Remote Access with VNC: Difference between revisions

(10 intermediate revisions by the same user not shown)

Line 28:

tux > vncviewer thinkserver.freddythechick.uk::5901

~~<div style="padding-bottom:5px;padding-top:5px;">~~

'''Note: Display and Port Number'''

The actual display or port number you specify in the VNC client must be the same as the display or port number picked by the '''<code>vncserver</code>''' command on the target machine. See Section 4.4, "Persistent VNC Sessions" for further info.

~~</div>~~

</div>

Line 58:

Line 56:

==Adding Remote Sessions==

To add and save a new remote session, click + in the top left of the main window. The ''Remote Desktop Preference'' window opens.

To add and save a new remote session, click [[File:vnc10.png|25px]] in the top left of the main window. The ''Remote Desktop Preference'' window opens.

[[File:vnc3.png|frame|center|500px|Figure 3: Remote Desktop Preference]]

Complete the fields that specify your newly added remote session profile. The most important are:

Line 79:

Select the ''Advanced'' tab to enter more specific settings.

~~<div style="padding-bottom:5px;padding-top:5px;">~~

'''Tip: Disable Encryption'''

If the communication between the client and remote server is not encrypted, active ''Disable encryption'', otherwise the connection fails.

~~</div>~~

</div>

Line 98:

Line 96:

To start a remote session quickly without proper adding and saving connection details, use the drop-down box and text field at the top of the main window.

Select the communication protocol from the drop-down box, for example 'VNC', then enter the VNC server DNS or IP address followed by a colon and a display number, and confirm with Enter.

[[File:vnc4.png|frame|center|Figure 4: Quick-Starting]]

Select the communication protocol from the drop-down box, for example 'VNC', then enter the VNC server DNS or IP address followed by a colon and a display number, and confirm with {{key press|Enter}}.

===Opening Saved Remote Sessions===

Line 105:

===Remote Sessions Window===

Remote sessions are opened in tabs of a separate window. Each tab hosts one session. The toolbar on the left of the window helps you manage the windows/sessions, such as toggle full-screen mode, resize the window to match the display size of the session, send specific keystrokes to the session, take screenshots of the session, or set the image quality.

[[File:vnc5.png|frame|center|500px|Figure 5: Remmina Viewing SLES 15 Remote Session]]

==Editing, Copying and Deleting Saved Sessions==

Line 117:

Line 119:

tux > remmina -c profie_name.remmina

Remmina's profile files are stored in the <code>.local/share/remmina/</code> directory in your home directory. To determine which profile file belongs to the session you want to open, run Remmina, click the session name in the main window, and read the path to the profile file in the window's status line at the bottom.

[[File:vnc6.png|frame|center|Figure 6: Reading Path to the Profile File]]

While Remmina is not running, you can rename the profile file to to a more reasonable file name, such as <code>sle15.remmina</code>. You can even copy the profile file to your custom directory and run it using the '''<code>remmina -c</code>''' command from there.

Line 131:

Line 135:

# In case not all needed packages are available yet, you need to approve the installation of missing packages.

~~<div style="padding-bottom:5px;padding-top:5px;">~~

'''Tip: Restart the Display Manager'''

YaST makes changes to the display manager settings. You need to log out of your current graphical session and restart the display manager for the changes to take effect.

</div>

~~</div>~~

[[File:vnc7.png|frame|center|500px|Figure 7: Remote Administration]]

==Available Configurations==

Line 167:

Line 171:

tux > sudo systemctl reload xvnc.socket

~~<div style="padding-bottom:5px;padding-top:5px;">~~

'''Important: Firewall and VNC Ports'''

When activating Remote Administration as described in Procedure 4.1, "Enabling One-time VNC Sessions", the ports <code>5801</code> and <code>5901</code> are opened in the firewall. If the network interface serving the VNC sessions is protected by a firewall, you need to manually open the respective ports when activating additional ports for VNC sessions. See Book ''"Security Guide", Chapter 15 "Masquerading and Firewalls"'' for instructions.

