This is part of my documentation for VNC under RHEL-4. All of the
configuration file changes below were originally formatted as "diff
-u" patches. Email may have mangled them, so beware.
I assume standard gnome desktop packages have been installed, if you
want another desktop manager you'll have to figure out how to configure
that yourself.
I frequently use
vncviewer -via secure.vnc.host localhost:50
to tunnel VNC over an SSH session
Here's the text:
=Managing VNC Sessions With Xinetd
There is an old protocol for managing remote displays on X-Terminals
called XDMCP (X11 Display Manager Control Protocol). Never heard of
an X-Terminal? Well, that's no surprise... X-Terminals are sooo 20-th
century... Everybody calls them Thin Clients now. Fortunately, old
protocols never die and every once in a while we get to recycle them.
What we are going to do is configure a VNC service that's controlled
by XInetd. That way, a VNC server process only gets started when
somebody asks for one... And since we're enabling XDMCP support for
the Gnome Display Manager (GDM), each VNC client connection will get a
graphical gdm login screen. It doesn't result in a persistent
session, but it's much easier to configure and maintain.
==Linux Configuration Files====/etc/X11/xdm/xdm-config==
--- /etc/X11/xdm/xdm-config 2006/02/14 04:33:24 1.1
+++ /etc/X11/xdm/xdm-config 2006/02/14 04:33:58
@@ -29,4 +29,4 @@
! SECURITY: do not listen for XDMCP or Chooser requests
! Comment out this line if you want to manage X terminals with xdm
-DisplayManager.requestPort: 0
+!DisplayManager.requestPort: 0
===/etc/X11/xdm/Xaccess==
--- /etc/X11/xdm/Xaccess 2006/02/14 04:36:27 1.1
+++ /etc/X11/xdm/Xaccess 2006/02/14 04:36:39
@@ -37,7 +37,7 @@
# right hand sides can match.
#
-# * #any host can get a login window
+* #any host can get a login window
#
# To hardwire a specific terminal to a specific host, you can
===/etc/X11/gdm/gdm.conf==
====Enabling XDMCP access for VNC clients===
--- gdm.conf 2006/02/14 04:39:09 1.1
+++ gdm.conf 2006/04/05 17:07:05 1.2
@@ -207,7 +207,7 @@
# allow local access is another alternative but not the safest.
# Firewalling port 177 is the safest if you wish to have xdmcp on.
# Read the manual for more notes on the security of XDMCP.
-Enable=false
+Enable=true
# Honour indirect queries, we run a chooser for these, and then redirect
# the user to the chosen host. Otherwise we just log the user in locally.
#HonorIndirect=true
====Supporting X11 connections over TCP===
This is normally disabled, but as long as you're on a protected
network it's convenient to run X11-based programs on remote hosts and
display them locally. It is possible to do this over SSH, but there
is some overhead...
--- gdm.conf 2006/04/05 17:07:05 1.2
+++ gdm.conf 2006/04/05 17:07:52
@@ -187,7 +187,7 @@
# Note: Anytime we find a -query or -indirect on the command line we do
# not add a "-nolisten tcp", as then the query just wouldn't
work, so
# this setting only affects truly local sessions.
-#DisallowTCP=true
+DisallowTCP=false
# By default never place cookies if we "detect" NFS. We detect NFS
# by detecting "root-squashing". It seems bad practice to place
# cookies on things that go over the network by default and thus we
===/etc/services==
--- /etc/services 2006/02/14 04:40:03 1.1
+++ /etc/services 2006/02/14 04:40:51
@@ -577,4 +577,6 @@
fido 60179/udp # Ifmail
# Local services
-
+#
+vnc-1280x1024 5950/tcp # VNC @ 1280x1024
+#
===/etc/xinetd.d/xvncserver==
service vnc-1280x1024
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once -geometry 1280x1024
-depth 24 securitytypes=none
}
==Restarting The Gnome Display Manager=
The easiest way to do this is to log into a text console (Ctrl-Alt-F1), and
running these commands
init 3
init 5
/sbin/service xinetd stop
/sbin/service xinetd start