|
|
Installing VNC Server A7 s% |2 _0 v( e7 \8 C9 [
安装vncserver" I* D4 K# n* r2 W) M+ o
TigerVNC is an actively maintained high-performance open-source VNC server. It is available in the default CentOS repositories. To install it, type:
1 S- {9 G' c; ~
& D& B: E( W5 [9 }0 _) t#dnf install tigervnc-server -y5 u+ T/ B! M. P1 }( n- O
0 i) U8 ~6 f8 a( z* Z8 @3 M ?
配置vncServer
: T7 i) x3 L$ w) ]1 C1 ^* z, gConfiguring VNC Server& Q# A) r! B% G) C
In CentOS 8, TigerVNC is configured using the systemd daemon.2 ?$ j$ F3 j) u/ [' O( L
/ {( T' o# d- Z8 H. w& ~
# p. o& Q" W8 V. {2 O6 QIn this example, we’ll show you how to configure TigerVNC for one or more VNC users./ D5 V2 V& o3 v% v0 v& z
7 V& X* S0 |4 P% V2 k; t; vUse the vncpasswd command to set up the password. Run the command as the user that will access the VNC server, do not use sudo:
) l8 T& T+ S3 b a- y# Z这里配置vnc的密码: (root)0 u' o! K* a" ]3 r* v, t! v
vncpasswd
1 n$ e! q) ]) w+ o5 o7 ^+ g: d1 A1 w. r/ O
" E4 Z5 b* _" X2 L+ \) e* `You will be prompted to enter and confirm the password and whether to set it as a view-only password. If you choose to set up a view-only password, the user will not be able to interact with the VNC instance with the mouse and the keyboard.
+ Z/ Q' N8 d* t& \1 U6 }# k1 M5 i, L) i5 ^4 n% a. m9 C
The first time the vncpasswd command is run, it will create and store the password file in the user’s ~/.vnc directory.
, ?; s. f6 F0 {( S# X+ z8 X* Q6 z
6 N3 b$ z; W* L# A; F$ APassword:
9 L. ?% K* M" H7 Q' v/ o# }1 `Verify:
2 f* w: x; K! xWould you like to enter a view-only password (y/n)? n
8 `- c; \- j* wA view-only password is not used
# \+ ]% U& a0 L* d; |( w
; R6 A3 \. D& U/ f( p0 F1 l+ Z8 L6 b1 Q0 R: e; V3 a9 Z& ?- T
If you’re adding a second user, switch to it and set the password with vncpasswd.9 K! |" e7 e$ z* Y1 N1 s0 r; T
. O; c E* M! m: m
The next step is to configure TigerVNC to use Gnome. VNC reads the user configuration settings from the ~/.vnc/config file. Open the file and add the following:
z5 }0 f" ~4 ~
; N% `: P8 o- `- ~% m$ g. I#vim ~/.vnc/config# P' b" R5 h" n; `( b0 z3 X
session=gnome5 y* W8 a" Y( B+ H3 [$ O' _
geometry=1920x1200 (or 1280x720)9 P! a6 T1 Z) w8 }6 Z% [. }
localhost (这个地方不配置,表示所有的都能访问). e$ z2 H2 D( n& z. i, K
alwaysshared
9 B5 J. F% G4 `$ Q4 P" O; O( N) S4 y: j
例如:
( T2 j0 Z2 G1 g3 I+ d6 ]( g
1 y; h( v/ C% K9 s, T$ cat ~/.vnc/config & A9 W* Q( v) |1 z$ c" C
session=gnome3 l, q! c9 q7 j5 ~$ P }; Y" ]
geometry=1280x720
. { ~7 O4 J! g1 z4 kalwaysshared
) @3 j5 d5 U% V) ?/ H5 e0 e
c0 | F9 z- D8 N" Z* \3 d4 _2 W+ c1 K6 F- u1 P0 F1 P& S
5 a& a' C4 R) ?9 p& B8 iThe session option specifies the session you want to start, and the geometry option specifies the size of the VNC desktop.
7 U3 x" F/ a' ~) K* J4 A4 ?0 M& l5 [6 U! e. m8 K. H9 G
Save and close the file . If you’re adding multiple users, repeat the same step.. ~0 Q% X" r; d9 O2 U. `) z: M; U
7 z+ c4 {3 z% s$ ^0 x; k. n
TigerVNC ships with a file that allows you to map a user to a particular port. The mapping is configured in the /etc/tigervnc/vncserver.users file:
* j+ B% q6 ~3 l% z& {- `' a: F$ K7 Y0 U+ Z
配置vnc的用户:
4 h1 g& S' C% J( H6 P4 k# D# y, N$ z* v
#sudo vim /etc/tigervnc/vncserver.users, t6 _) c9 T# \: c& C T
7 C, {3 e0 a: B) |0 [4 B4 p4 OThe file uses <display_port>=<username> syntax. In the example below, we are mapping display port :1 to user linuxize. Use the same format to add more users.3 c6 R! j3 s& ^1 m. {- a# g
( M0 v+ W z& H- |' {7 ~# Q- E8 ^
# TigerVNC User assignment) [+ V: f c7 e! G8 x2 u; p
#
- P+ q6 S1 L" d. p# I9 M) b# This file assigns users to specific VNC display numbers.
