"Virtual Network Computing (VNC) is a desktop protocol to remotely control another computer. It transmits the keyboard presses and mouse clicks from one computer to another relaying the screen updates back in the other direction, over a network." -WikiPedia-
This article describes in brief how to configure VNC server instances for one or multiple users on a remote machine, how to use VNC to start graphical applications on boot and finally how to enhance security by connecting to the server through encrypted SSH tunnels.
Prerequisites
A user account should exist on the remote machine.
The RPM packages vnc-server and vnc should be installed on the remote machine and your workstation respectively.
Setting up the server
I assume that we have setup a remote user account, named "leopard" and we want to start an X session through VNC for this user.
In Fedora Core or Red Hat based distros in general, all we have to do is define the VNC server instances in /etc/sysconfig/vncservers. These will be started by the vncserver initscript. This has to be done as root. Edit this file so that it contains the following:
VNCSERVERS="3:leopard" VNCSERVERARGS[3]="-geometry 1024x768 -depth 16"
With these we define that a vnc server instance should be started as user leopard on display 3 and we also set some options for this server such as resolution and color depth. Each VNC server instance listens on port 5900 plus the display number on which the server runs. In our case, leopard’s vnc server would listen on port 5903.
For multiple vnc instances /etc/sysconfig/vncservers would look like this:
VNCSERVERS="1:tiger 2:albatros 3:leopard" VNCSERVERARGS[1]="-geometry 1024x768 -depth 16" VNCSERVERARGS[2]="-geometry 800x600 -depth 8" VNCSERVERARGS[3]="-geometry 1024x768 -depth 16"
These would listen on ports 5901, 5902, 5903 respectively.
User Configuration
There is one more thing that needs to be done on the remote machine. User leopard’s vnc password needs to be set. So, as user leopard give the command:
# vncpasswd
We are prompted for a password. This is the password that we will use when we connect to leopard’s vnc server instance. This password is saved in /home/leopard/.vnc/passwd.
Start the VNC server
After the initial configuration is done we restart the vnc service. As root:
# service vncserver restart
To make VNC server to start on boot:
# chkconfig vncserver on
More User Configuration
After the VNC service is started, some new files are created in /home/leopard/.vnc/ directory. These include leopard’s vnc server log file, pid file and an X startup script. As user leopard we edit the script in order to customize some settings. The default /home/leopard/.vnc/xstartup script contains some commands that are executed when the VNC server is started. These include:
xsetroot -solid grey vncconfig -iconic & xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" & twm &
xsetroot in this case sets the background color.
vncconfig is a supplementary program that can be used to control the vnc server. Apart from this, when run without arguments it acts as a helper application and its main purpose is to provide support for clipboard transfers between the client (vncviewer) and the vnc server.
xterm starts an xterm terminal.
twm starts the X server’s default window manager. We probably want to change that to a more user friendly window manager, eg fluxbox.
The VNC server, apart from letting us control a remote machine using a graphical interface, it serves as a way to start graphical applications on boot. For example, I want my favourite p2p program, amule, to start on boot. So, I add this to the /home/leopard/.vnc/xstartup script. This is how my xstartup file looks like:
xsetroot -solid grey vncconfig -iconic & xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" -e ./menu & amule & fluxbox &
menu is a script of mine that is executed when xterm is started.
Remember to put the "&" symbol after each command, so that it goes to the background and the xstartup script continues on.
Restart the VNC service for the changes to take effect. As root:
# service vncserver restart
Connect to the VNC server
In our example, leopard’s vnc server listens for connections on port 5903. So, open this port in the remote machine’s firewall.
We connect to the remote machine using a vnc viewer. Having installed the vnc package, connect to to the server with the following command:
# vncviewer 192.168.0.1:5903:3
The general usage is :
vncviewer [Server's IP]:[Port]:[Display]
We are prompted for the password and eventually connect to the server. Closing the vncviewer’s window, does not affect the server or the programs we run on it. If we reconnect everything will be there.
Special Note: There is no need, actually it’s pointless and could give you some trouble, to logoff from your remote X session. If this happens, generally you need to restart the VNC service on the remote machine to get your remote desktop back. If you want to stop working on your remote desktop, just close the vncviewer’s window and you are done.
