Talk:HOWTO RealVNC, TightVNC, XF4VNC
From Gentoo Linux Wiki
Something changed recently with pam and an emerge. If this tutorial won't work, or you can no longer log into your remote box do this:
edit /etc/security/pam_env.conf and comment out the following lines: Code:
| File: /etc/security/pam_env.conf |
REMOTEHOST DEFAULT= OVERRIDE=@{PAM_RHOST}
DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
XAUTHORITY DEFAULT= OVERRIDE=@{XAUTHORITY}
|
<akidd 19/01/05 - 4:18pm>
This tutorial works - but If I am remotely logged into a machine using vnc as any non-root user I cannot run GUI apps that require you to be root - meaning I use SU to run them. (nmapfe, gedit to edit files as root...) Commandline apps work fine. If I login as root user they work also.
Here is what I'm talking about:
$ su # gedit /etc/fstab # == Xlib: connection to "localhost.localdomain:1.0" refused by server Xlib: No protocol specified (gedit:3176): Gtk-WARNING **: cannot open display: ==
SOLVED!! Once again Gentoo proves its power and the brains of its developers. My difficulty in solving this problem was figuring out how to ask the question in a clear way - which isn't that easy actually. There are a number of "solutions" to this issue, but most create gaping security holes. Here is the best way:
Code:
emerge sux **optionally** if you want, add to your .bashrc or .bash_profile alias su=sux
This is pretty fundamental functionality and I believe it should go in the Howto. The method described is from the http://fgouget.free.fr/sux/ URL and the sux script ships with other distros. <akidd>
Contents |
[edit] xstartup
After upgrading to Gnome 2.16 I was having an issue after connecting to a VNC session. The window decoration was properly drawn, however, the internal widgets were not using the correct theme. Additionally, there were error messages indicating that certain icons could not be found, and that gnome-settings-daemon could not start properly. After some digging, was able to fix this by modifying my ~/.vnc/xstartup to change how it invoked gnome-session.
The following is my working xstartup:
#!/bin/sh # Uncomment the following two lines for normal desktop: unset SESSION_MANAGER #exec /etc/X11/xinit/xinitrc [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic & #xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" & dbus-launch --exit-with-session gnome-session &
--AerisG222 00:54, 19 January 2007 (UTC)
[edit] vncviewer fails
I run
vncviewer localhost:71
which returns vncviewer: VNC server closed connection
/var/log/messages says
xinetd[7323]: START: vnc-800x600x24 pid=19657 from=127.0.0.1 xinetd[19657]: FAIL: vnc-800x600x24 address from=127.0.0.1
You may find that you need to make a link to the fonts directory in order for the Xvnc server to work (This will also work for realvnc and tightvnc):
ln -s /usr/share/fonts/ /usr/lib/X11/fonts ln -s /usr/share/X11/rgb.txt /usr/lib/X11/rgb.txt
--Hef
[edit] VNC server closed connection
Having exactly the same error while following exactly this Howto...
Patrick
[edit] Fixed it
I think the Xvnc syntax has changed since this tutorial was first written. I updated the /etc/xinit.d/xvncserver file on the article page. basically, the server args needed the server nnumber (:71) and secirtytypes=none needed to be removed --Hef 22:33, 17 October 2005 (GMT)
[edit] Another Fix For VNC server closed connection
I also had the VNC server closed connection problem. Turned out it was a font problem. Gentoo's fonts are in /usr/share/fonts/ while tightVNC expects them to be in /usr/X11R6/lib/X11/fonts/, I created a symlink and all was well.
One more problem found. Also symlink /usr/share/X11/rgb.txt to /usr/X11R6/lib/X11/ if you are having troubles with colors.
running into the same type of issue from my windows box (zer0) to my headless linux box (c0re) across my local lan. previously, i was getting a complete disconnection, with nothing but the error until i changed this in Xaccess
| File: /etc/X11/xdm/Xaccess |
# # The nicest way to run the chooser is to just ask it to broadcast # requests to the network - that way new hosts show up automatically. # Sometimes, however, the chooser can't figure out how to broadcast, # so this may not work in all environments. # * CHOOSER BROADCAST #any indirect host can get a chooser |
after enabling the chooser, im actually getting the login prompt from xdm, but after auth the client crashes with no local or remote error (that i have been able to find).
all this seems to have started with an recent update to xorg. :-\
~neX [20:30 28-06-2006]
[edit] securitytypes=none
I saw that 80.203.43.244 added securityypes=none back in. The securitytypes=none exists in RealVNC but not in TightVNC. Tightvnc simply refuses to work with that option as an Xvnc argument. I have been looking for, but have not found, a similar option for tightvnc as tightvnc asks for a password The password is blank, so its only an annoyance, but the scurity types option is definately compatible across the 2 VNC servers. --Hef 14:36, 3 November 2005 (GMT)
[edit] Reboot required after following instructions
I had to reboot my machine after following these instructions before I was able to log in. I kept getting "Connection unexpectedly dropped" errors and the like. Did anyone else notice this also? Maybe the guide needs to be updated. --gravix, 19 May 2006
[edit] use flag "server"?
