Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this example we are screen sharing a Red Hat Enterprise Linux 7 server from a macOS client.  VNC is inherently not a secure protocol.  VNC passwords often goes thru clear text or no password at all (think telnet and ftp).  SSH can be used to help secure your VNC connection from end to end.

Table of Contents

Initial password setup

SSH to the server to set your VNC password, the view-only password is optional. NOTE this password should be treated as an insecure password and should not be re-used elsewhere.

Code Block
$ vncpasswd
Password:
Verify:
Would you like to enter a view-only password (y/n)? y
Password:
Verify:

Starting the VNC service

IMPORTANT: The password needs to be set before the service will start successfully. 

...

  1. Find the numerical value associated with your username (i.e. 3 for jhaase): 

    Code Block
    cat /etc/tigervnc/vncserver.users


  2. Find the service associated with the numerical value (i.e. vncserver@:3.service for jhaase): 

    Code Block
    ls -l /etc/systemd/system/multi-user.target.wants


  3. Check if the service is running: 

    Code Block
    $ systemctl status vncserver@:3.service
    ● vncserver@:3.service - Remote desktop service (VNC)
       Loaded: loaded (/usr/lib/systemd/system/vncserver@.service; enabled; vendor preset: disabled)
       Active: active (running) since Wed 2022-07-27 17:16:53 PDT; 31min ago
     Main PID: 2192 (vncsession)
        Tasks: 0 (limit: 3196277)
       Memory: 2.0M
       CGroup: /system.slice/system-vncserver.slice/vncserver@:3.service
               ‣ 2192 /usr/sbin/vncsession wcwong :3
    
    Jul 27 17:16:51 moho systemd[1]: Starting Remote desktop service (VNC)...
    Jul 27 17:16:53 moho systemd[1]: Started Remote desktop service (VNC).

    Looking for "active (running)" in the Active line. 

  4. If the service is not running: 

    Code Block
    $ systemctl start vncserver@:3.service
    ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ====
    Authentication is required to start 'vncserver@:3.service'.
    Authenticating as: jhaase
    Password: 
    ==== AUTHENTICATION COMPLETE ====
    $

    Where the "Password:" is asking for your AD password for your user account.

  5. If the service refuses to start, run this command in your SSH session into the server: 

    Code Block
    sudo systemctl restart gdm


Bug reference https://bugzilla.redhat.com/show_bug.cgi?id=667764

Connecting

From the

...

Server

  1. Issue the following "lsof" command to determine which port the VNC server is set to use.  In most cases VNC uses port in the 5900 range.  The example below shows it using port 5903.


    Code Block
    $ sudo lsof -i -P | grep -i "listen"
    
    Xvnc 1793 igpp 9u IPv4 10810 0t0 TCP *:5903 (LISTEN)
    Xvnc 1793 igpp 10u IPv6 10811 0t0 TCP *:5903 (LISTEN)
    $



From the Local Client

  1. On your local client machine, create the tunnel with the port number obtained above. SSH to the server with the following command.  The -C flag is optional for compression. Replace <username> with your username. Replace <servername> with name of the server. 

    Code Block
    ssh -C -L 5903:localhost:5903 <username>@<servername>.ucsd.edu


  2. Once the ssh tunnel is established you can launch Screen Sharing via the Terminal or from the Finder
    via TerminalFinder 

    from a NEW local terminal


    Code Block
    $ open vnc://localhost:5903

    or


    via Finder > Go > Connect to Server...



    enter vnc://localhost:5903



  3. When prompted provide your VNC password.  NOTE this password should be treated as an insecure password and should not be re-used elsewhere.

Image Modified