Security
The VNC protocol is not a secure communication protocol. The use of a vnc password provides security at the level of server access (it’s vulnerable to brute-force attacks though), but the whole VNC session is transmitted in the clear, without encryption. The easiest, but most effective, way to secure our connection to the VNC server is to connect through an encrypted SSH tunnel. This way the whole session will be encrypted.
The rest assume that you have the SSH server up and running on your remote machine (server.example.com) and you know what SSH tunnels are.
So, what we are going to do is to create an encrypted tunnel, and connect to our VNC server through it. We also want this tunnel to be automatically closed as soon as we shut down vncviewer. All this is done with the following command:
# ssh -f -L 25903:127.0.0.1:5903 leopard@server.example.com sleep 10; vncviewer 127.0.0.1:25903:3
This is what it does:
- -L 25903:127.0.0.1:5903 forwards our local port 25903 to port 5903 on the remote machine. In other words, it creates the tunnel.
- -f forks the SSH session to the background, while sleep is being executed on the remote machine. This ssh option is needed because we want to execute the following command (vncviewer) in the same local machine’s terminal.
- vncviewer connects to the forwarded local port 25903 in order to connect to the VNC server through the encrypted tunnel.
The sleep command is of major importance in the above line as it keeps the encrypted tunnel open for 10 seconds. If no application uses it during this period of time, then it’s closed. Contrariwise, if an application uses it during the 10 sec period, then the tunnel remains open until this application is shut down. This way the tunnel is automatically closed at the time we close vncviewer’s window, without leaving any SSH processes running on our workstation. This is pure convenience! More information can be found at the Auto-closing SSH Tunnels article.
Using SSH tunnels to conect to your VNC server has two advantages:
- The whole session is encrypted.
- Keeping port 5903 open on your remote machine is no longer needed, since all take place through the SSH tunnel. So, noone will know that you run a VNC server on the remote machine.
Further Reading
I recommend that you read the man pages. Everything is in there:
# man vncserver # man Xvnc # man vncconfig # man vncviewer # man ssh
Set up the VNC Server in Fedora by George Notaras is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Copyright © 2005 - Some Rights Reserved
I utilize vnc for years now and want to point out that there are some other implementations, such as tightvnc[1] or ultravnc[2], works better regarding bandwidth usage,visualisation or feature richness.
[1] http://www.tightvnc.com/
[2] http://ultravnc.sourceforge.net/
polarizers 2cent
http://www.codixx.de/polarizer.html
If you want a ‘Terminal Services’ like login interface. I suggest you try out VNC Session Manager. It supports creating new sessions, and disconnecting from them (and later reconnecting), etc.
Or maybe it would be better to drop an eye on NX technology?
http://nomachine.com
Or on its free implementation at freeNX[1]
[1] http://freenx.berlios.de/
polarizers 2cent
http://www.codixx.de/polarizer.html
polarizer:
Probably, I should have included those links in my post, but I’m glad you posted them. I have tried these VNC implementations myself, they work very well and they certainly have advantages over the original VNC. I wrote this small article because VNC is what comes with the Fedora installation media, so this is the new user’s first acquaintance with remote computing.
Norman Rasmussen:
Your VNC Session Manager sounds very nice! I’ll give it a try in the next days.
Bogdan Mustiata:
Right! I too believe that the NX technology is the future in remote computing. Less consumed bandwidth, native encryption support etc.
Creating an ssh tunnel is an unnecessary step. Read the vncview man page section on the ‘via’ option. Running ‘vncviewer -via machine.running.vncserver localhost:2’ will have vncviewer create the ssh tunnel for you. I find it particularly useful for accessing my sessions through a firewall since I can do ‘vncviewer -via mybastion.host mydesktop:2’
I’m also suprised you don’t mention that vnc support is built into gnome. If you go into your menu items: Desktop -> Preferences -> Remote Desktop you can gain remote access to your gnome session running on the console. Not exactly the same as what you’re describing, but useful, nonetheless.
I’m interested in having my vncserver session run my default gnome desktop. Has anyone sussed out the details on making that happen?
brunson:
You are right. Maybe I should have mentioned this one too. Anyway, the method to create the ssh tunnel and execute vncviewer I describe in this post is what probably happens behind the scenes when using the -via option. I wanted to emphasize it, as it can be used with other applications, which do not have native ability to start an ssh tunnel. The goal is to have the ssh tunnel automatically closed at the time the application, which uses it, is closed, so that the user does not have to kill the ssh process manually. Both these ways do this. The method you mentioned is quicker though, as it requires less typing :-)
Describing how to use GNOME’s VNC server implementation (Vino) was not the point of this post. Although it’s very convenient, it requires that a resource-hungry GNOME session is running on the remote machine. I also think that using vnc-server instead of vino provides more flexibility.