The first two instructions to emerge instruct the user to set the "server" use flag in make.conf. I can't find any mention of the "server" use flag in use.desc or anywhere else... can somebody please clarify what the original author is intending? If this is in fact a valid flag, maybe we should offer a new entry to the maintainers of use.desc...
Edit: I find that the Server flag is required to get the vncserver program when emerging TightVNC. Without it you get the viewer only.
[edit] "Set access" heading seems incorrect (at least for kdm)
Note: for KDM, apply these changes to /usr/kde/3.?/share/config/kdm/Xaccess
| File: /etc/X11/xdm/Xaccess |
* #any host can get a login window or 192.168.0.* # hosts allowed are from the network 192.168.0 |
This should be this -->
Note: for KDM, apply these changes to /usr/kde/3.?/share/config/kdm/Xaccess
| File: /etc/X11/xdm/Xaccess |
localhost #any host can get a login window |
Setting it this way allowed me to connect from anywhere on my network. The way I see it (correct me if I'm wrong), XDMCP is communicating with Xvnc, not the client, thus no XDMCP connection outside the server is necessary.
Update: Then again, it might be because I am using ssh to tunnel it.
[edit] 'nobody' shell security
I really know nothing about anything - but this:
usermod -s /bin/bash nobody
would it be more secure to use /bin/rbash ?
[edit] Font/RGB Directory
At least for TightVNC you don't need to symlink /usr/lib/X11/fonts to /usr/share/fonts/. You can just supply the correct path with
-fp /usr/share/fonts/75dpi,/usr/share/fonts/misc
If you also want to use RGB add
-co /usr/share/X11/rgb
The Paths are Correct at least for X.Org 7.0 on AMD64
[edit] Editing /usr/bin/vncserver
You can also just edit /usr/bin/vncserver directly. Change the following two variables:
... # X colors database path is optional, uncomment and edit to use: $colorPath = "/usr/share/X11/rgb"; ... # Here is another example of setting the font path: $fontPath = "/usr/share/fonts/misc/,/usr/share/fonts/75dpi/"; ...
Maybe this should just be submitted as a patch...
[edit] From an upgrade to xorg
I hold a horrible time getting VNC working again after an upgrade to xorg 7.0
Not sure if it was the a problem with my disk, or just a difference in the font files, but my fonts.dir file in each font directory, and even the pcf.gz files themselves seemed to be messed up. I ended up copying portions of another from scratch install.
Do a
/usr/bin/strace -e trace=open Xvnc :1
or similar to see what VNC is trying to open and where, this will help you track down problems.
[edit] vncviewer will close after login attempt to xdm (xdm,realvnc)
xdm/xvnc will need a symbolic link for sessreg at server side.
- /usr/bin/sessreg > /usr/X11R6/bin/sessreg
- Juhapekka Piiroinen (20.2.2007)
[edit] VNC on amd64
This might be a weird question, but which is best for the amd64 architecture? I heard there were problems there, and checking out xf4vnc, it's all hardmasked. [unsigned. Please remember to put four tildes after your talking]
- I'm running a headless amd64 server. I started out using RealVNC, but I found it had some unsolvable [dependency conflicts] with several x libraries. This required me to unmerge vnc before I did any emerge --deep --update world, then re-emerge it. This was unacceptable, so I unmerged RealVNC in favour of TightVNC,. Now I can't seem to get clipboard working from a windows XP client. In RealVNC, this was taken care of by the vncconfig program, but this is not part of the TightVNC package. I then tried XF4VNC as well as freenx, but got nowhere with either. Right now, I've gone back to TightVNC without any clipboard support. Booooo. :( Asides from clipboard support, TightVNC seems a lot better than RealVNC. Enki [unsigned. Please remember to put four tildes after your talking]
- Well, I finally got this darn thing to work. The trick was to emerge autocutsel (you'll need to add "x11-misc/autocutsel ~* *" to /etc/portage/package.keywords since it's masked right now), and then add "autocutsel -fork" to your /home/$user/.vnc/xstartup script before the line which starts your window manager (gnome-session/startkde/if-you're-not-using-one-of-those-then-you-know-what-you're-doing). To me, this indicates some sort of problem with the clipboard buffers that tightvnc uses being different from the ones used by applications running in the window manager. I really don't know enough about these buffers to figure out why it works for some people and not for others. Oh, by the way, credit goes to this post [1] for leading me to autocutsel Enki 74.14.228.158 21:32, 17 July 2008 (UTC)
- You can compile xf4vnc yourself. I'm working on that now. If I can get it working, I might post a binary on my website. Their CVS is set up really weirdly though. YMMV. Etherealflaim 19:24, 28 March 2008 (UTC)
