By default Ubuntu Desktop OS comes with ssh client package. It does not include ssh server package which is needed to access this machine.
To install SSH on the newly installed Ubuntu 12.04 run following commands
sudo apt-get update sudo apt-get install ssh
That’s it. To confirm the working ssh. Run the following commands from another machine
vncserver allows you to run additional X servers on a single
machine. These X servers don't display anywhere, but instead you need to
connect to them using
vncviewer. The additional servers come up
On Debian, to install the packages for running VNC, use:
apt-get install tightvncserver xtightvncviewer
The general method is as follows:
If you get following error then
1. ssh is not running on the remote server
2. ssh is configured to run on different port
On the server
Let's say your server is called
your_server. On this server, as your
vncserver :1 -geometry 1024x768 -depth 16 -pixelformat rgb565
It will prompt you for a password, which will be used when you log in
later from the client. Here, we're just setting it up to run at a size
1024x768, with a color depth of 16 bits, and with the color format
for pixels passed set to use 5 bits for red and blue, and six bits for
green. For a full explanation of all the options, use
The first time vncserver is started up, it will also create a
configuration file, in your home directory, called
Even though we've just learned how to launch a vnc server session, surprisingly the first thing we need to learn is how to kill it again. To do this, use:
vncserver -kill :1
The reason for killing the session is that you may need to edit the
default configuration file that
vncserver creates for you, for example
to get the vncserver to run the K desktop environment instead of
you may want to edit the
$HOME/.vnc/xstartup file to replace the line:
with this line is you use KDE:
and with this line if you use GNOME:
before launching the vncserver again using:
vncserver :1 -geometry 1024x768 -depth 16 -pixelformat rgb565
ssh: connect to host 192.168.1.10 port 22: Connection refused
On the client
$ vncviewer your_server:1
This will prompt you for a password, then bring up a window showing you
the current state of the X session running within the VNC server on the
your_server. Note that even if you connect to the VNC server
from a different client machine, the same session will be seen.
Initially, the vncviewer client runs as a window within your regular X sesion. Consulting the manual using "man vncviewer", you quicky discover that pressing the function key F8 brings up a "popup" menu, where you can choose the option:
If your current X server's display size matches the setting for the geometry you chose when starting up the vncserver, this will result in a fairly good illusion that you are actually sitting at a regular X session on the console of the remote machine. There will be a little square dot at the end of the mouse cursor to remind you that you are within a vncviewer session.
Note that when
vncviewer is running as a window, you may find that it
exits with the following error when you try to move it to other virtual
desktops in KDE. A workaround for this, suggested by Philip Lijnzaad, is
to "shade" the window (by double-clicking on its title bar along the top
of the window) before moving it to another virtual desktop, and then
"unshading" it once you have selected the new virtual desktop. Note that
depending on your KDE settings, another action than double-clicking may
be needed to shade a window. You'll know that the window is shaded
because it will minimize to just the titlebar whenever it has no focus.
CleanupXErrorHandler called ShmCleanup called X Error of failed request: BadMatch (invalid parameter attributes) Major opcode of failed request: 42 (X_SetInputFocus) Serial number of failed request: 81551 Current serial number in output stream: 81557
In the case where the above workaround doesn't work and you still get
the error, or if you forget to shade the window before moving it, you
can simply restart the
vncviewer again, and of course your VNC session
is just as you left it a few moments ago.
To shut down the KDE window manager running inside the vncserver session, you can of course simply log out in the usual way. If you select the option:
"login as another user"
a KDM login screen won't appear. Instead, to get a new session you'll need to kill the vncserver sesion and start again as described earlier.
Also remember to open ssh port between remote and host machine for communication.
VMware with VNC
What if you have a server machine tucked away an a datacenter somewhere,
and you would like to use it to run the desktop version of VMware? This
is fine according to the VMware license, but the normal method of
working with X applications where you simply set your
DISPLAY back to
your local workstation, doesn't work with VMware, unfortunately. Nor do
they suggest any workaround.
One option is of course to haul a keyboard, mouse and monitor over to the datacenter and connect it up to your server, configure the graphics card, and with a bit of luck start up an X session. Then launch VMware as usual, while you sit in front of the server wondering if there was a better way.
By now, you are probably realizing that VNC provides a far easier way. The method of running VNC described in the previous section works with VMware. It works especially well in the case where you are only running server software within the VMware virtual machine, and are not particularily interested in the display of the virtual machine itself (except perhaps at boot time). The method is very satisfactory given that large pools of physical memory and multi-processor capabilities tend to be readily available on server machines.
更多Ubuntu相关信息见Ubuntu 专题页面 http://www.linuxidc.com/topicnews.aspx?tid=2
Running VNC as your "desktop"
Since running VNC in loopback mode on your local desktop machine is so fast, instead of running an X server on their primary workstation, some folks prefer to instead simply run the "vncviewer". A method for doing this was described in a post to the svlug mailing list by Nathan Myers (email@example.com), as follows:
1. Quit out of X.
2. Start the VNC server.
vncserver :0 -geometry 1024x768 -depth 16 -pixelformat rgb565
You may need to change the geometry to match your video card, e.g., it might be:
vncserver :0 -geometry 1280x1024 -depth 32
If you use -depth 8, meaning only 8 bits per pixel, it is less pretty. This creates an invisible X desktop with all your gadgets.
3. Start the viewer.
xinit `which xvncviewer` -passwd ~/.vnc/passwd -geometry 1024x768 -display localhost:1.0 localhost:0.0 -- :1
Again, maybe the geometry specification for your screen might need to be different. This allows you to see your desktop gadgets in the server.
4. Enjoy infinitely accessible desktop
Your screen looks pretty much the same as before, except the mouse pointer has a little square in it and everything is a bit slower. To view your desktop from another machine on the network, use:
xvncviewer -shared yourmachine:0.0
Now you have a second view of the same desktop. You can quit (or crash) out of both viewers, and the desktop is still there waiting to be connected to. By the way, since the first viewer is running on an X server with no window manager, you'll have to kill the viewer, to get out of it.
VNC with KDE
Some linux distributions have integrated VNC into their X server under KDE. For example, in Mandrake linux, if you want remote users to be able to share your mandrake linux desktop, then select the menu option:
Mandrake Start Menu -> Internet -> Remote Access -> Virtual Network Connection
In the dialog box, select the
Allow control of my machine (linux server)
You will need to enter a password for remote users. Press the
launch server, and a new window will appear on your desktop
with the letters
RFB in it. Remote users will then be able to access
your desktop over VNC using the password you provided, until you close
VNC differences across platforms: VNC on Microsoft Windows
On Microsoft Windows, the WinVNC server provides a similar service, but there, of course, the display numbering starts with :0, because Microsoft Windows doesn't have an X server of its own.
Both Karl J.
Runge's x11vnc and x0rfbserver from
remote control of an existing X server's display by means of a remote
vncviewer (or in the case of
x0rfbserver, preferably by
To install these packages for Debian, use:
apt-get install rfb apt-get install x11vnc
x11vnc and the older
x0rfbserver appear to be the
only complete remote control solutions for the X windowing system, but
maybe there are others. By remote control, I mean being able to use the
mouse, keyboard and display of a separate machine to interact with the X
display of another system.
If you just want gain remote mouse and keyboard control of a separate
machine (whose display you can see locally because it is actually
sitting on your desk), then
synergy is a very handy application to be
aware of. It lets your mouse seamlessly "travel" over to the other
display. It's a little tricky to describe, but it's almost like being
able to throw away the keyboard and mouse of the other machine.
VNC on Apple MacOS
There are several pre-built Mac VNC clients available, which can be found using:http://www.versiontracker.com Ivan Poddubny suggests building TightVNC from source. For that, you'll need to have X11 for MacOS installed.
VNC over OpenSSH
The following is just a summary of the full explanation.
To use VNC over OpenSSH, first you need to run an
ssh session on the
machine where you will be running the vncviewer, to request
ssh listen on a particular port on your local machine, and
forward communication on that port down the secure connection to a port
on the machine running the vncserver.
ssh -L x:localhost:y vncserver_machine
means "Start an SSH connection to the
vncserver_machine, and also
listen on port
x on my machine, and forward any connections there to
y on the
Now, the VNC protocol normally uses port
xx is the
display number of the server. So a VNC server on a Windows machine,
which normally uses display number
0, will listen on port
first VNC server on linux will probably use display number
subsequent servers would use
3, etc. and so the vncservers on
linux will be listening on ports
5902 and so forth.
By forwarding these ports to a remote machine running
can make the remote VNC server appear to be a server running on your
So, imagine you had a VNC server running as
vncserver_machine, and you wanted a secure connection
to it from your local machine. You could start the
ssh session using:
ssh -CL 5902:localhost:5901 vncserver_machine
After that, starting up the
vncviewer as follows on your local
vncviewer -encodings "copyrect hextile" localhost:2
would actually connect to display
:1 on the
Note that the above OpenSSH command-line is deliberately meant to accept
incoming connections only from the local machine. This means that to use
ssh connection that we have just set up, we must connect to it
from the same machine, using the special name
localhost, rather than
using the local machine's own unique name.
Choosing the appropriate compression method for using VNC over OpenSSH
When you use the linux VNC viewer to connect to a local machine, for best performance VNC selects whatever is available from the following list of compression methods to encode screen updates, in this order:
raw copyrect tight hextile zlib corre rre
As you can see, for local connections, VNC's
raw pixel encoding is
first in this list, and although it generally gives better performance
for local access, when the vncserver is actually remote (i.e. when you
are really accessing it over an ssh tunnel), then if the
is used, a lot more data will be sent over the network than is
necessary. The order of the list of compression methods that VNC chooses
from when the connection is to a remote vncserver, is as follows:
copyrect tight hextile zlib corre rre raw
So, when using vnc over ssh, let's use the compression
hextile, and of course leave out
vncviewer -encodings "copyrect hextile" localhost:2
Using vnc over ssh with ssh compression enabled
OpenSSH can compress the data it transfers. This is particularly useful
if the link between the vncviewer and the vncserver is a slow one, such
as a modem, but even on a faster network it can help make up for the
fact that the encryption takes a certain amount of time and so can slow
the link down a little. To add simple compression, use the
ssh (or the
+C option for ssh v2). To see how much your data is
actually being compressed, you can use the
-v option to
Using vnc in a Java-enabled browser
John McCaughey suggested that for Apple Macintosh machines, it might be
simplest to use
vnc within a Web browser. The VNC server also serves a
Java applet that should run within any Java-enabled browser. Let's say
you have a VNC server set up as session
you fire up your web browser, and go to:
the browser will then prompt you for the VNC server password as usual, and the VNC viewer session will start up within the browser in a Java applet.
Using VNC over OpenSSH in a Java-enabled browser
To use the Java applet method over an OpenSSH tunnel, two tunnels need
to be set up, one on port
5801and another on
5901. Note that the
local side of the
5901 port must be forwarded with the same number, as
unfortunately the vncserver software sends back the Java applet server's
port number incremented by
100 to the Java applet running in the client
browser, to establish the communication channel. So forwarding the ports
ssh would look like this:
ssh -L 5802:localhost:5801 -L 5901:localhost:5901 vncserver_machine
Piotr Zbiegiel suggests that instead of listing so many port
forwardings, it might be more convenient to put the settings into your
$HOME/.ssh/config file as follows:
Host vncserver_machine ForwardX11 no LocalForward 5802 localhost:5801 LocalForward 5901 localhost:5901
To launch the VNC client Java applet, put the following url in the client browser:
Note: when using port forwarding, remember that if you ssh or scp over
to the same machine name again, ssh will try to establish the same port
forwardings again a second time, and fail with a "port busy" message. To
avoid this, use an alias for the remote machine (add the alias to
/etc/hosts file), and ssh or scp to the alias instead. This works
because ssh is very literal-minded about reading its config file. Lucky
Port-forwarding firewall considerations
If you are trying to run VNC over an SSH tunnel into a machine (on a private network) located behind a port-forwarding firewall, then this section may be just what the doctor ordered. Thanks to Bill Crooke for this guide.
