VNC Configured Out Of The Box

Latest response

I think it would be great to have a VNC setup configured out of the box that integrated with pam for login with gdm.  VNC has always been an issue and annoyance to setup in RHEL, and some pesky users must have their GUI.  SLES has a great implementation of VNC out of the box for years now RHEL should do this as well, what does everyone think?

 

Responses

Are they IT users who need the GUI? The future seems to be virtualized and indeed my shop is over 95% virtual so, if the IT users need a gui, why not just install X Windows and let the users log in through a console? For example with VMware, you can use vSphere client to administer machines, and access the GUI. VNC is definitely not something I'd want running on a production box.

 

However if the machine is being accessed by users (and therefore a VM manager is out of the question) then perhaps there is merit in a VNC solution, although it'd be safer to tunnel over SSH. Could you just 'yum install vnc' or similar? Or are you wanting VNC by default?

Definitely I agree I am about 80% virtual right now...virtuals are a breeze, I just delegate out rights to the vm console through virtual center with strict rights.  The boxes that concern me are physical boxes, and yes I would agree it should be a secure VNC solution tunneled over ssh; I would like it at least as an optional package at install time if not installed by default.  Installing VNC manually is not super easy in RHEL when your going for pam/gdm integration (which is a must).

Not sure what I am missing? But there really is no need for a GUI on the server to begin with. If you need a GUI to run an app, just export it to your desktop. If you have a slow connection just setup a central "management" system with RDP/VNC running and export the display to there.

Running VNC, along w/ the additional X Server/Window Manager, on a server reduces security by adding additional packages and running process which increases the number of attack vector's.

While I don't care if it is an optional selection and it auto-magically configures itself to run, I don't think it needs, or should be part of the default install.

We have 1000+ Linux systems, none of them run X / VNC; dont see the need for VNC by default; but not unahppy if it is an optional setup.

Agreed. I would never imagine installing X or VNC on my boxes but hey, if it's a need then I see no reason why not to have a simple way to install it optionally. NOT configured out of the box, but let there be a simple installer and an optional configuration item during install. It works perfect when you use it, but 99% of the IT world would never use it. Not on a server at least. On a desktop, sure.

I agree that servers should not, generally, be running a GUI.  I've had users want me to setup a XDMCP server for them to log into.  For that, I tried VNC, but because of security I found it lacking.  That's why I'd like to see FreeNX packages added to RHEL7.

Although I too will agree that servers don't usually need a GUI, nevertheless sometimes you need it. And exporting your display isn't always the right solution, e.g. it's not persistent and it's a total bandwidth-hog. Not to mention I _still_ find myself having to debug idiotic xauth, misconfigured putty, etc, end-user issues all too often.

 

I don't really get the "but if its virtual you can just run X" point of view? Whether its virtual or physical it's still the same extra effort to maintain and configure and keep patched.

 

VNC is nice and simple and very bandwidth-efficient. You just need the server name and port and it'll always always work. It's also a very widely used standard and every single device out there from my phone to Windows have a VNC client. I never have end-users coming to me with problems. So +1 from me for an easy, out-of-the-box VNC option. Even better if we could somehow have persistence an easy to select option - currently you basically have to configure it to be one or the other (I'm talking about when you disconnect your client, does it kill your session or leave it open on the server).

 

For security I tunnel it through SSH, which is bit annoying to have to explain to end-users, so built-in encryption would indeed be nice to have.

We are in the minoroty here obviously but we use lots of RHEL on Workstations. A better VNC server as proposed would be useful to us.