Home Wiki > VNC
Sign up | Login

VNC

tagline: From openSUSE

Overview

VNC in openSUSE is mostly based on the TigerVNC project.

Server components of TigerVNC are in xorg-x11-Xvnc package:

  • libvnc.so: VNC extension for X server.
  • Xvnc: Headless X server with VNC extension built-in.
  • vncserver: Script that simplifies starting Xvnc and a graphical session inside it.
  • x0vncserver: X client application that shares screen of the X server in which it is running.

There is also x11vnc package that contains x11vnc application. This application works on the same principle as the x0vncserver.



Parameters

All TigerVNC components accept parameters that are documented in Xvnc manual page.

Important parameters:

  • SecurityTypes: List of encryption modes and authentication methods to use. Common values are:
    • TLSVnc (default): Encrypted, requires password specified by Password or PasswordFile parameter.
    • VncAuth: Not encrypted, requires password specified by Password or PasswordFile parameter.
    • TLSNone: Encrypted, doesn't requires password.
    • None: Not encrypted, doesn't requires password.
  • PasswordFile: Path to file that stores password (and optionally read-only password). You can generate the file using `vncpasswd` command.



Configurations

Various configurations are possible depending on your use case. All following configuration use the xorg-x11-Xvnc package, unless mentioned otherwise.


Sharing real screen

Following configurations share the content of real screen over VNC.

If you have multiple X servers running on multiple virtual terminals, only the currently active one will be active over VNC. The others will appear black/frozen. This is limitation of X server.


Ad-hoc

Use case: When you want to temporarily share your desktop.

To start sharing your screen using VNC run following command inside your X session:

$ x0vncserver -PasswordFile /home/username/.vnc/passwd

It will print out the VNC display number you can use to connect to it.

This command uses encryption and password protection by default. You must setup your password first.

Alternatively you can use x11vnc from the x11vnc package:

$ x11vnc -passwdfile /home/username/.vnc/passwd


Always shared

Use case: When you want every real X session to be accessible using VNC.

  • Uncomment "Module" and "Screen" sections inside /etc/X11/xorg.conf.d/10-libvnc.conf.
  • Set appropriate values for SecurityTypes and PasswordFile options, check man Xvnc for documentation and additional options.
  • Restart the X server. Logging out and back in is enough.

You can connect to it using VNC display number matching the X display number (:0 for first session, :1 for second session, etc.).



Additional headless sessions

Following configurations share their own sessions that are independent on the content of real screen. Unlimited amount of sessions can run at once.

Warning Gnome can not be started multiple times under the same user at the same computer. If you are running Gnome already in some session, attempt to log in again from another session will fail. Other desktop environments do not have this limitation.


Manually started permanent session

Use case: When you want your personal permanent session that will last until you manually terminate it.

$ vncserver
New 'hostname:2 (username)' desktop is hostname:2
Starting applications specified in /home/<username>/.vnc/xstartup
Log file is /home/<username>/.vnc/hostname:2.log

This will start VNC server and start session based on your ~/.vnc/xstartup file. If it doesn't exist, it will create default one, which will:

  1. Try to use your ~/.xinitrc.
  2. Try to use /etc/X11/xinit/xinitrc.
    1. If you are inside a graphical session (WINDOWMANAGER variable is set), it will attempt to start session of the same type.
    2. It will pick one of installed window managers (based on an arbitrary priority list).
  3. Fallback to twm and xterm.

Xvnc will use encryption and password protection by default. You must setup your password first. See [Security].

The permanent session gets next free VNC display number assigned (in above example it was :2). You can use that to connect to it.

You can terminate the session by logging out inside the session or by running:

$ vncserver -kill :<display number>


Automatically started one-shot sessions

Use case: When you want to allow users to connect, start their session by logging in and automatically terminate the session when they disconnect. The sessions are spawned automatically and the individual users do not need to prepare anything advance.

In YaST navigate to "Remote Administration (VNC)" and select "Allow Remote Administration". Since Leap 42.2 this option is called "Allow Remote Administration Without Session Management".

Warning This feature uses XDMCP to get the login screen from your display manager. SDDM, which is default KDE5 display manager, doesn't support XDMCP. If you want to use this VNC configuration, you need to switch to different display manager.

The VNC server listens on display number :1. Every connection gets new session assigned. Sessions are terminated when client disconnects. It is not possible to connect twice to running session.

Encryption is used by default. No VNC password is required because the users log in using display manager inside VNC.


Automatically started optionally permanent sessions

This configuration is available since Leap 42.2.

Use case: When you want to allow users to connect, start their session by logging in and optionally mark it as permanent. The sessions are spawned automatically and the individual users do not need to prepare anything advance.

In YaST navigate to "Remote Administration (VNC)" and select "Allow Remote Administration With Session Management".

Warning This feature uses XDMCP to get the login screen from your display manager. SDDM, which is default KDE5 display manager, doesn't support XDMCP. If you want to use this VNC configuration, you need to switch to different display manager.

The VNC server listens on display number :1. If there are running permanent sessions, you will be presented with option to reconnect or to start new session. By default new sessions will be terminated when you disconnect. You can use vncmanager-controller tool to configure your session as permanent.

Encryption is used by default. No VNC password is required because the users log in using display manager inside VNC.



Troubleshooting

Black screen instead of login screen.

Make sure your display manager is running and has XDMCP enabled.

If you enabled VNC using YaST, it will enable XDMCP automatically, but you must restart the display manager for it to take effect. For example by logging out and back in.

SDDM (Simple Desktop Display Manager), which is the default display manager in KDE5 doesn't support XDMCP. You must switch to different display manager to get login screen in VNC sessions.

No password configured for VNC Auth

The default security type for tigervnc servers is TLSAuth. TLSAuth uses encryption and requires authentication using password.

You must create a passwd file using vncpasswd command and give it to the VNC server using PasswordFile parameter.