Hey everyone. Alright i'm pretty new to Linux but i'm not totally ignorant. I just installed SuSE 9 to replace Win2k Pro as a server. The thing with this particular machine is... 99% of the time I can't have a keyboard/monitor/mouse hooked up to it... so that means I need a remote administration tool to do the same work. Under Windows I was using RealVNC which was awesome. It did everything I needed it to perfectly. After installing Linux, I installed RealVNC, but I found it very limited, since I was only able to log in to specific user accounts after I had hand-executed the server after having logged in when physically on the machine. Not to mention the only thing I was given access to was a terminal window and an apparently dead desktop. Since this doesn't buy me jack crap, I decided to do more research. I discovered after much reading that I need something to give me access to desktop 0 from X Windows. I managed to find out about a special vnc program that was made to get access to desktop 0, but all links to the website are dead and after searching long for a new website, I came across nothing. After all this, I learned about XFree86-VNC 4 (i think that's correct) which apparently comes bundled with SuSE 9 that offers the sort of features i'm looking for. So I installed this package into the system after removing realVNC. Now my problem is how to set it up and access it. I don't see any menu items, options or anything from anywhere in SuSE' Control Panel and I can't seem to find any executables to do anything. This is of course where you come in. Please help me! I need this machine to be completely controlled from bootup to shutdown from a remote computer. This is way too time consuming for something that should be simple. So, if you can help me on how to set this up it would be absolutely fantastic! Thanks in advance!!
Jean-Philippe
Full Version: Vnc With Suse 9
If you have the machines in the same room ... let me recommend THIS to switch between PCs that share a keyboard, mouse and monitor....at $59.00 including cables it is a good price ... if you need a 4 post switch they are available as well.
If remote access is required ... and if you can do everything via a console login...then ssh is the best bet.
VNC is also an option ... I'm currently playing with Xvnc on SUSE 9 ... I'll let you know what I find out.
If remote access is required ... and if you can do everything via a console login...then ssh is the best bet.
VNC is also an option ... I'm currently playing with Xvnc on SUSE 9 ... I'll let you know what I find out.
I actually do have a KVM switchbox but I don't like to use it because it 1) degrades the signal to my monitor, 2) limits my refresh rate and resolution, and 3) causes a green tint in my screen. I do a decent amount of graphics work not to mention i'm just real picky about how good my screen looks so it's pretty important to me. I decided it was no longer worth it, which is why I resorted to VNC originally. I'll look into SSH, but I would like to be able to actually get remote desktop like environment again.
I am using a OmniViewSE 4 port belkin switch on four machines with no problem. The max resoultion I have tried was 1280x1024@85hz ... which work fine with no degradation on a NEC MultiSync E1100 monitor and NVIDIA FX 5200 card.
I am having to reinstall my SUSE 9.0 test drive ... I managed to install lots of RedHat on it RPMS by mistake...I should have something soon.
I am having to reinstall my SUSE 9.0 test drive ... I managed to install lots of RedHat on it RPMS by mistake...I should have something soon.
OK ... I think what you want to do is run VNC to login using the xinetd daemon via XDMCP... it will allow you to login (presenting you a login screen) as any user ... and start on startup.
(The negative is that it opens a new window on every login)...
If that is what you want, here is what you do:
I know how to do it via gdm and gnome ... I don't know how to do it via kdm and kde.
You need to be blocking ports 5800 to 5810 and 5900 to 5910 and 177 from the internet or other people can try to login to your machine....If you have a nat or firewall it shouldn't be a problem
-------------------------------
1. Change the default display manager to gdm by opening yast and going to System --> Editor for /etc/sysconfig files. (Don't edit the files in /etc/sysconfig without using this tool ... they will change back to the last thing the tool said.)
In the /etc/sysconfig editor, open Desktop and then Display Manager ... Click on DISPLAYMANGER and select gdm....click on DISPLAYMANAGER_REMOTE_ACCESS and select yes... click on DISPLAYMANAGER_ROOT_LOGIN_REMOTE and pick yes (or no) depending on what you want (if you want to login as root via vnc you must pick yes ... I picked no)....Click on DISPLAYMANAGER_STARTS_XSERVER and pick yes.
In the /etc/sysconfig editor, open the Desktop and then Window Manager ... click on DEFAULT_WM and pick gnome (as long as you use GDM as the Display Manager above ... you could probably use kde as the DEFAULT_WM as well).
Save the changes to the /etc/sysconfig editor. (Using GDM is Key ... because we will turn on
2. Go to the Menu -> System -> Configuration -> GDM Configurator
set your preferences ... in the general tab, I use graphical greeter for remote and local (since I am on a lan ... for off site connections use standard greeter for remote.
You can make security decisions (security tab) and pick the greeters (standard and graphical greeter tabs) however you want...now select the XDMCP tab and check enable XDMCP and check Honor indirect requests. Leave the default port as 177 ... you can adjust the other settings if you want.
3. Now we need to create the file /etc/xinetd.d/vnc
4. Restart the Xserver (log out and press Ctrl-Alt-Backspace)...(or reboot the server).
5. On the external machine, you should be able to login by using vncviewer IP_ADDRESS:10
(The negative is that it opens a new window on every login)...
If that is what you want, here is what you do:
I know how to do it via gdm and gnome ... I don't know how to do it via kdm and kde.
You need to be blocking ports 5800 to 5810 and 5900 to 5910 and 177 from the internet or other people can try to login to your machine....If you have a nat or firewall it shouldn't be a problem
-------------------------------
1. Change the default display manager to gdm by opening yast and going to System --> Editor for /etc/sysconfig files. (Don't edit the files in /etc/sysconfig without using this tool ... they will change back to the last thing the tool said.)