To start a gnome session through vnc you could try adding the following in the
~/.vnc/xstartupfile:exec /usr/bin/gnome-session &But, I think you should try a lightweight WM like fluxbox. I’m sure you will like it.
VNC really handy and if you are going thru a dial-up authentication server to DHCP you can tunnel (port forward) your session from ‘locahost’ and set compression ‘on’ with ssh for example:
$ssh -C -o CompressionLevel=9 -L 5900:locahost:5900 username@remotehost.com
Then, invoking vncviewer with locahost:5900 tunnel encrypts (and compresses!) the connection, which makes a BIG difference over POTS.
But here’s something even BETTER.
http://www.novell.com/coolsolutions/feature/16247.html
What’s funny is the ‘Warning’ on the website: “Once you’ve used NX you’ll NEVER GO BACK to VNC…”
I am using the FreeNX nxserver on SuSE 10.0 with an nxclient for Linux and Windows and it is AWESOME in terms of screen writes, you can’t tell the difference from a local screen session and it passes thru sound to your remote client too! Nothing comes close to it. Best thing since ‘sliced bread’.
Try NX! (But don’t throw away VNC) ;)
P.S.
I’ve used Fedora Core since version 1. So don’t flame the Novell SuSE reference!!
Thanks for your comment, Dietrich.
I’m not the type of person that would start a flame about two major distributions :-) I had downloaded OpenSUSE 10 at the time it was released, but didn’t have the time to check it out. The same goes with Ubuntu 5.10. They are great pieces of work, but I’m stuck with Fedora Core.
Sure, compression is a great feature and it limits bandwidth usage, very useful with dial-up connections. The
-Coption enables compression for protocols 1 and 2. However, the-o CompressionLevel=9option applies only for connections using the SSH-1 protocol. At least, this is what the man page says. I’m not aware of how the compression level is handled with SSH-2.The Novel guide for setting up a FreeNX server, with the outstanding warning :-), looks very good, but I don’t have a SUSE installation to try this out. For Fedora users there is a great article at FedoraNews.org:
http://fedoranews.org/contributors/rick_stout/freenx/
I haven’t tried this either due to lack of free time.
Hi,
Nice tutorial. Thanks for writing it. I have a question on using the sleep command while putting the ssh session on the background (-f). I don’t really understand this part. Shouldn’t the ssh session be running “sleep 10” on the background? That is, isn’t SLEEP counting 10 seconds on the background? and as soon as it reaches 10 it will resume and thus the tunnel will brake? I used your line and it works great…it’s just that I really don’t quite get it.
I’ll apprecaite your comments!
Thanks again,
Jorge
Thanks, Jorge.
I’ll begin with the forking of the SSH session to the background, because this is what it’s all about.
If the
-foption is not used:# ssh -L 25903:127.0.0.1:5903 leopard@server.example.comWe actually create the tunnel, but at the same time we login to the remote shell. In this case, it’s necessary to open another local terminal in order to execute vncviewer. This is unconvenient.
By using the
-foption we avoid logging into our remote machine’s shell, so we remain at our local terminal and can execute commands locally. But the use of this option needs one of the following things:– we have to execute a command on the remote machine, otherwise
-fdoes not work– or we have to use the
-Noption together with-f. This way there is no need to execute any commands on the remote machine. This has one major disadvantage which I’ll explain later.So, the question is "which command should we execute on the remote machine when using the
-foption?". We do not need to start any particular process, we just want to start an SSH tunnel. This is where the sleep command comes really handy, because:– It does nothing
– It can be set to give us enough time to start another process at our local machine which will use the SSH tunnel.
So, we start the tunnel with the following command:
# ssh -f -L 25903:127.0.0.1:5903 leopard@server.example.com sleep 10Executing the following command before the 10 seconds pass,
# ps ax | grep ssh | grep -v grepwe see that an SSH process runs in the background. After the 10 seconds pass, the last command shows no output. This means that sleep was executed on the remote machine for 10 seconds and then the SSH process ended, closing the tunnel at the same time.
