xf4vnc

About	News	Download	Documentation

Documentation

Modular xf4vnc build/install instructions
xf4vnc Viewer information
Xvnc server
VNC X server plug-in module
Security
ssh tunneling

Xvnc server

Xvnc is the off-screen combined X/VNC server. This server does not use a graphics card and does not normally display anything. The only way to see this server's screen is by connecting to it with a VNC Viewer.

Download the Xvnc-4.3.0.x-<os>.gz file and unpack it with gunzip <filename>. Then run 'chmod +x' on that file to make it executable. This is now your X server. For more information on configuring Xvnc your probably better off looking at the tightVNC projects pages. Goto http://www.tightvnc.com. As for the vncviewer replacement, when specifying the modular encodings you need to add '.so' to load the real module. For example.

vncviewer :1 -encodings "hextile.so copyrect.so"

To see a list of configuration options for Xvnc, run Xvnc -h. The Xvnc server does not use a configuration file. All options are specified on the command line.

VNC X server plug-in module

With this method, the normal X server loads the VNC extension which allows your normal X server to act as a VNC server as well.

To install using the automated method:

Download your appropriate package from the download section.

Then unpack with 'tar xvzf pkgname.tar.gz'

Finally run the provided 'install.sh' script for installation instructions which is fully automated.

To install manually:

Copy the vnc.so-<os>-<version> to /usr/X11R6/lib/modules/vnc.so
Modify the xorg.conf or XF86Config-4 (or XF86Config) file with the modifications listed below......
Make sure you use the Option 'usevnc' to actually enable VNC on that device!!!!!

NOTE: your XFree86.0.log file will produce errors regarding the loading of rfbkeyb and the rfbmouse drivers. This can safely be ignored as these drivers are embedded within the vnc.so binary. You'll get something like this...

(II) LoadModule: "rfbmouse"
(WW) Warning, couldn't open module rfbmouse
(II) UnloadModule: "rfbmouse"
(EE) Failed to load module "rfbmouse" (module does not exist, 0)
(II) LoadModule: "rfbkeyb"
(WW) Warning, couldn't open module rfbkeyb
(II) UnloadModule: "rfbkeyb"
(EE) Failed to load module "rfbkeyb" (module does not exist, 0)
# Don't replace this section, add the the commands to your existing Section. Section "ServerLayout" .... InputDevice "vncMouse" "ExtraPointer" InputDevice "vncKeyboard" "ExtraKeyboard" .... EndSection # Don't replace this section, add the Load "vnc" line to your existing Section. Section "Module" ... Load "vnc" .... EndSection Section "InputDevice" # vncKeyboard: keyboard actions from vnc Identifier "vncKeyboard" Driver "rfbkeyb" EndSection Section "InputDevice" # vncMouse: mouse actions from vnc Identifier "vncMouse" Driver "rfbmouse" EndSection

Configuration options:

You can set these options in your X server's configuration file (typically /etc/X11/xorg.conf) to enable other features of the VNC module.

All these options should be placed in the Device section of the file.

# Enable the vnc service on this device, IMPORTANT!!!!!!!!!!!! Option "usevnc" # By default, no password is required for client connections. # The rfbauth option specifies the location of a password file to use for # authenticating viewers. #Option "rfbauth" "/root/.vnc/passwd" # The port to listen to for client connections. # 5900 corresponds to X server :0, 5901 corresponds to X server :1, etc. Option "rfbport" "5900" # Multi-viewer control options: # "nevershared" - only allow one (or zero) viewers/clients # "alwaysshared" - allow multiple viewers/clients (the default) Option "nevershared" # When "nevershared" is set, this option controls what happens when a second # client tries to connect. See "security" section below for details. Option "dontdisconnect" # View only session (disallows input from viewers) #Option "viewonly" # Enable these options to activate the http server. # This allows java-enabled web browsers to act as vnc viewers. # The VNC server will look in "httpdir" for the Java class files to send # to the viewer. Option "httpdir" "/usr/share/vnc/classes" Option "httpport" "5800" # For XEvents # The local user must accept the new connection. # An X application must be used to send the acceptance back to the server. # Using the extension library as detailed above. #Option "useraccept" # The options below are new in the 4.3.0 release # Only listen on the localhost interface #Option "localhost" # Listen for client connections on a specific network interface #Option "interface" "192.168.0.1" # If "loginauth" is set, the viewer will have to provide a username and # password that's valid on the server in order to connect. # This option was new in the 4.3.0.4 release #Option "loginauth"

Security

By default, any number of VNC viewers can connect to the X/VNC server without any authentication. It's usually desirable to set up some access restrictions.

The following options for the loadable VNC module can be used to control server access and interaction. For the Xvnc server, similar options may be specified with command line switches.

loginauth - when set, the VNC server will require viewers to provide a username/password that's a valid Unix account on the server.

Some VNC Viewers will use the current user's login name, or the login name specified by the "-user" command line option. Other viewers will prompt the user to enter a login name at connection time. The viewer will also prompt the user for a password. Note that the password will be sent unencrypted from the viewer to the server.

rfbauth - this option specifies a VNC password file (such as /root/.vnc/passwd). VNC Viewers will be required to provide the password stored in that file to access the server. The password can be set on the server with the 'vncpasswd' program (ie: "vncpasswd /root/.vnc/passwd"). There is no login name with this option.

If both loginauth and rfbauth are set, loginauth will be used.

nevershared, alwaysshared - these options control how many viewers can be connected at any time. nevershared allows only one viewer at a time. alwaysshared (the default) allows any number of viewers.

dontdisconnect - this option option controls what happens when a second client tries to connect when nevershared is set. If dontdisconnect is set, the first viewer will keep the connection, otherwise, the first viewer will be disconnected and the second viewer will "win".

viewonly - if set, the VNC server will ignore keyboard/mouse events from all viewers.

localhost - if set, only viewers running on the VNC server host will be allowed to connect.

interface - this option can be used to restrict connections to a particular network interface (specified by an IP number).

useraccept - ???

ssh tunneling

To further improve security and to access VNC servers through firewalls an ssh tunnel can be used to access a VNC server.

To setup an ssh tunnel from the localhost (where the vncviewer will be run) to the vnc server, a command like this is used:

    ssh -L 5900:localhost:5900 name@vncserverhost

Then, the vncviewer can be run with a command like this:

    ./vncviewer localhost::5900