~~</div>~~

</div>

Line 178:

Line 180:

A persistent session can be accessed from multiple clients simultaneously. This is ideal for demonstration purposes where one client has full access and all other clients have view-only access. Another use case are trainings where the trainer might need access to the trainee's desktop.

~~<div style="padding-bottom:5px;padding-top:5px;">~~

'''Tip: Connecting to a Persistent VNC Session'''

To connect to a persistent VNC session, a VNC viewer must be installed. Refer to Section 4.1, "The '''<code>vncviewer</code>''' Client" for more details.

~~</div>~~

</div>

Line 206:

The password(s) you are providing here are also used for future sessions started by the same user. They can be changed with the '''<code>vncpasswd</code>''' command.

~~<div style="padding-bottom:5px;padding-top:5px;">~~

'''Important: Security Considerations'''

Make sure to use strong passwords of significant length (eight or more characters. Do no share these passwords.

~~</div>~~

</div>

Line 223:

Line 221:

WINDOWMANAGER=icewm vncserver -geometry 1024x768

~~<div style="padding-bottom:5px;padding-top:5px;">~~

'''Note: One Configuration for Each User'''

Persistent VNC sessions are configured in a single per-user configuration. Multiple sessions started by the same user will all use the same start-up and password files.

~~</div>~~

</div>

Line 241:

Line 237:

# In case not all needed packages are available yet, you need to approve the installation of missing packages.

~~<div style="padding-bottom:5px;padding-top:5px;">~~

'''Tip: Restart the Display Manager'''

YaST makes changes to the display manager settings. You need to log out of your current graphical session and restart the display manager for the changes to take effect.

~~</div>~~

</div>

===Configuring Persistent VNC Sessions===

After you enable the VNC session management as described in Procedure 4.3, "Enabling Persistent VNC Sessions", you can normally connect to the remote session with your favourite VNC viewer, such as '''<code>vncviewer</code>''' or Remmina. You will be presented with login screen. After you log in, the 'VNC' icon will appear in the system tray of your desktop environment. Click the icon to open the ''VNC Session'' window. If it does not appear or if your desktop environment does not support icons in the system tray, run '''<code>vncmanager-controller</code>''' manually.

[[File:vnc8.png|frame|center|500px|Figure 8: VNC Session Settings]]

There are several settings which influence the VNC session behaviour:

Line 279:

Line 275:

===Joining Persistent VNC Sessions===

After you set up a persistent VNC session as described in Section 4.4.2.1, "Configuring Persistent VNC Sessions", you can join it with your VNC viewer. After the your VNC client connects to the server, you will be prompted to choose whether you want to create a new session, or join the existing one:

[[File:vnc9.png|frame|center|500px|Figure 9: Joining a Persistent VNC Session]]

After you click the name of the existing session, you may be asked for login credentials, depending on the persistent session settings.

Line 309:

Line 307:

TLS encryption with certificate. If you use a self-signed certificate, you will be asked to verify it on the first connection. On subsequent connections you will be warned only if the certificate changed. So you are protected against everything except man-in-the-middle on the first connection (similar to typical SSH usage). If you use a certificate signed by a certificate authority matching the machine name, then you get full security (similar to typical HTTPS usage).

~~<div style="padding-bottom:5px;padding-top:5px;">~~

'''Tip: Path to Certificate and Key'''

With X509 based encryption, you need to specify the path to the X509 certificate and the key with <code>-X509Cert</code> and <code>-X509Key</code> options.