If we execute vncviewer in a way that it connects to the server through the SSH tunnel before the 10 seconds pass, then the SSH process we had previously started does not end after the 10 secs, because the tunnel it had created is being used by another process, vncviewer in this case.
If we close vncviewer, then the tunnel is not being used any more. The SSH process we had previously started does not have any more jobs to do. It has completed its task, the execution of the sleep command, so it now ends together with vncviewer.
The following command on the local machine confirms that:
# ps ax | grep ssh | grep -v grepI had mentioned the
-Noption before. This makes it possible to use the-foption without executing any commands on the remote machine. So, we could have started the tunnel with this:# ssh -f -N -L 25903:127.0.0.1:5903 leopard@server.example.comThe only advantage of its use is that we can start an SSH tunnel without leaving our current local terminal, so we can execute other commands from our local machine. However, the drawback is that this SSH process runs forever. It would never close automatically, meaning the the user has to kill it. That’s why it’s not convenient.
It had taken me some time to figure all this out. Recently I discovered that this way of starting an SSH tunnel is documented in the OpenSSH FAQ. I must have been blind not noticing it when I was trying to figure these things out.
I wrote this very fast. I hope this helps.
Thanks for that excellent explanation George. I got it now :)
Jorge
Similar to what has been discusssed here, see this web page for how to easily setup VNC as a service with xinetd. With this method, you will first see your login manager (gdm, kdm, etc.).
http://wiki.ltsp.org/twiki/bin/view/Ltsp/VNC
Gotta crack holes in iptables for this? Seems that way… anybody have a guide?
Andrew Z:
This is another interesting way of setting up the VNC server. A similar discussion for fedora users exists in this fedoraforum thread.
Andy E:
Not necessarily. I think you can still connect to these services through SSH tunnels. Anyway, some useful iptables howtos can be found at the http://netfilter.org/documentation/index.html
It is an excellent guide
Wanted to include a note for any newbs out there that firewall setup under Fedora Core 4 requires the use of the “iptables” function… which I believe is enabled by default and blocks port 5900-5903. I realize this is a duplicate of Andy E’s earlier comment, but hopefully this will save others from my painful road of discovery.
I’d recommend reading more at http://netfilter.org/documentation/index.html . The commands that worked for me are included below: (I can now use “vncviewer” to access my FC4 vncserver from anywhere in my 192.168.x.x subnet)
DISCLAIMER: I have a private 192.168.x.x subnet so I’m not paranoid about security. I would **NOT** recommend exposing 5900-5903 to the internet; that’s just asking for trouble. (use the SSH techniques described above instead)
$ su root# /sbin/iptables -I INPUT -p tcp --destination-port 5900:5903 -j ACCEPT
# mv /etc/sysconfig/iptables /etc/sysconfig/iptables.backup
# /sbin/iptables-save > /etc/sysconfig/iptables
Thanks for your input, James. The kind of comments I like! :-)
After about an hour of messing with VNC settings, I read somewhere that the $home/.vnc/xstartup needs to be executable by the server (744 or 755). That fixed my problem. But other than that, AWESOME walkthrough. Thanks a lot!!!
Yes, since
xstartupis a script, it should have the executable bit enabled, but I think you are right and this should be clarified in the article. Thanks for your feedback.Excellent article. Well written. Thanks.
Is there a way to disable vncviewer creating persistant desktop. i.e I want to
close the vnc desktop when I logout.
Currently If I close the window & reconnect again I do get the screen with no gnome menus.
I have to restart the vncserver to see the screen correctly.
Kumar
Logging out of a VNC session has no point. To completely shut down the VNC session, you need to stop the
vncserverservice. Please read the Special Note in the above document.There are other configurations of the VNC server, so that, when you connect with your vncviewer, the display manager login screen is displayed, so you can login and log out of your remote desktop session. Maybe you should try this implementation if it suits your needs, but this is not described in the above document. Thanks for your comment.
Great article! I had a question about the following:
Keeping port 5903 open on your remote machine is no longer needed, since all take place through the SSH tunnel. So, noone will know that you run a VNC server on the remote machine.
When you state 5903 is no longer needed, do you mean that port 5903 on the remote machine no longer needs to accept requests from remote machines? I assume the port has to still be open since SSH needs to forward the data to the VNC daemon somehow, but since that part of the forwarding is done locally, the port can be closed to all remote hosts?