) v3 G) j- d; R( p& V9 `- W# The syntax is <display>=<username>. E.g.:9 x& d$ ~/ ?6 ?5 ?! y* K. `/ [& x7 O
#
7 X$ d3 a2 S; q2 [6 B# p" ]# :2=andrew6 ~) T$ s9 X8 ^7 v5 ]7 E5 x: g
# :3=lisa* r/ Z; j8 K0 z( s1 ]1 `
:1=root
: Z! m% O3 C$ m3 D
, H( a' j8 v+ E1 _# Z5 R* m
# ?0 p2 _3 H+ A0 p7 Z) Q" n. y; J9 l5 }% y: t9 ~
:1 is the display port number on which the VNC server will run. In our case, the server is running on TCP port 5901 (5900+1). If you map another user, for example, to display port :2, the server will also listen on port 5902 (5900+2).. Z2 H- t8 |' U# D, R8 B$ c! O5 G/ T
: j! k) k6 L3 ?1 S9 Q- _: DWhat is important to understand is that when working with VNC servers, :X is a display port that refers to 5900+X.) I2 Y8 C7 z! R4 S' X6 \ d
H" Z. }6 m! a启动vncserver4 u1 u: Y9 w& C
Starting the Tigervnc Server
) l4 g5 r2 _5 YOnce you’re done with the configuration, the last step is to start the VNC server.
. {$ [( K3 R Q! `9 \
8 s v& J3 ` L" _1 PTo start and enable the VNC service for the user mapped to the display port :1, enter:
; _: n/ l4 _) w6 G3 X7 s( Y9 w/ ~3 k4 O. U
: Q' J _& h5 F) I% R2 d复制配置文件:- s6 U# D! Q' t5 w3 S2 c
) K; ]' n: ~* J# b0 C! v
cp /lib/systemd/system/vncserver@.service /lib/systemd/system/vncserver@:1.service( I$ ~6 `; H1 _/ h& q6 e
$ B, \# z1 i* a m7 e
启动并加入开机启动:
) u" C: C8 A, s" ^( l) Z0 rsudo systemctl enable vncserver@:1 --now
1 U6 L! [- b* j7 J9 n& q+ u: w- \! W6 ~2 K- t' c6 j: @1 ?; n
The VNC server will listen on port 5901, as we discussed in the previous section.
. Q# p9 E0 `' Y: _4 ]; u1 k4 D8 p! @$ y d
You can verify that the service is successfully started with:
. W! B% t2 p* w$ T) b* [4 U
4 P9 {) U" h3 ^6 ?# K( ~5 y6 y( N& @3 _2 r2 R
sudo systemctl status vncserver@:18 O, [4 f3 G" B" [ j6 `
0 |" j8 ~6 c# z( ]5 N; \● vncserver@:1.service - Remote desktop service (VNC)" W, \# O% N# j
Loaded: loaded (/usr/lib/systemd/system/vncserver@.service; enabled; vendor preset: disabled)" w' V; \/ R$ ^) Y8 S) |9 X
Active: active (running) since Thu 2020-12-17 21:49:41 UTC; 8s ago
1 b) _( n$ W- \/ S t ...0 ~4 r2 D) F0 z# U$ D6 @
: }5 f' A/ \- S7 [2 f1 }& ]
To enable VNC for other users, simply replace 1 with the display port mapped to the user.
: R1 G8 X- c# S( |+ H
3 e1 D- @. Y& o6 Z% Y& G) c; G4 ] S: rConnecting to VNC server! l" v9 U8 N( d4 i
VNC is not an encrypted protocol and can be subject to packet sniffing. The recommended approach is to create an SSH tunnel to securely forward traffic from your local machine on port 5901 to the remote server on the same port.
; Z, K& d3 ^* ^( L* ` a( \1 l
1 r2 K! c& ]# z
) ~* I# t$ r9 kSet Up SSH Tunneling on Linux and macOS
( D* M: C( A7 X$ @& e% D) }If you run Linux, macOS, or any other Unix-based operating system on your machine, you can easily create a tunnel using the following ssh command:; }" a4 D/ ]" Z; V3 M* ^" ?
7 \5 N. d# o. G
ssh -L 5901:10.16.68.5:5901 -N -f -l username remote_server_ip
6 k+ g0 g4 w) [Copy0 q( l0 o' Y, [) [& O
You will be prompted to enter the user password.
: `1 F& [3 s' k8 q& W, u# p6 S/ ?# F _/ @3 _5 h6 h+ X+ \( I% I/ ?) ~
Do not forget to replace username and server_ip_address with your username and the IP address of your server.; u# _: {) q' e( \+ F& n
" q* v& c. n3 v) y) v |
|
发表于 2024-10-15 17:00:02