~~</div>~~

</div>

@@ Line 28: / Line 28: @@
    tux > vncviewer thinkserver.freddythechick.uk::5901
-<div style="padding-bottom:5px;padding-top:5px;">
+<div style="background:#C0C0C0;border:1px solid #666666;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;">
-<div style="background:#C0C0C0;border:1px solid #666666;padding-left:5px;padding-right:5px;">
 '''Note: Display and Port Number'''
 The actual display or port number you specify in the VNC client must be the same as the display or port number picked by the '''<code>vncserver</code>''' command on the target machine. See Section 4.4, "Persistent VNC Sessions" for further info.
-</div>
 </div>
@@ Line 58: / Line 56: @@
 ==Adding Remote Sessions==
-To add and save a new remote session, click + in the top left of the main window. The ''Remote Desktop Preference'' window opens.
+To add and save a new remote session, click [[File:vnc10.png|25px]] in the top left of the main window. The ''Remote Desktop Preference'' window opens.
+[[File:vnc3.png|frame|center|500px|Figure 3: Remote Desktop Preference]]
 Complete the fields that specify your newly added remote session profile. The most important are:
@@ Line 79: / Line 79: @@
 Select the ''Advanced'' tab to enter more specific settings.
-<div style="padding-bottom:5px;padding-top:5px;">
+<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;">
-<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;">
 '''Tip: Disable Encryption'''
 If the communication between the client and remote server is not encrypted, active ''Disable encryption'', otherwise the connection fails.
-</div>
 </div>
@@ Line 98: / Line 96: @@
 To start a remote session quickly without proper adding and saving connection details, use the drop-down box and text field at the top of the main window.
-Select the communication protocol from the drop-down box, for example 'VNC', then enter the VNC server DNS or IP address followed by a colon and a display number, and confirm with Enter.
+[[File:vnc4.png|frame|center|Figure 4: Quick-Starting]]
+Select the communication protocol from the drop-down box, for example 'VNC', then enter the VNC server DNS or IP address followed by a colon and a display number, and confirm with {{key press|Enter}}.
 ===Opening Saved Remote Sessions===
@@ Line 105: / Line 105: @@
 ===Remote Sessions Window===
 Remote sessions are opened in tabs of a separate window. Each tab hosts one session. The toolbar on the left of the window helps you manage the windows/sessions, such as toggle full-screen mode, resize the window to match the display size of the session, send specific keystrokes to the session, take screenshots of the session, or set the image quality.
+[[File:vnc5.png|frame|center|500px|Figure 5: Remmina Viewing SLES 15 Remote Session]]
 ==Editing, Copying and Deleting Saved Sessions==
@@ Line 117: / Line 119: @@
    tux > remmina -c profie_name.remmina
 Remmina's profile files are stored in the <code>.local/share/remmina/</code> directory in your home directory. To determine which profile file belongs to the session you want to open, run Remmina, click the session name in the main window, and read the path to the profile file in the window's status line at the bottom.
+[[File:vnc6.png|frame|center|Figure 6: Reading Path to the Profile File]]
 While Remmina is not running, you can rename the profile file to to a more reasonable file name, such as <code>sle15.remmina</code>. You can even copy the profile file to your custom directory and run it using the '''<code>remmina -c</code>''' command from there.
@@ Line 131: / Line 135: @@
 # In case not all needed packages are available yet, you need to approve the installation of missing packages.
-<div style="padding-bottom:5px;padding-top:5px;">
+<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;">
-<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;">
 '''Tip: Restart the Display Manager'''
 YaST makes changes to the display manager settings. You need to log out of your current graphical session and restart the display manager for the changes to take effect.
 </div>
-</div>
+[[File:vnc7.png|frame|center|500px|Figure 7: Remote Administration]]
 ==Available Configurations==
@@ Line 167: / Line 171: @@
    tux > sudo systemctl reload xvnc.socket
-<div style="padding-bottom:5px;padding-top:5px;">
+<div style="background:#FDDFA6;border:1px solid #BB7B03;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;">
-<div style="background:#FDDFA6;border:1px solid #BB7B03;padding-left:5px;padding-right:5px;">
 '''Important: Firewall and VNC Ports'''
 When activating Remote Administration as described in Procedure 4.1, "Enabling One-time VNC Sessions", the ports <code>5801</code> and <code>5901</code> are opened in the firewall. If the network interface serving the VNC sessions is protected by a firewall, you need to manually open the respective ports when activating additional ports for VNC sessions. See Book ''"Security Guide", Chapter 15 "Masquerading and Firewalls"'' for instructions.