Hi Chris,
Opening ports on the firewall of the machine that runs VNC server instances is only needed when you connect directly to those server instances with a vncviewer from the client machines. When the connections take place through an SSH tunnel, the only port that needs to be open on the server machine’s firewall is port 22 (TCP) or whatever port your SSH server listens on. Client machines do not need to have any open ports in either case.
Actually, this means that port 5903 does not need to directly accept requests from the client machines. It still accepts requests, but this happens behind the server machine’s firewall, so that port does not need to be open. All take place through the SSH tunnel.
Thanks for the article! Although, couldn’t get VNC client to connect, even after punching a hole for it through the firewall (and yes, the vncserver service is running :-( I think must be a problem with the client though….
I noticed that this version of the server also allows connections via HTTP on port 5802. So, I set IPTABLES to accept traffic on this port (
/sbin/iptables -I INPUT -p tcp --destination-port 5802 -j ACCEPT) and now find that going tohttp://IP_ADDRESS:5802/with a web browser on the client machine downloads & launches a VNC client in Java! (which seems to connect to the VNC service just fine) This rocks!! :-DEvad, indeed the VNC server accepts connections through HTTP on the 58xx series of ports and the communication takes place through a java applet. This functionality has not been mentioned in the above article because there is a significant decrease in performance this way. But, I’ll add this info to the article for completeness, when I find some time to revise it. Thanks for your feedback.
On the other hand, I cannot find a reason of not being able to connect to your VNC service through the standard 59xx port (5902 I assume in your case). IIRC, there was a faulty version of the VNC server some months ago on Fedora, which had such a problem, but this had been fixed rather quickly. Maybe you should try upgrading if you haven’t done so. Apart from that and taking into account that the remote user’s VNC service has been configured properly, I cannot think of any other reason for not being able to connect.
I want to let someone else VNC into my RedHat box, and be able to watch them moving the mouse and typing on my screen.
How do I do this??
In other words: I do *not* want to fire up a new X-session: I just want VNC to connect to my existing physical desktop – the same as Windows does.
In order to connect to your currently running desktop on the remote machine, all you need to do is to share your desktop through vino, GNOME’s VNC server implementation.
If you want a VNC session to be shared, the
-Sharedand/or-ViewOnlyvncviewer options are what you should be looking for. These options are pretty useful. I will probably mention them within the article when I revise it.Thanks for your feedback.
Hi,
Good article. Well explained. Thanks.
Now, I have a problem here. I could configure my vncserver to use only with root user and password. Can I get a solution to make work with other users?(Multiple users simultaneously). I am able to connect from WindowsXP using VNCviewer.
If I add any normal user in /etc/sysconfig/vncservers, at the time of restarting the vncserver service , I am getting a error message “vncserver is failed to restart”. Can you give a solution for this. Where do I need to configure my other users.
Message appear, while restarting vncserver
————————-Message——————–
Shutting down VNC server: 5:vinod
Can’t find file /home/vinod/.vnc/vinod.aptechutc.com:5.pid
You’ll have to kill the Xvnc process manually
[FAILED]
Starting VNC server: 5:vinod [FAILED]
————————————————–
vinod is a norrmal user.
Thanks
Vinod Chandran
Hello Vinod, This error message appears because you have probably deleted the VNC instance’s PID file (/home/vinod/.vnc/vinod.aptechutc.com:5.pid) by hand while the VNC service was running, so, when you try to shut down the service, it does not know which process to kill (missing PID file), so it outputs the error.
Run the following:
It will show the vnc process ID (PID) numbers. Issue a kill for each process, eg:
Repeat the above step for every Xvnc or vncconfig process.
Check if there are any *.pid files inside the
/home/vinod/.vnc/directory. If there are, delete them.Next, follow the above instructions and configure only one user to test it, assign a vnc password to that user as described above and finally start the vnc service with
service vncserver startFinally, running graphical applications either locally or remotely via VNC as root is not recommended. Please try to use unprivileged users for this task for the sake of security.
Hope these help.
Hello all,
And thanks a lot, GNot, for your great work !
Now, just a single question: how does one see the remote Fedora machine using TightVNC (or other client) from a *Windows* machine ? A typical Windows user will expect that program performs in PCAnywhere’s style: you can connect from the Windows machine (even if no local user is logged in on the Fedora box), type in the password for a local account and work in it as if you were in front of remote machine’s console…
Can you please add this in your tutorial?
Many thanks !
