TigerVNC is an application that allows users to be able to interact with graphical applications on remote machines. TigerVNC is an implementation of Virtual Network Computing (VNC), which utilizes a client/server model.The level of performance provided by TigerVNC is capable of running 3D applications and playing video games. On the site of security, TigerVNC has support for TLS encryption and other advanced authentication methods. In this guide, we'll look at Installing and configuration of tigervnc on Arch Linux 2018.01.01.
Since TigerVNC is a client-server application, let's look at client and server applications that are installed on your Operating system when you setup TigerVNC.
Server Side components
Xvnc - This is the VNC and X Server for TigerVNC.
vncserver - This is a wrapper script used for managing starting of Xvnc daemon
vncpasswd - When VNC authentication is enabled, vncpasswd is responsible for VNC server password management.
vncconfig - Used to interact with a running instance of Xvnc
x0vncserver - This is a demonstration of a simple VNC server, it polls any X display continuously so that VNC can control it
TigerVNC Client side
Any version of TigerVNC applications comes with a cross-platform TigerVNC Viewer. This connects to the VNC server allowing you to interact with a remote desktop being displayed by the VNC server. vncviewer can be used to connect to a VNC server running on any platform (Linux, Unix or Windows)
Installing tigervnc on Arch (release - 2018.01.01)
TigerVNC can be installed on Arch downloading the binary package from community repository an installing it. If you do a search of tigervnc, you'll get output like:
$ sudo pacman -Ss tigervnc community/tigervnc 1.8.0-3 Suite of VNC servers and clients. Based on the VNC 4 branch of TightVNC.
To install TigerVNC package, run:
$ sudo pacman -S tigervnc --noconfirm
The installation of this package provides the requisite vncserver, x0vncserver and also vncviewer.
It is good to note that Vncserver provides two major remote control abilities:
- Virtual Server running in headless mode with virtual console
- Direct control of physical local X sessions,
When you run vncserver for the first time, it will initialize vncserver environment, generate vncserver configuration, and add passwords for user authentication. This is achieved by running the command:
$ vncserver You will require a password to access your desktops. Password: Verify: Would you like to enter a view-only password (y/n)? n New 'dev.jmtai.com:1 (jmutai)' desktop is dev.jmtai.com:1 Creating default startup script /home/jmutai/.vnc/xstartup Creating default config /home/jmutai/.vnc/config Starting applications specified in /home/jmutai/.vnc/xstartup Log file is /home/jmutai/.vnc/dev.jmtai.com:1.log
This will prompt you to enter the password used to access your desktops, enter and verify. If you would like to set a view-only password, please press y on the next prompt.
As seen from the output, generated configuration will be stored under ~/.vnc/config and startup script is generated and stored in ~/.vnc/xstartup. All logs from vncserver will be stored in the file ~/.vnc/hostname:1.log.
The :1 signifies TCP port number on which the virtual vncserver is running. In this case, :1 is actually TCP port 5901 (5900+1). If another instance of vncserver is started, it will run on the next highest that's free, i.e 5902 (5900+2) which shall end in :2 as above. There is no limit on the number of VNC servers that can be started on Linux, memory is the only limiting factor.
Editing the environment file
~/.vnc/xstartup functions like .xinitrc and it's sourced by vncserver when being started. At a minimum, users should start a DE from this file. As an example, to start i3wm, you'll modify the file to:
$ cat ~/.vnc/xstartup #!/bin/bash exec i3 &>/dev/null
The file should be executable:
$ chmod +x ~/.vnc/xstartup
To stop vncserver, use the command:
$ vncserver -kill :1
Replace :1 with relevance instance number given when you started it.
Adding vncserver options
Supported server options can be added by editing the file ~/.vnc/config. The common options are:
$ cat ~/.vnc/config securitytypes=vncauth,tlsvnc desktop=sandbox geometry=1200x700 dpi=96 localhost alwaysshared
Modify them to your liking and save.
Starting and stopping vncserver via systemd
To control vncserver with systemd, first, create systemd unit file for the user,
$ cat /etc/systemd/system/vncserver@:1.service [Unit] Description=Remote desktop service (VNC) After=syslog.target network.target [Service] Type=simple User=jmutai PAMName=login PIDFile=/home/%u/.vnc/%H%i.pid ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' ExecStart=/usr/bin/vncserver %i -geometry 1440x900 -alwaysshared -fg ExecStop=/usr/bin/vncserver -kill %i [Install] WantedBy=multi-user.target
where :1 is the $DISPLAY environment variable. Replace jmutai with the desired username and 1440x900 with the resolution you want to set.
To start the service, run
$ sudo systemctl start vncserver@:1.service
To enable it to run at boot time, run:
$ sudo systemctl enable vncserver@:1.service
Controlling local display with vncserver
For this purpose, x0vncserver binary is provided which allows direct control over a physical X session. Invoke it like so:
$ x0vncserver -display :0 -passwordfile ~/.vnc/passwd Wed Jan 10 01:07:17 2018 Geometry: Desktop geometry is set to 1920x1080+0+0 Main: XTest extension present - version 2.2 Main: Listening on port 5900
systemd unit for the same will look like:
$ cat /etc/systemd/system/x0vncserver.service [Unit] Description=Remote desktop service (VNC) After=syslog.target network.target [Service] Type=forking User=foo ExecStart=/usr/bin/sh -c '/usr/bin/x0vncserver -display :0 -rfbport 5900 -passwordfile /home/jmutai/.vnc/passwd &' [Install] WantedBy=multi-user.target
Connecting to vncserver
Any number of clients can connect to a vncserver:
$ ip ad show dev wlp1s0 2: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether e4:a7:a0:ef:27:d9 brd ff:ff:ff:ff:ff:ff inet 192.168.0.16/24 brd 192.168.0.255 scope global dynamic noprefixroute wlp1s0 valid_lft 595575sec preferred_lft 595575sec inet6 fe80::557e:6563:6f86:f8b2/64 scope link noprefixroute valid_lft forever preferred_lft forever $ vncviewer
Enter the IP address and click connect, next you'll get a prompt asking for a password, use previously set.
Installing GUI-based clients for tigervnc on Arch
A number of GUI applications are available to connect to vncserver, they include:
$ sudo pacman -S krdc
When you launch krdc, enter the IP address of the vcn server on url and connect:
$ sudo pacman -S rdesktop
$ sudo pacman -S remmina
To use any of these GUI based applications, launch it and provide needed details.