To start your VNC viewer and initiate a session with the server, use the command:

tux > vncviewer jupiter.example.com:1

Instead of the VNC display number you can also specify the port number with two colons:

tux > vncviewer jupiter.example.com::5901

Note: Display and Port Number

The actual display or port number you specify in the VNC client must be the same as the display or port number picked by the vncserver command on the target machine. See Section 4.4, “Configuring Persistent VNC Server Sessions” for further info.

By running vncviewer without specifying --listen or a host to connect to, it will show a window to ask for connection details. Enter the host into the VNC server field like in Section 4.1.1, “Connecting Using the vncviewer CLI” and click Connect.

Figure 4.1: vncviewer #

The VNC protocol supports different kinds of encrypted connections, not to be confused with password authentication. If a connection does not use TLS, the text “(Connection not encrypted!)” can be seen in the window title of the VNC viewer.

To use Remmina, verify whether the remmina package is installed on your system, and install it if not. Remember to install the VNC plug-in for Remmina as well:

root # zypper in remmina remmina-plugin-vnc

Run Remmina by entering the remmina command.

Figure 4.2: Remmina's Main Window #

The main application window shows the list of stored remote sessions. Here you can add and save a new remote session, quick-start a new session without saving it, start a previously saved session, or set Remmina's global preferences.

To add and save a new remote session, click in the top left of the main window. The Remote Desktop Preference window opens.

Figure 4.3: Remote Desktop Preference #

Complete the fields that specify your newly added remote session profile. The most important are:

Select the Advanced tab to enter more specific settings.

Tip: Disable Encryption

If the communication between the client and the remote server is not encrypted, activate Disable encryption, otherwise the connection fails.

Select the SSH tab for advanced SSH tunneling and authentication options.

Confirm with Save. Your new profile will be listed in the main window.

You can either start a previously saved session, or quick-start a remote session without saving the connection details.

4.2.4.1 Quick-starting Remote Sessions #Edit source

To start a remote session quickly without adding and saving connection details, use the drop-down box and text box at the top of the main window.

Figure 4.4: Quick-starting #

Select the communication protocol from the drop-down box, for example 'VNC', then enter the VNC server DNS or IP address followed by a colon and a display number, and confirm with Enter.

4.2.4.3 Remote Sessions Window #Edit source

Remote sessions are opened in tabs of a separate window. Each tab hosts one session. The toolbar on the left of the window helps you manage the windows/sessions, such as toggle fullscreen mode, resize the window to match the display size of the session, send specific keystrokes to the session, take screenshots of the session, or set the image quality.

Figure 4.5: Remmina Viewing Remote Session #

To edit a saved remote session, right-click its name in Remmina's main window and select Edit. Refer to Section 4.2.3, “Adding Remote Sessions” for the description of the relevant fields.

To copy a saved remote session, right-click its name in Remmina's main window and select Copy. In the Remote Desktop Preference window, change the name of the profile, optionally adjust relevant options, and confirm with Save.

To Delete a saved remote session, right-click its name in Remmina's main window and select Delete. Confirm with Yes in the next dialog.

If you need to open a remote session from the command line or from a batch file without first opening the main application window, use the following syntax:

 tux > remmina -c profile_name.remmina

Remmina's profile files are stored in the .local/share/remmina/ directory in your home directory. To determine which profile file belongs to the session you want to open, run Remmina, click the session name in the main window, and read the path to the profile file in the window's status line at the bottom.

Figure 4.6: Reading Path to the Profile File #

While Remmina is not running, you can rename the profile file to a more reasonable file name, such as sle15.remmina. You can even copy the profile file to your custom directory and run it using the remmina -c command from there.

The default configuration on openSUSE Leap serves sessions with a resolution of 1024x768 pixels at a color depth of 16-bit. The sessions are available on ports 5901 for “regular” VNC viewers (equivalent to VNC display 1) and on port 5801 for Web browsers.

Other configurations can be made available on different ports, see Section 4.3.3, “Configuring One-time VNC Sessions”.

VNC display numbers and X display numbers are independent in one-time sessions. A VNC display number is manually assigned to every configuration that the server supports (:1 in the example above). Whenever a VNC session is initiated with one of the configurations, it automatically gets a free X display number.

By default, both the VNC client and server try to communicate securely via a self-signed SSL certificate, which is generated after installation. You can either use the default one, or replace it with your own. When using the self-signed certificate, you need to confirm its signature before the first connection—both in the VNC viewer and the Web browser.

To connect to a one-time VNC session, a VNC viewer must be installed, see also Section 4.1, “The vncviewer Client”. Alternatively use a JavaScript-capable Web browser to view the VNC session by entering the following URL: http://jupiter.example.com:5801

You can skip this section, if you do not need or want to modify the default configuration.

One-time VNC sessions are started via the systemd socket xvnc.socket. By default it offers six configuration blocks: three for VNC viewers (vnc1 to vnc3), and three serving a JavaScript client (vnchttpd1 to vnchttpd3). By default only vnc1 and vnchttpd1 are active.

To activate the VNC server socket at boot time, run the following command:

tux > sudo  systemctl enable xvnc.socket

To start the socket immediately, run:

tux > sudo  systemctl start xvnc.socket

The Xvnc server can be configured via the server_args option. For a list of options, see Xvnc --help.

When adding custom configurations, make sure they are not using ports that are already in use by other configurations, other services, or existing persistent VNC sessions on the same host.

Activate configuration changes by entering the following command:

tux > sudo systemctl reload xvnc.socket

Important: Firewall and VNC Ports

When activating Remote Administration as described in Procedure 4.1, “Enabling One-time VNC Sessions”, the ports 5801 and 5901 are opened in the firewall. If the network interface serving the VNC sessions is protected by a firewall, you need to manually open the respective ports when activating additional ports for VNC sessions. See Book “Security Guide”, Chapter 17 “Masquerading and Firewalls” for instructions.

This type of persistent VNC session is initiated on the server. The session and all applications started in this session run regardless of client connections until the session is terminated. Access to persistent sessions is protected by two possible types of passwords:

A session can have multiple client connections of both kinds at once.

When running vncserver for the first time, it asks for a password for full access to the session. If needed, you can also provide a password for view-only access to the session.

The password(s) you are providing here are also used for future sessions started by the same user. They can be changed with the vncpasswd command.

Important: Security Considerations

Make sure to use strong passwords of significant length (eight or more characters). Do not share these passwords.

To terminate the session shut down the desktop environment that runs inside the VNC session from the VNC viewer as you would shut it down if it was a regular local X session.

If you prefer to manually terminate a session, open a shell on the VNC server and make sure you are logged in as the user that owns the VNC session you want to terminate. Run the following command to terminate the session that runs on display :1: vncserver -kill :1

4.4.1.1 Configuring Persistent VNC Sessions #Edit source

Persistent VNC sessions can be configured by editing $HOME/.vnc/xstartup. By default this shell script starts the same GUI/window manager it was started from. In openSUSE Leap this will either be GNOME or IceWM. If you want to start your session with a window manager of your choice, set the variable WINDOWMANAGER:

WINDOWMANAGER=gnome vncserver -geometry 1024x768
WINDOWMANAGER=icewm vncserver -geometry 1024x768

Note: One Configuration for Each User

Persistent VNC sessions are configured in a single per-user configuration. Multiple sessions started by the same user will all use the same start-up and password files.