VNC, “Virtual Network Computing”, allows you to remotely access another computer’s graphical user interface. For most people, this is better than ssh, which is only a terminal (albeit sometimes a colorful one). I’m going to assume that everybody reading this has some Linux/unix experience, and knows how to use ssh.
The first step to using VNC is to ensure that there is something to view – you need to set up a desktop environment. Good candidates are xfce, gnome, and kde (I use gnome). If you have a slow computer with rendering problems, these might not work well (all of them can be kind of hard for a slow computer), so you might look into TWM. If you chose TWM, install it with
apt-get install twm
If you chose gnome, install it with
apt-get install gnome-session
You can also just run the command ‘aptitude’ and select what you want from the menus there. Once you think you’ve installed a desktop environment, you should probably plug a monitor in and make sure it works. This way, if there’s a problem later on, you won’t waste time trying to fix the wrong thing.
Now to set up the VNC server. Install Xtightvnc with aptitude. Once you’ve done that, you’ll want to make sure that the desktop manager will actually start on the appropriate display. I usually just type
scott@ogodei$ gdm :1 scott@ogodei$ vncserver :1
But you can also do the same thing by editing your configuration files in ~/.vnc.
At this point, you should be able to use a vnc client to log into your server. I use “chicken of the VNC” on macs, and a publicly available Java applet on PCs (google “java applet vnc client”). But wait! This is not secure. First of all, anybody can steal your VNC connection by trying to VNC in after you are already in. If they do this, they will be logged in, possibly with heightened privileges. To fix this, run vncpasswd to set a password for access to vnc (I generally use my account password). You probably want to answer ‘yes’ when it asks if you also want to enter a view-only password.
Your connection is still not quite secure. VNC is unencrypted, which means that anybody can snoop in on your connection and watch what’s happening if they have access to the line in between you and the server (very easy to get) and the right software (a modified vnc server will do). Even requiring entry of your password does not encrypt the connection – as a matter of fact, that password is also sent unencrypted. Therefore, you will want to ‘tunnel’ your VNC connection through SSH, which is secure.
Starting ssh with a tunneled connection is done as follows (on Linux and Mac)
ssh -L5900:quentin:5900 scott@quentin
On windows, with PuTTY, find the ‘tunnel’ option near the bottom left of the new connection screen, and set it up as appropriate.
What this does is it forwards everything involving the client computer’s port 5900 to the host computer’s port 5900. So localhost:5900 and quentin:5900 are the same, except the first is an encrypted connection. (The 5900 means display 0. 5901 is :1, 5902 is :2, etc….) Now start up your VNC server, and instead of connection to the host computer, attempt to VNC into localhost:0. It will tunnel the connection to your server, and the connection will be encrypted and secure!
Interesting note: I use VNC for one main purpose: to get a fancy terminal. I log into ssh with a plain old terminal, tunnel the appropriate port, log into VNC, create a full screen terminal, and set the transparency to be like 70%. If I pick a good desktop background, I get a beautiful, highly customizable terminal!
Related posts:
