|
|
Installing VNC Server5 q6 a9 z% |8 G
安装vncserver6 z9 B4 \) f7 P8 Q' ?4 o
TigerVNC is an actively maintained high-performance open-source VNC server. It is available in the default CentOS repositories. To install it, type:
/ N) Z, K5 r C" S. q4 o! O3 S
$ _( s- _6 w: \/ u#dnf install tigervnc-server -y0 A) Q1 T6 k( h* U
0 x; o: h+ h. j) [; N- S+ ]7 u" E配置vncServer
# g/ H6 F! H& ?3 V9 s/ QConfiguring VNC Server! v4 |: c- ? E; p! C
In CentOS 8, TigerVNC is configured using the systemd daemon.7 A9 m) ]+ A. _# G' Q' U
- O+ [* z) E3 }8 f! t% |
9 v8 w, x/ a, W8 b) @In this example, we’ll show you how to configure TigerVNC for one or more VNC users.( r5 Y5 g/ a" e' B
% Y7 K: t/ K3 k# {/ JUse the vncpasswd command to set up the password. Run the command as the user that will access the VNC server, do not use sudo:
8 Z" ?! S8 i' ?* |6 p$ @/ {这里配置vnc的密码: (root)
. O" a3 h# T- Hvncpasswd! q4 f8 }- |6 n- J& m1 Z) D
* d- V+ C1 T/ I, O
: {0 a. g; m* s8 n6 y- KYou will be prompted to enter and confirm the password and whether to set it as a view-only password. If you choose to set up a view-only password, the user will not be able to interact with the VNC instance with the mouse and the keyboard.
* j, U; I% U/ l7 ?; G( O1 _, c6 p' N- ?5 X6 e
The first time the vncpasswd command is run, it will create and store the password file in the user’s ~/.vnc directory.
2 o7 F: y0 t. [' E; L7 I1 d" K7 W4 V( W: x: p6 Q L/ w
Password: }7 |6 ~8 t- u+ h! M5 I
Verify:
, V: Y, ]( R2 n3 w% K- N8 _Would you like to enter a view-only password (y/n)? n
; ^5 p1 L! g1 h' p' |; v, O9 u! bA view-only password is not used& r% _% l' V# ?, u* G; W
9 ]9 I+ Z, E6 p) g) q4 ~
/ g* d, |6 F4 sIf you’re adding a second user, switch to it and set the password with vncpasswd., m* z: v+ B# }# D3 l. ^- [
3 A& s C! M9 `) M+ X' F
The next step is to configure TigerVNC to use Gnome. VNC reads the user configuration settings from the ~/.vnc/config file. Open the file and add the following:
7 N/ H. g9 E! L' l, l3 R
7 @ m6 a. a1 q& w0 r8 H/ K: E$ J#vim ~/.vnc/config2 F/ d* a ^- a/ T8 @ i8 j$ a
session=gnome
a4 S% \6 h. ?4 a9 l, _/ ygeometry=1920x1200 (or 1280x720)
. i+ T$ e/ B1 _3 \: Clocalhost (这个地方不配置,表示所有的都能访问)
) D5 V) G0 @8 Z& A+ E" e! S5 {alwaysshared
: {* h+ D& p7 z" u- E; Z% Q4 _% g3 R; G. ~/ {* M7 e
例如:
7 _1 ?* @1 ~. ^. e% k% Z# j9 v6 W" X# {" F
$ cat ~/.vnc/config 2 \/ _0 \2 w$ P/ k& [
session=gnome5 }- \7 } N" S- ?, C! k9 C6 a
geometry=1280x720
c! W# V- ?' v9 \( Halwaysshared- K% \( j7 K. D& {7 e p+ f) n
5 k% [7 d8 g, c8 ]) E1 @+ T% a% c9 I9 k$ y7 f
' f' E+ A: A1 Q7 g0 E* CThe session option specifies the session you want to start, and the geometry option specifies the size of the VNC desktop.
( A5 _& ~4 @1 V! a; j3 W' v
8 J; w5 i9 q$ zSave and close the file . If you’re adding multiple users, repeat the same step.; C0 ]" e4 G2 Z! v7 {, S! d
1 G( o# E) A/ @" DTigerVNC ships with a file that allows you to map a user to a particular port. The mapping is configured in the /etc/tigervnc/vncserver.users file:9 C3 h: q3 C4 d: R
( |6 B# y/ u3 F2 B- D
配置vnc的用户:
$ t$ {! c4 T g" U
2 K+ B" A5 m: q% h4 z; o" x/ u, D#sudo vim /etc/tigervnc/vncserver.users& J: L2 f+ V. T( C( q
, O- G8 C6 X }! Z8 J0 J( e! e
The file uses <display_port>=<username> syntax. In the example below, we are mapping display port :1 to user linuxize. Use the same format to add more users.( ]! Q/ Q5 t' J4 T7 M2 b: p
8 i; }# N* [% b0 s$ D+ _6 R# t
# TigerVNC User assignment
. Z( N0 r9 |+ j' G$ l- Q7 N+ N# O#- J: G8 G" H9 p/ F; d
# This file assigns users to specific VNC display numbers.* S! T+ F6 }0 F% z! W. r
# The syntax is <display>=<username>. E.g.:
2 V2 [' B4 ]( M( ?- D- z* j" m6 `#4 G5 A6 M- [4 X6 ~2 R9 \" Y( N
# :2=andrew
% H$ ?! H- i& N+ e# :3=lisa
$ L2 U7 d6 U( N! K:1=root
. I @; M3 S- P w6 i' s
0 Y Q& z$ ]( @+ D+ b! U. I4 J* A" E
" S2 Q/ u* \, d6 T: o o% k" [- |+ c. b, G' P% D+ ]
:1 is the display port number on which the VNC server will run. In our case, the server is running on TCP port 5901 (5900+1). If you map another user, for example, to display port :2, the server will also listen on port 5902 (5900+2).
" t+ n# {9 {5 ~ W
s1 i4 P& K7 y( ^" KWhat is important to understand is that when working with VNC servers, :X is a display port that refers to 5900+X.
; }. o9 P. I' X: C
" L( f: E" a1 _% q启动vncserver
: W# s9 K2 `* b# r3 O4 qStarting the Tigervnc Server* o# ~" X( l6 t% k8 Y9 ~
Once you’re done with the configuration, the last step is to start the VNC server.
3 y# S3 Z( K4 t) {, ?+ h; l* m* Q7 r" g+ b. w
To start and enable the VNC service for the user mapped to the display port :1, enter:/ h8 p" N: p& H3 h+ H
' M8 v$ o8 ~/ O5 k/ a- n0 Q" h6 g E! t' _# p6 X8 F" }
复制配置文件:4 J3 Q3 B: r- c) X. K
8 F s" l3 ~/ f( e+ Icp /lib/systemd/system/vncserver@.service /lib/systemd/system/vncserver@:1.service
2 `# C* N9 m0 R" a% Q) P7 S2 E+ E+ l$ v: D6 `
启动并加入开机启动: _+ k. v4 }# y3 `; Z
sudo systemctl enable vncserver@:1 --now. i9 n4 N, k; X
" P3 q6 A" s C0 xThe VNC server will listen on port 5901, as we discussed in the previous section.* L/ i5 H b! J( _+ G( W) l
- P `1 c' T2 k b2 O: aYou can verify that the service is successfully started with:
3 d, U- \0 p. c) u1 X; s4 \2 o' _: Q& q
6 U5 G2 c1 H1 e, ~
sudo systemctl status vncserver@:1
% a( d& v9 h- X) Q+ e
5 S! o4 w6 T2 {. O3 s* \" i1 H: ~● vncserver@:1.service - Remote desktop service (VNC)
( Z! Z; O, g$ x8 u5 F Loaded: loaded (/usr/lib/systemd/system/vncserver@.service; enabled; vendor preset: disabled)
) G: H0 h" Q% e Active: active (running) since Thu 2020-12-17 21:49:41 UTC; 8s ago
: s2 ^6 }$ [1 e1 T ...
4 b/ x% V6 b% U5 T
R3 V- m, f% D! t4 hTo enable VNC for other users, simply replace 1 with the display port mapped to the user.
- c3 |* p4 S# p( G1 V4 \
% P* e) T7 `% f4 C( G- y0 MConnecting to VNC server& ]8 J1 m# B+ E5 V
VNC is not an encrypted protocol and can be subject to packet sniffing. The recommended approach is to create an SSH tunnel to securely forward traffic from your local machine on port 5901 to the remote server on the same port.) l( `7 g* r. @1 [7 _7 L8 i# H% D# B
9 r; ^9 l! R) ~8 K% \
2 u( `2 d4 |8 M0 p
Set Up SSH Tunneling on Linux and macOS2 B7 x: N8 [( P
If you run Linux, macOS, or any other Unix-based operating system on your machine, you can easily create a tunnel using the following ssh command:
* |5 |4 ~+ ]" P8 P S6 X) l" X; T/ Z$ [
O# [2 v/ k0 }! z4 d7 K0 ~& rssh -L 5901:10.16.68.5:5901 -N -f -l username remote_server_ip
9 e/ W' A2 i$ G$ i: A7 Z" r! FCopy
1 Z$ `" |7 ~) @; aYou will be prompted to enter the user password.
" L/ N/ C2 L S, q& i3 s
+ j3 }9 ^: d6 K# XDo not forget to replace username and server_ip_address with your username and the IP address of your server., R: P0 Y& |$ I H' `. W3 l
- j# Y0 C1 K$ ~, z
|
|
发表于 2024-10-15 17:00:02