VNC
Overview
VNC in openSUSE is mostly based on the TigerVNC project.
Server components of TigerVNC are in xorg-x11-Xvnc package:
- libvnc.so: VNC extension for X server.
- Xvnc: Headless X server with VNC extension built-in.
- vncserver: Script that simplifies starting Xvnc and a graphical session inside it.
- x0vncserver: X client application that shares screen of the X server in which it is running.
There is also x11vnc package that contains x11vnc application. This application works on the same principle as the x0vncserver.
Parameters
All TigerVNC components accept parameters that are documented in Xvnc manual page.
Important parameters:
- SecurityTypes: List of encryption modes and authentication methods to use. Common values are:
- TLSVnc (default): Encrypted, requires password specified by Password or PasswordFile parameter.
- VncAuth: Not encrypted, requires password specified by Password or PasswordFile parameter.
- TLSNone: Encrypted, doesn't requires password.
- None: Not encrypted, doesn't requires password.
- PasswordFile: Path to file that stores password (and optionally read-only password). You can generate the file using `vncpasswd` command.
Configurations
Various configurations are possible depending on your use case. All following configuration use the xorg-x11-Xvnc package, unless mentioned otherwise.
Sharing real screen
Following configurations share the content of real screen over VNC.
If you have multiple X servers running on multiple virtual terminals, only the currently active one will be active over VNC. The others will appear black/frozen. This is limitation of X server.
Ad-hoc
Use case: When you want to temporarily share your desktop.
To start sharing your screen using VNC run following command inside your X session:
It will print out the VNC display number you can use to connect to it.
This command uses encryption and password protection by default. You must setup your password first.
Alternatively you can use x11vnc from the x11vnc package:
Use case: When you want every real X session to be accessible using VNC.
- Uncomment "Module" and "Screen" sections inside /etc/X11/xorg.conf.d/10-libvnc.conf.
- Set appropriate values for SecurityTypes and PasswordFile options, check man Xvnc for documentation and additional options.
- Restart the X server. Logging out and back in is enough.
You can connect to it using VNC display number matching the X display number (:0 for first session, :1 for second session, etc.).
Additional headless sessions
Following configurations share their own sessions that are independent on the content of real screen. Unlimited amount of sessions can run at once.
Manually started permanent session
Use case: When you want your personal permanent session that will last until you manually terminate it.
New 'hostname:2 (username)' desktop is hostname:2 Starting applications specified in /home/<username>/.vnc/xstartup Log file is /home/<username>/.vnc/hostname:2.log
This will start VNC server and start session based on your ~/.vnc/xstartup file. If it doesn't exist, it will create default one, which will:
- Try to use your ~/.xinitrc.
- Try to use /etc/X11/xinit/xinitrc.
- If you are inside a graphical session (WINDOWMANAGER variable is set), it will attempt to start session of the same type.
- It will pick one of installed window managers (based on an arbitrary priority list).
- Fallback to twm and xterm.
Xvnc will use encryption and password protection by default. You must setup your password first. See [Security].
The permanent session gets next free VNC display number assigned (in above example it was :2). You can use that to connect to it.
You can terminate the session by logging out inside the session or by running:
Please check this to know how to use it.
Automatically started one-shot sessions
Use case: When you want to allow users to connect, start their session by logging in and automatically terminate the session when they disconnect. The sessions are spawned automatically and the individual users do not need to prepare anything advance.
In YaST navigate to "Remote Administration (VNC)" and select "Allow Remote Administration". Since Leap 42.2 this option is called "Allow Remote Administration Without Session Management".
The VNC server listens on display number :1. Every connection gets new session assigned. Sessions are terminated when client disconnects. It is not possible to connect twice to running session.
Encryption is used by default. No VNC password is required because the users log in using display manager inside VNC.
Automatically started optionally permanent sessions
This configuration is available since Leap 42.2.
Use case: When you want to allow users to connect, start their session by logging in and optionally mark it as permanent. The sessions are spawned automatically and the individual users do not need to prepare anything advance.
In YaST navigate to "Remote Administration (VNC)" and select "Allow Remote Administration With Session Management".
The VNC server listens on display number :1. If there are running permanent sessions, you will be presented with option to reconnect or to start new session. By default new sessions will be terminated when you disconnect. You can use vncmanager-controller tool to configure your session as permanent.
Encryption is used by default. No VNC password is required because the users log in using display manager inside VNC.
Installation with VNC
From the installation screen, edit the kernel line and add "vnc=1" and then F10 or CTRL-x to boot. Instead of the normal graphical installer, you will be asked to set a temporary VNC password and if you have multiple Network devices (ex. Ethernet + Wifi) you will be asked which one to use. After this, you will be shown your IP and the port that you can access the VNC installer on. You will also be gived a web-based port if you want to install with VNC via a web browser.
More information can be found in the documentation.
Troubleshooting
Black screen instead of login screen.
Make sure your display manager is running and has XDMCP enabled.
If you enabled VNC using YaST, it will enable XDMCP automatically, but you must restart the display manager for it to take effect. For example by logging out and back in.
SDDM (Simple Desktop Display Manager), which is the default display manager in KDE5 doesn't support XDMCP. You must switch to different display manager to get login screen in VNC sessions.
No password configured for VNC Auth
The default security type for tigervnc servers is TLSAuth. TLSAuth uses encryption and requires authentication using password.
You must create a passwd file using vncpasswd command and give it to the VNC server using PasswordFile parameter.