G0dspeed's Blog

指定特定用户登录VNC：

The VNC server can be automatically started when the system boots via the vncserver service. However, before this service will work, some preparatory set up needs to be done.

First, edit the /etc/sysconfig/vncservers file to include the users you want to run VNC servers for. Add a line to that file as follows:

VNCSERVERS="N:user"

Where N is the number of the display you want the VNC server to run on and user is the username you want the server to run as. Multiple displays and users can be specified by placing a space between them, as follows:

VNCSERVERS="N:user1 Y:user2"

Note that if you are using the X Window System, display 0 cannot be used for VNC as it is already being used by X.

For each user you specify, a VNC password needs to be set. VNC passwords are completely separate from the normal system password for that account. A user can set their VNC password by executing the vncpasswd command. For example:

$ vncpasswd
Password:
Verify:

By default, VNC starts up only a simple window manager and a terminal window. If you would like to have the full Red Hat environment, create ~username/.vnc/xstartup and include the following lines:

#!/bin/bash
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc

Lastly, ensure that the resulting file has the execute bit set:

# chmod 755 ~username/.vnc/xstartup

In order to start the vncserver service immediately, run the following command:

# service vncserver start

For exmaple:

# service vncserver start
Starting VNC server: 1:user1 

In order for the vncserver service to start during the boot sequence, run the following command:

# chkconfig vncserver on

Note this command will simply return a command prompt. For example:

# chkconfig vncserver on
# chkconfig --list vncserver
vncserver       0:off   1:off   2:on    3:on    4:on    5:on    6:off

启动VNC Server控制Native X Server：

If you configure VNC to control the native X server of a system, you can interact with the console while sitting at the system or from any other system that can run a VNC viewer program. Be sure to do this initial VNC implementation during a maintenance window for your server in case VNC does not work correctly with your video card.

Warning: The following solution is not graceful and should be tested throughly before utilizing it on a production system.

To set up VNC to control the native X server, follow these steps:

1. On the system you want to control with VNC, run the program vncpasswd as root to set a VNC password. You will use this password when connecting with vncviewer or another VNC remote control program.
2. Edit the file /etc/X11/XF86Config to include the following commands. The XF86Config file is divided into parts that begin with the word Section and end with the word EndSection. You will need to add the following lines to the indicated section, making sure they come before the EndSection tag for that particular section.

   Red Hat Enterprise Linux 4 and above uses the XOrg implementation instead of XFree86. Edit the file /etc/X11/xorg.conf instead of XF86Config

   In the section called Module, add this line:

   Load "vnc"

   Make sure this is on a new line before EndSection.

   In section called Screen, add this line:

   Option "passwordFile" "/root/.vnc/passwd"

   Make sure this is on a new line before EndSection.

After you have rebooted your machine, VNC will load automatically each time you enter runlevel 5 (graphical mode). If you do not want to reboot now, you can make the changes active by logging out of graphical mode and pressing Ctrl+Alt+Backspace to restart the X server.

Because you are connecting to the root console, you do not have to type a number after the machine name or IP address when connecting to this computer with a VNC viewer.

让VNC走SSH：

To tunnel VNC connections over SSH, you must have a real system account on the machine running the VNC server. You must also know what display the VNC server is running on (which can be found in the /etc/sysconfig/vncservers file). Once you have these pieces of information, connect to the VNC server with the following SSH command:

ssh -L 590X:127.0.0.1:590X -N -f -l username servername

Replace the X‘s with the display number the VNC server is running on. For example, if the VNC server was running on display 1, you would specify 5901.

In your VNC client, instead of connecting directly to the VNC server, connect to "127.0.0.1:590X", again replacing X with the appropriate display number. This will tunnel the connection over SSH, providing greatly enhanced security.