systemd
Daemonjournalctl
: Query the systemd
Journaludev
Virtual Network Computing (VNC) enables you to control a remote computer via a graphical desktop (as opposed to a remote shell access). VNC is platform-independent and lets you access the remote machine from any operating system.
openSUSE Leap supports two different kinds of VNC sessions: One-time sessions that “live” as long as the VNC connection from the client is kept up, and persistent sessions that “live” until they are explicitly terminated.
A machine can offer both kinds of sessions simultaneously on different ports, but an open session cannot be converted from one type to the other.
A one-time session is initiated by the remote client. It starts a graphical login screen on the server. This way you can choose the user which starts the session and, if supported by the login manager, the desktop environment. Once you terminate the client connection to such a VNC session, all applications started within that session will be terminated, too. One-time VNC sessions cannot be shared, but it is possible to have multiple sessions on a single host at the same time.
Start
› › .Check
.If necessary, also check
(for example, when your network interface is configured to be in the External Zone). If you have more than one network interface, restrict opening the firewall ports to a specific interface via .Confirm your settings with
.In case not all needed packages are available yet, you need to approve the installation of missing packages.
The default configuration on openSUSE Leap serves sessions with a
resolution of 1024x768 pixels at a color depth of 16-bit. The sessions
are available on ports 5901
for “regular” VNC viewers (equivalent to VNC display
1
) and on port
5801
for Web browsers.
Other configurations can be made available on different ports, see Section 4.1.3, “Configuring One-time VNC Sessions”.
VNC display numbers and X display numbers are independent in one-time sessions. A VNC display number is manually assigned to every configuration that the server supports (:1 in the example above). Whenever a VNC session is initiated with one of the configurations, it automatically gets a free X display number.
By default, both the VNC client and server try to communicate securely via a self-signed SSL certificate, which is generated after installation. You can either use the default one, or replace it with your own. When using the self-signed certificate, you need to confirm its signature before the first connection—both in the VNC viewer and the Web browser. The Java client is served over HTTPS, using the same certificate as VNC.
To initiate a one-time VNC session, a VNC viewer must be installed on
the client machine. The standard viewer on SUSE Linux products is
vncviewer
, provided by the package
tigervnc
. You may also view a
VNC session using your Web browser and a Java applet.
To start your VNC viewer and initiate a session with the server's default configuration, use the command:
vncviewer jupiter.example.com:1
Instead of the VNC display number you can also specify the port number with two colons:
vncviewer jupiter.example.com::5901
Alternatively use a Java-capable Web browser to view the VNC session by
entering the following URL: http://jupiter.example.com:5801
You can skip this section, if you do not need or want to modify the default configuration.
One-time VNC sessions are started via the
xinetd
daemon. A configuration
file is located at /etc/xinetd.d/vnc
. By default it
offers six configuration blocks: three for VNC viewers
(vnc1
to vnc3
), and three serving
a Java applet (vnchttpd1
to
vnchttpd3
). By default only vnc1
and vnchttpd1
are active.
To activate a configuration, comment the line disable =
yes
with a #
character in the first column,
or remove that line completely. To deactivate a configuration uncomment
or add that line.
The Xvnc
server can be configured via the
server_args
option—see Xnvc
--help
for a list of options.
When adding custom configurations, make sure they are not using ports that are already in use by other configurations, other services, or existing persistent VNC sessions on the same host.
Activate configuration changes by entering the following command:
sudo rcxinetd reload
When activating Remote Administration as described in
Procedure 4.1, “Enabling One-time VNC Sessions”, the ports
5801
and
5901
are opened in the
firewall. If the network interface serving the VNC sessions is
protected by a firewall, you need to manually open the respective ports
when activating additional ports for VNC sessions. See
Book “Security Guide”, Chapter 15 “Masquerading and Firewalls” for instructions.
A persistent VNC session is initiated on the server. The session and all applications started in this session run regardless of client connections until the session is terminated.
A persistent session can be accessed from multiple clients simultaneously. This is ideal for demonstration purposes or for trainings where the trainer might need access to the trainee's desktop. However, most of the times you probably do not want to share your VNC session.
In contrast to one-time sessions that start a display manager, a persistent session starts a ready-to-operate desktop that runs as the user that started the VNC session. Access to persistent sessions is protected by a password.
Open a shell and make sure you are logged in as the user that should own the VNC session.
If the network interface serving the VNC sessions is protected by a firewall, you need to manually open the port used by your session in the firewall. If starting multiple sessions you may alternatively open a range of ports. See Book “Security Guide”, Chapter 15 “Masquerading and Firewalls” for details on how to configure the firewall.
vncserver
uses the ports
5901
for display
:1
, 5902
for display :2
, and so on. For persistent sessions,
the VNC display and the X display usually have the same number.
To start a session with a resolution of 1024x769 pixel and with a color depth of 16-bit, enter the following command:
vncserver -geometry 1024x768 -depth 16
The vncserver
command picks an unused display number
when none is given and prints its choice. See man 1
vncserver
for more options.
When running vncviewer
for the first time, it asks for
a password for full access to the session.
The password you are providing here is also used for future sessions
started by the same user. It can be changed with the
vncpasswd
command.
Make sure to use strong passwords of significant length (eight or more characters). Do not share these passwords.
VNC connections are unencrypted, so people who can sniff the network(s) between the two machines can read the password when it gets transferred at the beginning of a session.
To terminate the session shut down the desktop environment that runs inside the VNC session from the VNC viewer as you would shut it down if it was a regular local X session.
If you prefer to manually terminate a session, open a shell on the VNC
server and make sure you are logged in as the user that owns the VNC
session you want to terminate. Run the following command to terminate the
session that runs on display :1
: vncserver
-kill :1
To connect to a persistent VNC session, a VNC viewer must be installed.
The standard viewer on SUSE Linux products is
vncviewer
, provided by the package tigervnc
(default). You may also view a VNC
session using your Web browser and a Java applet.
To start your VNC viewer and connect to display :1
of
the VNC server, use the command
vncviewer jupiter.example.com:1
Instead of the VNC display number you can also specify the port number with two colons:
vncviewer jupiter.example.com::5901
Alternatively use a Java-capable Web browser to view the VNC session by
entering the following URL: http://jupiter.example.com:5801
Persistent VNC sessions can be configured by editing
$HOME/.vnc/xstartup
. By default this shell script
starts the same GUI/window manager it was started from. In openSUSE Leap
this will either be GNOME or IceWM. If you want to start your session
with a window manager of your choice, set the variable
WINDOWMANAGER
:
WINDOWMANAGER=gnome vncserver -geometry 1024x768 WINDOWMANAGER=icewm vncserver -geometry 1024x768
Persistent VNC sessions are configured in a single per-user configuration. Multiple sessions started by the same user will all use the same start-up and password files.