This is part of my documentation for VNC under RHEL-4. All of the configuration file changes below were originally formatted as "diff -u" patches. Email may have mangled them, so beware.
I assume standard gnome desktop packages have been installed, if you want another desktop manager you'll have to figure out how to configure that yourself.
I frequently use
vncviewer -via secure.vnc.host localhost:50
to tunnel VNC over an SSH session
Here's the text:
=Managing VNC Sessions With Xinetd=
There is an old protocol for managing remote displays on X-Terminals called XDMCP (X11 Display Manager Control Protocol). Never heard of an X-Terminal? Well, that's no surprise... X-Terminals are sooo 20-th century... Everybody calls them Thin Clients now. Fortunately, old protocols never die and every once in a while we get to recycle them.
What we are going to do is configure a VNC service that's controlled by XInetd. That way, a VNC server process only gets started when somebody asks for one... And since we're enabling XDMCP support for the Gnome Display Manager (GDM), each VNC client connection will get a graphical gdm login screen. It doesn't result in a persistent session, but it's much easier to configure and maintain.
==Linux Configuration Files== ===/etc/X11/xdm/xdm-config===
--- /etc/X11/xdm/xdm-config 2006/02/14 04:33:24 1.1 +++ /etc/X11/xdm/xdm-config 2006/02/14 04:33:58 @@ -29,4 +29,4 @@
! SECURITY: do not listen for XDMCP or Chooser requests ! Comment out this line if you want to manage X terminals with xdm -DisplayManager.requestPort: 0 +!DisplayManager.requestPort: 0
===/etc/X11/xdm/Xaccess===
--- /etc/X11/xdm/Xaccess 2006/02/14 04:36:27 1.1 +++ /etc/X11/xdm/Xaccess 2006/02/14 04:36:39 @@ -37,7 +37,7 @@ # right hand sides can match. #
-# * #any host can get a login window +* #any host can get a login window
# # To hardwire a specific terminal to a specific host, you can
===/etc/X11/gdm/gdm.conf===
====Enabling XDMCP access for VNC clients====
--- gdm.conf 2006/02/14 04:39:09 1.1 +++ gdm.conf 2006/04/05 17:07:05 1.2 @@ -207,7 +207,7 @@ # allow local access is another alternative but not the safest. # Firewalling port 177 is the safest if you wish to have xdmcp on. # Read the manual for more notes on the security of XDMCP. -Enable=false +Enable=true # Honour indirect queries, we run a chooser for these, and then redirect # the user to the chosen host. Otherwise we just log the user in locally. #HonorIndirect=true
====Supporting X11 connections over TCP====
This is normally disabled, but as long as you're on a protected network it's convenient to run X11-based programs on remote hosts and display them locally. It is possible to do this over SSH, but there is some overhead...
--- gdm.conf 2006/04/05 17:07:05 1.2 +++ gdm.conf 2006/04/05 17:07:52 @@ -187,7 +187,7 @@ # Note: Anytime we find a -query or -indirect on the command line we do # not add a "-nolisten tcp", as then the query just wouldn't work, so # this setting only affects truly local sessions. -#DisallowTCP=true +DisallowTCP=false # By default never place cookies if we "detect" NFS. We detect NFS # by detecting "root-squashing". It seems bad practice to place # cookies on things that go over the network by default and thus we
===/etc/services===
--- /etc/services 2006/02/14 04:40:03 1.1 +++ /etc/services 2006/02/14 04:40:51 @@ -577,4 +577,6 @@ fido 60179/udp # Ifmail
# Local services - +# +vnc-1280x1024 5950/tcp # VNC @ 1280x1024 +#
===/etc/xinetd.d/xvncserver===
service vnc-1280x1024 { protocol = tcp socket_type = stream wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -query localhost -once -geometry 1280x1024 -depth 24 securitytypes=none }
==Restarting The Gnome Display Manager==
The easiest way to do this is to log into a text console (Ctrl-Alt-F1), and running these commands
init 3 init 5 /sbin/service xinetd stop /sbin/service xinetd start