-</div>
 </div>
@@ Line 178: / Line 180: @@
 A persistent session can be accessed from multiple clients simultaneously. This is ideal for demonstration purposes where one client has full access and all other clients have view-only access. Another use case are trainings where the trainer might need access to the trainee's desktop.
-<div style="padding-bottom:5px;padding-top:5px;">
+<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;">
-<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;">
 '''Tip: Connecting to a Persistent VNC Session'''
 To connect to a persistent VNC session, a VNC viewer must be installed. Refer to Section 4.1, "The '''<code>vncviewer</code>''' Client" for more details.
-</div>
 </div>
@@ Line 206: / Line 206: @@
 The password(s) you are providing here are also used for future sessions started by the same user. They can be changed with the '''<code>vncpasswd</code>''' command.
-<div style="padding-bottom:5px;padding-top:5px;">
+<div style="background:#FDDFA6;border:1px solid #BB7B03;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;">
-<div style="background:#FDDFA6;border:1px solid #BB7B03;padding-left:5px;padding-right:5px;">
 '''Important: Security Considerations'''
 Make sure to use strong passwords of significant length (eight or more characters. Do no share these passwords.
-</div>
 </div>
@@ Line 223: / Line 221: @@
    WINDOWMANAGER=icewm vncserver -geometry 1024x768
-<div style="padding-bottom:5px;padding-top:5px;">
+<div style="background:#C0C0C0;border:1px solid #666666;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;">
-<div style="background:#C0C0C0;border:1px solid #666666;padding-left:5px;padding-right:5px;">
 '''Note: One Configuration for Each User'''
 Persistent VNC sessions are configured in a single per-user configuration. Multiple sessions started by the same user will all use the same start-up and password files.
-</div>
 </div>
@@ Line 241: / Line 237: @@
 # In case not all needed packages are available yet, you need to approve the installation of missing packages.
-<div style="padding-bottom:5px;padding-top:5px;">
+<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;">
-<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;">
 '''Tip: Restart the Display Manager'''
 YaST makes changes to the display manager settings. You need to log out of your current graphical session and restart the display manager for the changes to take effect.
-</div>
 </div>
 ===Configuring Persistent VNC Sessions===
 After you enable the VNC session management as described in Procedure 4.3, "Enabling Persistent VNC Sessions", you can normally connect to the remote session with your favourite VNC viewer, such as '''<code>vncviewer</code>''' or Remmina. You will be presented with login screen. After you log in, the 'VNC' icon will appear in the system tray of your desktop environment. Click the icon to open the ''VNC Session'' window. If it does not appear or if your desktop environment does not support icons in the system tray, run '''<code>vncmanager-controller</code>''' manually.
+[[File:vnc8.png|frame|center|500px|Figure 8: VNC Session Settings]]
 There are several settings which influence the VNC session behaviour:
@@ Line 279: / Line 275: @@
 ===Joining Persistent VNC Sessions===
 After you set up a persistent VNC session as described in Section 4.4.2.1, "Configuring Persistent VNC Sessions", you can join it with your VNC viewer. After the your VNC client connects to the server, you will be prompted to choose whether you want to create a new session, or join the existing one:
+[[File:vnc9.png|frame|center|500px|Figure 9: Joining a Persistent VNC Session]]
 After you click the name of the existing session, you may be asked for login credentials, depending on the persistent session settings.
@@ Line 309: / Line 307: @@
 TLS encryption with certificate. If you use a self-signed certificate, you will be asked to verify it on the first connection. On subsequent connections you will be warned only if the certificate changed. So you are protected against everything except man-in-the-middle on the first connection (similar to typical SSH usage). If you use a certificate signed by a certificate authority matching the machine name, then you get full security (similar to typical HTTPS usage).
-<div style="padding-bottom:5px;padding-top:5px;">
+<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;">
-<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;">
 '''Tip: Path to Certificate and Key'''
 With X509 based encryption, you need to specify the path to the X509 certificate and the key with <code>-X509Cert</code> and <code>-X509Key</code> options.
-</div>
 </div>