Let's say the VNC server machine that you are trying to connect to is
located behind a firewall that uses port forwarding. This VNC server
machine has an IP address that is a member of one of the private
networks located behind the firewall. To connect to this machine using
VNC over OpenSSH, you may need to use a modified invocation of the ssh
command, specifying the machine's IP address rather than simply
For example, if the IP address of the firewall is
firewall is forwarding port
22 to the VNC server machine, and the VNC
server machine has a private address of
192.168.0.200, then you would
need to use the following ssh command to set up the OpenSSH tunnel for
VNC. In plain English, this command means "Start an SSH connection to
the firewall machine at
184.108.40.206, and at the same time listen on
5903 of my local machine and forward any connections you see
there to port
5905 on the remote VNC server machine at
ssh -CL 5903:192.168.0.200:5905 220.127.116.11
The above command would be used in place of:
ssh -CL 5903:localhost:5905 18.104.22.168
Brute forcing vnc passwords
Only the first eight characters of the
vncserver password are used for
authentication, and there is no concept of user accounts in vncserver.
Apssword guessing is very fast, and the
vncserver does not generate
any failed login messages. A patch to
rfbproto.c in the vncviewer
vnc-3.3.3r1_unixsrc.tgz) to enable brute forcing
vnc passwords can be
This patch to the
vncviewer source code enables it to crack its way
vncserver instead of simply requesting the password from the
vnc server password encryption vulnerabilities
In November 1999, Conde Vampiro reported the following vulnerability related to VNC: VNC 3.3.2 R6 uses a weak password protection mechanism. The VNC password protection uses DES encryption, but the way WinVNC does the encryption is rather poor and can be easily decrypted by anyone with read access to the Microsoft operating system's registry.
The WinVNC software contains two vulnerabilities:
Fixed password length vulnerability
The fixed password length (up to 8 characters) that VNC uses is vulnerable. This vulnerability also applies to the linux vncserver. When the WinVNC server is installed on a Microsoft operating system, the encrypted password can be found under the following registry keys (look for the word "password"):
Fixed encryption key vulnerability
The fixed encryption key that VNC uses is insecure. When the WinVNC server encrypts a password it always uses the same fixed key, so the DES encrypted output is always the same for any given password. Since the software is open-source, the fixed key is publicly available, making the encryption pointless. The WinVNC server always uses the same fixed key in the current version:
("23 82 107 6 35 78 88 7")
This mean that an attacker with read access to the Microsoft operating system's registry can simply decode the password and obtain the plain-text version of it.
An exploit for the above vulnerability is available.
Welcome to Hollywood - Recording your VNC session as a Shockwave animation
vnc2swf is a cross-platform screen recording tool developed by Yusuke Shinyama. It's a way to record your VNC session as an Adobe/Macromedia Shockwave Flash animation format file (swf), so that you can later play it back in Firefox, or using a standalone flash player e.g. gnash or swfdec or gplflash. For Debian stable, to build vnc2swf proceed something like this:
sudo apt-get install libxmu-dev sudo apt-get install libxaw7-dev wget http://www.unixuser.org/~euske/vnc2swf/vnc2swf-0.5.0.tar.gz tar zxvf vnc2swf-0.5.0.tar.gz cd vnc2swf-0.5.0 ./configure make ./vnc2swf -startrecording outfile.swf your_vnc_server:1 > outfile.html
This will bring up a VNC client which is recording everything from your VNC server into the outfile.swf and once you quit by pressing F8 Q it will also build outfile.html which you can open in Firefox to review your captured animation, or should I say your next blockbuster.
Update: The Python version of vnc2swf includes a nifty sliding search bar at the bottom of your masterpiece, so that you can seek (and your audience can skip over any less-than stellar segments of your creation). For Debian stable, we can get it installed something like this:
sudo apt-get install python2.3-tk sudo apt-get install python-pygame wget http://www.unixuser.org/~euske/vnc2swf/pyvnc2swf-0.8.2.tar.gz tar zxvf pyvnc2swf-0.8.2.tar.gz cd pyvnc2swf-0.8.2 ./vnc2swf.py
This brings up a nice friendly dialog box, with a "Start" button, which initiates the recording of the VNC server session, so you just control the VNC session you're recording using your regular VNC viewer.
-- PeterKnaggs - 21 Jul 2006
Back to LinuxHints - Everything GNU ever wanted to know about Linux