13.3. VNC Viewer
vncvieweris a program which shows the graphical user interfaces and controls the
vncviewer, there is a pop-up menu containing entries which perform various actions such as switching in and out of full-screen mode or quitting the viewer. Alternatively, you can operate
vncviewerthrough the terminal. Enter
vncviewer -hon the command line to list
13.3.1. Installing VNC Viewer
vncviewer, issue the following command as
yum install tigervnc
13.3.2. Connecting to VNC Server
Procedure 13.4. Connecting to a VNC Server Using a GUI
- Enter the
vncviewercommand with no arguments, the VNC Viewer: Connection Details utility appears. It prompts for a VNC server to connect to.
- If required, to prevent disconnecting any existing VNC connections to the same display, select the option to allow sharing of the desktop as follows:
- Select thebutton.
- Select the Misc. tab.
- Select thebutton.
- Press OK to return to the main menu.
- Enter an address and display number to connect to:
- Press Connect to connect to the VNC server display.
- You will be prompted to enter the VNC password. This will be the VNC password for the user corresponding to the display number unless a global default VNC password was set.A window appears showing the VNC server desktop. Note that this is not the desktop the normal user sees, it is an Xvnc desktop.
Procedure 13.5. Connecting to a VNC Server Using the CLI
- Enter the
viewercommand with the address and display number as arguments:
vncviewer address:display_numberWhere address is an
IPaddress or host name.
- Authenticate yourself by entering the VNC password. This will be the VNC password for the user corresponding to the display number unless a global default VNC password was set.
- A window appears showing the VNC server desktop. Note that this is not the desktop the normal user sees, it is the Xvnc desktop.
220.127.116.11. Configuring the Firewall for VNC
firewalldmight block the connection. To allow
firewalldto pass the VNC packets, you can open specific ports to
TCPtraffic. When using the
-viaoption, traffic is redirected over
SSHwhich is enabled by default in
3, make use of
firewalld's support for the VNC service by means of the
serviceoption as described below. Note that for display numbers greater than
3, the corresponding ports will have to be opened specifically as explained in Procedure 13.7, “Opening Ports in firewalld”.
Procedure 13.6. Enabling VNC Service in firewalld
- Run the following command to see the information concerning
- To allow all VNC connections from a specific address, use a command as follows:
~]#Note that these changes will not persist after the next system start. To make permanent changes to the firewall, repeat the commands adding the
firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.122.116" service name=vnc-server accept'success
--permanentoption. See the Red Hat Enterprise Linux 7 Security Guide for more information on the use of firewall rich language commands.
- To verify the above settings, use a command as follows:
firewall-cmd --list-allpublic (default, active) interfaces: bond0 bond0.192 sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules: rule family="ipv4" source address="192.168.122.116" service name="vnc-server" accept
--add-portoption to the
firewall-cmdcommand Line tool. For example, VNC display
5904to be opened for
Procedure 13.7. Opening Ports in firewalld
- To open a port for
TCPtraffic in the public zone, issue a command as
firewall-cmd --zone=public --add-port=5904/tcpsuccess
- To view the ports that are currently open for the public zone, issue a command as follows:
firewall-cmd --zone=public --list-ports5904/tcp
firewall-cmd --zone=zone --remove-port=number/protocolcommand.
--permanentoption. For more information on opening and closing ports in
firewalld, see the Red Hat Enterprise Linux 7 Security Guide.
13.3.3. Connecting to VNC Server Using SSH
-viaoption. This will create an
SSHtunnel between the VNC server and the client.
vncviewer -via user@host:display_number
Example 13.1. Using the -via Option
- To connect to a VNC server using
SSH, enter a command as follows:
vncviewer -via USER_2@192.168.2.101:3
- When you are prompted to, type the password, and confirm by pressing Enter.
- A window with a remote desktop appears on your screen.
Restricting VNC Access
-localhostoption in the
systemd.servicefile, the ExecStart line:
ExecStart=/usr/sbin/runuser -l user -c "/usr/bin/vncserver -localhost %i"
vncserverfrom accepting connections from anything but the local host and port-forwarded connections sent using
SSHas a result of the
SSH, see Chapter 12, OpenSSH.