc-server-1.12.0-5.el8.x86_64 4/4
| |
| Verifying : tigervnc-license-1.12.0-5.el8.noarch 1/4
| |
| Verifying : tigervnc-selinux-1.12.0-5.el8.noarch 2/4
| |
| Verifying : tigervnc-server-1.12.0-5.el8.x86_64 3/4
| |
| Verifying : tigervnc-server-minimal-1.12.0-5.el8.x86_64 4/4
| |
| | |
| Installed:
| |
| tigervnc-license-1.12.0-5.el8.noarch tigervnc-selinux-1.12.0-5.el8.noarch
| |
| tigervnc-server-1.12.0-5.el8.x86_64 tigervnc-server-minimal-1.12.0-5.el8.x86_64
| |
| | |
| Complete!
| |
| </syntaxhighlight>
| |
| | |
| Edit <span class="code">/etc/tigervnc/vncserver.users</span> to enable the <span class="code">vncadmin</span> access via VNC.
| |
| | |
| <syntaxhighlight lang="bash">
| |
| diff -u /root/vncserver.users /etc/tigervnc/vncserver.users
| |
| </syntaxhighlight>
| |
| <syntaxhighlight lang="diff">
| |
| --- /root/vncserver.users 2022-08-17 13:59:09.924844674 -0400
| |
| +++ /etc/tigervnc/vncserver.users 2022-08-17 14:02:37.893980059 -0400
| |
| @@ -5,4 +5,4 @@
| |
| #
| |
| # :2=andrew
| |
| # :3=lisa
| |
| -
| |
| +:2=vncadmin
| |
| </syntaxhighlight>
| |
| | |
| {{note|1=If you want the VNC access to work without SSH (normal use), comment-out or delete the "<span class="code">localhost</span>" line.}}
| |
| | |
| Now edit <span class="code"></span> to enable defaults.
| |
| | |
| <syntaxhighlight lang="bash">
| |
| diff -u /root/vncserver-config-mandatory /etc/tigervnc/vncserver-config-mandatory
| |
| </syntaxhighlight>
| |
| <syntaxhighlight lang="diff">
| |
| --- /root/vncserver-config-mandatory 2022-08-17 13:53:31.861747957 -0400
| |
| +++ /etc/tigervnc/vncserver-config-mandatory 2022-08-17 13:58:45.678479131 -0400
| |
| @@ -9,8 +9,8 @@
| |
| # Several common settings are shown below. Uncomment and modify to your
| |
| # liking.
| |
|
| |
| -# session=gnome
| |
| -# securitytypes=vncauth,tlsvnc
| |
| -# geometry=2000x1200
| |
| -# localhost
| |
| -# alwaysshared
| |
| +session=gnome
| |
| +securitytypes=vncauth,tlsvnc
| |
| +geometry=1920x1080
| |
| +localhost
| |
| +alwaysshared
| |
| </syntaxhighlight>
| |
| | |
| {| class="wikitable" style="margin:auto"
| |
| !Variables
| |
| !Description | |
| |-
| |
| |class="span"|session
| |
| |Is set to a valid Xsession name as per configuration files in /usr/share/xsessions/
| |
| |-
| |
| |class="span"|securitytypes
| |
| |Denotes the authentication options presented to clients
| |
| |-
| |
| |class="span"|desktop
| |
| |Sets the name of the desktop session displayed by various components, including the vnc client
| |
| |-
| |
| |class="span"|geometry
| |
| |Denotes the aspect ratio and native resolution of the session
| |
| |-
| |
| |class="span"|localhost
| |
| |Denotes the host to which the server will bind
| |
| |-
| |
| |class="span"|alwaysshared
| |
| |Sets all incoming connections as shared, regardless of client settings
| |
| |}
| |
| | |
| {{note|1=You may need to create the <span class="code">vncadmin</span> system user before proceeding.}}
| |
| | |
| Switch to the <span class="code">vncadmin</span> user.
| |
| | |
| <syntaxhighlight lang="bash">
| |
| su - vncadmin
| |
| </syntaxhighlight>
| |
| <syntaxhighlight lang="text">
| |
| Last login: Wed Aug 17 12:13:44 EDT 2022 on tty2
| |
| [admin@an-striker01 ~]$
| |
| </syntaxhighlight>
| |
| | |
| Now run <span class="code">vncpasswd</span> and enter the password you will use to connect.
| |
| | |
| <syntaxhighlight lang="bash">
| |
| vncpasswd
| |
| </syntaxhighlight>
| |
| <syntaxhighlight lang="text">
| |
| Password:
| |
| Verify:
| |
| Would you like to enter a view-only password (y/n)? n
| |
| A view-only password is not used
| |
| </syntaxhighlight>
| |
| | |
| Exit back to the <span class="code">root</span> user.
| |
| | |
| <syntaxhighlight lang="bash">
| |
| exit
| |
| </syntaxhighlight>
| |
| <syntaxhighlight lang="text">
| |
| logout
| |
| [root@an-striker01 ~]#
| |
| </syntaxhighlight>
| |
| | |
| Now enable the daemon;
| |
| | |
| <syntaxhighlight lang="bash">
| |
| systemctl enable --now vncserver@:2.service
| |
| </syntaxhighlight>
| |
| <syntaxhighlight lang="text">
| |
| Created symlink /etc/systemd/system/multi-user.target.wants/vncserver@:2.service → /usr/lib/systemd/system/vncserver@.service.
| |
| </syntaxhighlight>
| |
| | |
| = Connect =
| |
| | |
| Now you can try to connect!
| |
| | |
| == If connecting directly to the target ==
| |
| | |
| Open the tunnel;
| |
| | |
| <syntaxhighlight lang="bash">
| |
| ssh -L 5902:localhost:5902 vncadmin@an-striker01
| |
| </syntaxhighlight>
| |
| | |
| Then on the local machine, run <span class="code">tigervnc</span>, then connect to <span class="code">localhost:2</span>:
| |
| | |
| == If connection via a gateway ssh machine ==
| |
| | |
| Connect to the gateway;
| |
| | |
| * The initial <span class="code">5903</span> is used if the source computer is already using <span class="code">5902</span>. If not, <span class="code">5902</span> can be used. The next available port opened by default when firewalld is told to enable the <span class="code">vnc-server</span> service. The <span class="code">590</span> is then dropped, and <span class="code">3</span> will be used for the <span class="code">localhost:3</span> later. Or you can use the full <span class="code">5903</span>.
| |
| * The <span class="code">5902</span> is the VNC port the target is listening on.
| |
| * The <span class="code">2502</span> is the port forward setup by the target's firewall port forwarding, and could be <span class="code">22</span> or whatever other port the target setup.
| |
| | |
| <syntaxhighlight lang="bash">
| |
| ssh -L 5903:localhost:5902 root@gateway.example.com -p 2502
| |
| </syntaxhighlight>
| |
| | |
| Then from the gateway, connect to the target;
| |
| | |
| <syntaxhighlight lang="bash">
| |
| ssh -L 5902:localhost:5902 vncadmin@an-striker01
| |
| </syntaxhighlight>
| |
| | |
| * The <span class="code">localhost:5903</span> uses the same port as the initial call above. You could use <span class="code">localhost:3</span> as well.
| |
| | |
| Then on the local machine, run <span class="code">tigervnc</span>, then connect to <span class="code">localhost:5903</span>:
| |
| | |
| | |
| | |
| <span class="code"></span>
| |
| <syntaxhighlight lang="bash">
| |
| </syntaxhighlight>
| |
| <syntaxhighlight lang="text">
| |
| </syntaxhighlight>
| |
| | |
| {{footer}}
| |