In the /etc/sysconfig editor, open Desktop and then Display Manager ... Click on DISPLAYMANGER and select gdm....click on DISPLAYMANAGER_REMOTE_ACCESS and select yes... click on DISPLAYMANAGER_ROOT_LOGIN_REMOTE and pick yes (or no) depending on what you want (if you want to login as root via vnc you must pick yes ... I picked no)....Click on DISPLAYMANAGER_STARTS_XSERVER and pick yes.
In the /etc/sysconfig editor, open the Desktop and then Window Manager ... click on DEFAULT_WM and pick gnome (as long as you use GDM as the Display Manager above ... you could probably use kde as the DEFAULT_WM as well).
Save the changes to the /etc/sysconfig editor. (Using GDM is Key ... because we will turn on
2. Go to the Menu -> System -> Configuration -> GDM Configurator
set your preferences ... in the general tab, I use graphical greeter for remote and local (since I am on a lan ... for off site connections use standard greeter for remote.
You can make security decisions (security tab) and pick the greeters (standard and graphical greeter tabs) however you want...now select the XDMCP tab and check enable XDMCP and check Honor indirect requests. Leave the default port as 177 ... you can adjust the other settings if you want.
3. Now we need to create the file /etc/xinetd.d/vnc
CODE
service vnc10
{
socket_type = stream
protocol = tcp
wait = no
user = nobody
server = /usr/X11R6/bin/Xvnc
server_args = :42 -inetd -once -query localhost -geometry 1024x768 -depth 16
type = UNLISTED
port = 5910
}
{
socket_type = stream
protocol = tcp
wait = no
user = nobody
server = /usr/X11R6/bin/Xvnc
server_args = :42 -inetd -once -query localhost -geometry 1024x768 -depth 16
type = UNLISTED
port = 5910
}
4. Restart the Xserver (log out and press Ctrl-Alt-Backspace)...(or reboot the server).
5. On the external machine, you should be able to login by using vncviewer IP_ADDRESS:10
Alright I followed everything as you described perfectly and I got nothing.... I've already been using Gnome, since the last time I had Linux, I found KDE to be really unstable. Anyway... so I can't seem to get a connection. Maybe I need a differenct program?? I'm using RealVNC Viewer. I entered IPADDRESS:10 into the server box but it couldnt' find it. I tried several others, like IPADDRESS:5910, IPADDRESS linux:0, IPADDRESS linux:1.. and so on. For some reason the XServer runs noticeably faster on the server now though. I found that sort of weird. Any other suggestions? Thanks a lot for your help by the way!!
OK, after doing a complete restart it apparently works. It works great too. Now my only question is... if I do have a keyboard/mouse connected to the system, how come I cannot type or move the mouse. The login screen is up on the monitor and the cursor is blinking, but i've got no control. Is there any reason? Shouldn't I be able to have keyboard/mouse access from the physical system as well as remote? Thanks
QUOTE
OK, after doing a complete restart it apparently works.
That was my fault ... I forgot to tell you to do /etc/init.d/xinetd restart--------------------------------------------
I have full access with the keyboard and mouse when connected locally and remotely...I'm not sure why you wouldn't.
You should not reconnect the mouse / keyboard to the ports whle the computer is on (unless they are both USB devices) ...but should do a shutdown first.
-------------------------------------------
Make sure when you log out from the linux menu {when you are connected remotely via vnc} instead of just closing the window {with the right hand corner X} when you are finished with the vnc connection ... it will take several minutes of inactivity before you can login agian with the same user account (and get the same display) if you just close the window....you can relogin immediately if you logout properly (and it should close the window).
There are security implications concerning open VNC ports. If your connection to the internet is through another firewall, make sure to block 5810, 5910 and 177 from the rest of the world (and don't port forward into them from all IPs) ... I picked port 5910 (and display :42) specifically because they are attacked less often than some of the other ports ... see the difference between 5910 and 5900 / 5901
If you don't have an external firewall/nat then you should make iptables entries that only allow 177 access from localhost and only allow 5810 and 5910 access from your windows machine or others will see your XDMCP if they try a VNC connect on display 10...and they can try username /passwords to login (or try to use VNC vulnerabilities ) to get into your box...
Here is a list of past VNC vulerabilities. None of these should be present in Xvnc or tightvnc installed via SUSE 9.0....just keep up with your security patches on SUSE.
Just be careful ... review the /var/log/xinetd.log perocically and look for connections to vnc10 from other than your PCs.
If you don't have an external firewall/nat then you should make iptables entries that only allow 177 access from localhost and only allow 5810 and 5910 access from your windows machine or others will see your XDMCP if they try a VNC connect on display 10...and they can try username /passwords to login (or try to use VNC vulnerabilities ) to get into your box...
Here is a list of past VNC vulerabilities. None of these should be present in Xvnc or tightvnc installed via SUSE 9.0....just keep up with your security patches on SUSE.
Just be careful ... review the /var/log/xinetd.log perocically and look for connections to vnc10 from other than your PCs.
Thanks. Yea i'm pretty well protected actually. I'm behind a Netgear FVS318 Firewall Router. I'm pretty sure that's adequate protection. I have basic HL, WWW and FTP ports open but everything else is on stealth. Again, thanks for the help. It works just as I need. I have a habit of logging out of the system before I close VNC anyway, but thanks for the warning 
I will also check the security logs periodically as you suggest to make sure no one gets in. Now to just familiarize myself with Linux... if I can quickly get as good with it as I am with Windows, i'll be set.
I will also check the security logs periodically as you suggest to make sure no one gets in. Now to just familiarize myself with Linux... if I can quickly get as good with it as I am with Windows, i'll be set.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.