TigerVNC

From Amahi Wiki
Jump to: navigation, search

Amahi 8 (Fedora 21) Desktop Installation

For TigerVNC to work a Desktop Environment must be installed even if the HDA does not boot to the selected Desktop Environment.

This installation is based on a clean installation of Amahi 8, installing Fedora 21 using the Fedora Server DVD and following the installation instructions Fedora 21 Server Install .

The Cinnamon Desktop Environment was selected as it operates well on low spec computers. I will attempt other desktop environments over next few months.

NOTE: The one-click VNC App has been discontinued for Amahi 7 or greater. The reason is that it pulls a lot of packages, including desktop and that breaks DNS in Fedora.


Cinnamon Desktop Environment

  • As root, install Cinnamon Desktop Environment:
yum groupinstall "Cinnamon Desktop" --skip-broken

The reason for --skip-broken is that Fedora Workstation contains several variant packages that would otherwise conflict with the Server versions. By passing this argument, we’re letting yum know that it is okay to skip those packages that would have conflicts.

If you wish to boot Fedora into a graphical mode instead of console, as root use the following

systemctl set-default graphical.target

TigerVNC Server Installation

  • It is recommended to only use TigerVNC on a secure network or via a VPN.
  • As root, install the server:
yum install tigervnc-server
  • Once install we need to create new configuration file, vncserver@.service is only a template file, from this we need to create a the following config file.
cp /lib/systemd/system/vncserver@.service /lib/systemd/system/vncserver@:1.service
  • Open the new configuration file
nano /lib/systemd/system/vncserver@:1.service
  • The configuration will look like this
# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/vncserver@:<display>.service
# 2. Edit <USER> and vncserver parameters appropriately
#   ("runuser -l <USER> -c /usr/bin/vncserver %i -arg1 -arg2")
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable vncserver@:<display>.service`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted!  For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel.  See the "-via" option in the
# `man vncviewer' manual page.
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"
PIDFile=/home/<USER>/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
[Install]
WantedBy=multi-user.target
  • Under [Service] replace with the <USER> with the user name setup in Amahi/Fedora. For this example we will use tom. The modified file will look like this.
[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/sbin/runuser -l tom -c "/usr/bin/vncserver %i"
PIDFile=/home/tom/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
  • Once the config file vncserver@:1.service has been modified we next run the command as root.
systemctl daemon-reload


  • We now have to modify the firewall and open port 5901 in the iptables, run the command as root.
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 5901 -j ACCEPT

Password Setup

  • Set the VNC password for the user as defined in the vncserver@:1.service, this will create the .VNC folder for each user and place a file called passwd inside the folder.


  • From the example log into terminal as the user, in this example it will be tom and run the following command
vncpasswd
  • The following response will appear waiting for a password to be entered
Password:
  • The following response will appear waiting to verify the password entered.
Verify:

Setup Desktop Environment Access

  • Modification of the ~/.vnc/xstartup will be required to run the Cinnamon Desktop-Environment. At this point the xstartup file doesn't exist so we do the following.


For this example we need to login as the user.

  • Create the xstartup file using the command below then copy/paste the required xstartup for the chosen desktop enviroment.
nano ~/.vnc/xstartup

Modify the xstartup to the below.

#!/bin/sh
#
exec /usr/bin/cinnamon-session

Starting Tiger VNC

  • Log back in as root and run the following the commands below to enable and start the vncservice.
systemctl enable vncserver@:1.service
systemctl start vncserver@:1.service

TigerVNC Server Commands

  • The following commands will allow you to start on boot and start the vncserver service.
systemctl enable vncserver@:1.service
systemctl start vncserver@:1.service
  • The following commands will allow you to disable start on boot and stop the vncserver service.
systemctl disable vncserver@:1.service
systemctl stop vncserver@:1.service
  • The following command will restart the vncserver service.
systemctl restart vncserver@:1.service
  • The following command will display the status of the vncserver service.
systemctl status vncserver@:1.service
  • The following command will stop the vncserver.
pkill vnc


Multiple User Setup

  • It is possible to setup multiple user login's. For this example with will create 2 other users, Dick & Harry.


  • First we need to create these user, either using the Amahi Dashboard under the USER setting or by the following commands under root control.
adduser <user name>
  • For the example the commands will be
adduser dick
adduser harry
  • Then create a password for that user using the following command
passwd <user name>
  • For this example the command will be
passwd dick
passwd harry
  • When requested enter a password and renter the password to verify it for each user created.
  • Once the user are created we will need to assign configuration files for each user. For this will assign the following config files as followed. Carry out the below as root.
  • Dick will be assigned the following config file using the following.
cp /lib/systemd/system/vncserver@.service /lib/systemd/system/vncserver@:2.service
  • Harry will be assigned the following config file.
cp /lib/systemd/system/vncserver@.service /lib/systemd/system/vncserver@:3.service
  • Once the config files are created we will need to modify them for the correct user access. Accessing the files using your favourite editor the config files need to be modified under [Service] to reflect the assigned user. For this example the files should look like the following.


  • For Dick (under root control)
nano /lib/systemd/system/vncserver@:2.service
  • Then modify the [Service] as followed
[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/sbin/runuser -l dick -c "/usr/bin/vncserver %i"
PIDFile=/home/dick/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'


  • For Harry (under root control)
nano /lib/systemd/system/vncserver@:3.service
  • Then modify the [Service] as followed
[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/sbin/runuser -l harry -c "/usr/bin/vncserver %i"
PIDFile=/home/harry/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
  • Once all the vncserver@:#.service files have been created and modified we then run the following command (as root)
systemctl daemon-reload
  • We need to assign password to access vnc-server for each user, for this each user needs to login in via terminal and run the the command as below, this will be the same procedure as described under the password section
vncpasswd
  • Once each user has created a password, then each user needs to login in via terminal and modify the xstarup file to reflect the chosen desktop environment as listed above. As above the xstartup file doesn't exist yet so each user will need make a xstartup file.


  • Log in as each user and run the following command to create the xstartup file.
nano ~/.vnc/xstartup
  • Again modify the xstartup file as above to use the cinnamon desktop environment.
  • Once each xstartup file is modified we need to start each service. Login as root and run the following commands.
systemctl enable vncserver@:2.service
systemctl enable vncserver@:3.service
systemctl start vncserver@:2.service
systemctl start vncserver@:3.service
  • Once the services are running then each user can access their remote desktop using a client software as listed below. The ip address will depend on how you have setup your HDA.


  • From the example Dicks access ip address will be
192.168.1.10:2
  • For Harrys the access ip address will be
192.168.1.10:3

Windows Client Software

Download the latest Windows Client Software


Using UltraVNC for this example enter in the VNC Server text Box your hda ip address location with :1 as per the example picture below

The :1 refers to the vncserver@:1.service file that was modified


 

If connection is successful it will ask for a password, which is the password entered from the setup above.