Răzvan
Hello Răzvan,
I have never used TightVNC before, but I assume that you can connect to the VNC server, that runs on the remote Fedora machine, with any VNC client (either from Windows or any other operating system), provided that you use the correct info (as I have described in the tutorial above). For example:
You wrote:
You want to connect to the remote fedora machine with a vnc client and you want the login-screen to be displayed, so to enter a remote user’s username/password in order to connect to the remote desktop? If this is what you want, you will need to configure the VNC server in a different way, so that the GDM display manager is shown whenever you connect to the VNC service. This method is a completely different approach and I don’t think that it could fit in the above tutorial. Please have a look at this tutorial I found on the fedora forums. Hope it helps you out.
Thanks for your feedback.
Best Regards :)
Two questions:
1. Can you point me to or provide some good information on securely connecting to the vnc-server at the “graphical greeter” login screen. (I’m using Fedora)
2. Can you disable others from viewing the remote screen while you are connected to it from a remote location. I mean people that would actually be in front of the server while you are connected to it.
Answers:
1. I am sure I had seen such information at the Fedora Forums. You can securely connect to the VNC server (either remote desktop or graphical greeter) through an SSH tunnel, as described in this article.
2. You can use the gdmsetup utility to configure these setting from a graphical interface.
I can configure my server (on FC-5 Linux) and it starts fine but when I attempt to connect to it
from a client on windows machine, I get this error:
{ when I debug it using TCPDUMP }
server-name > client-name unreachable – admin prohibited, length 56
On the server I have:
VNCSERVERARGS=”2:username” (actual user name here)
VNCSERVERARGS[2]=”-geomatry 800×600″
Can someone tell what is going on my server which is maing it refuse connection?
I can start local VNC viewer on the sever machine, but remote connection is prohibited.
Thanks in advance.
Smells like a network misconfiguration or a firewall that prohibits connection to the vnc service.
P.K.,
Was the “-geomatry 800×600” a typo? If not, then should that not be “-geometry 800×600”?
If your /etc/sysconfig/vncservers files is actually correct, then I would agree it is likely that your firewall is not allowing the connection.
@BKing1138: Thanks for your feedback.
Right, I didn’t notice that mistake… In that case the vnc instance most probably does not start correctly. The logfile inside the
~/.vnc/directory should be checked and of course the “geometry” statement should be written properly.Thiis is a very detailed article. After reading several others and failing, I felt like this gave the best explanation. However I am still having issues. Here is what happens:
1.
[root@fel1 ~]# service vncserver restart
Redirecting to /bin/systemctl restart vncserver.service
Failed to issue method call: Unit vncserver.service failed to load: No such file or directory. See system logs and ‘systemctl status vncserver.service’ for details.
2. So I say, let’s continue to try if service does not work. So as root I simply isssue command:
[root@fel1 ~]# vncserver
New ‘fel1:1 (root)’ desktop is fel1:1
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/fel1:1.log
3. Then I go to my windows machine and start the vcn viewer and in the ip address field I put it
192.168.1.78:5901:1
But I get the message:
unable to connect to host: A socket operation was attempted to an unreachable host (10065)
I have setup my windows firewall to open port 5901 and set up my router to forward port 5901.
What is the meaning of the message from service command and then from the viewer?
Setup VNC server.
# yum install tigervnc-server
Make new configuretion for display N.
For display :2
# cp /lib/systemd/system/vncserver@.service /lib/systemd/system/vncserver@:2.service
Replace parametr “”:
#ExecStart=/sbin/runuser -l -c “/usr/bin/vncserver %i”
ExecStart=/sbin/runuser -l myuser -c “/usr/bin/vncserver %i -geometry 1366×768″
#ExecStop=/sbin/runuser -l -c “/usr/bin/vncserver -kill %i”
ExecStop=/sbin/runuser -l myuser -c “/usr/bin/vncserver -kill %i-geometry 1366×768″
Restart.
# systemctl daemon-reload
Set password VNC for user myuser
# su – myuser
$ vncpasswd
Password:
Verify:
$ exit
logout
#
Enable & run vnc service.
# systemctl enable vncserver@:2.service
# systemctl start vncserver@:2.service
Set firewall
-A INPUT -m state –state NEW -m tcp -p tcp –dport 590 -j ACCEPT
@AlicVG, Thank you for your feedback. Seems quite useful.
simply wanted to say thank you.
I did it as you describe, and it worked perfectly!