Remote Access with VNC: Difference between revisions
m →Starting Remote Sessions: Added key press |
m Removed duplicate div statements where appropriate (top box needs a box in a box so has been left). |
||
| Line 28: | Line 28: | ||
tux > vncviewer thinkserver.freddythechick.uk::5901 | tux > vncviewer thinkserver.freddythechick.uk::5901 | ||
<div style="background:#C0C0C0;border:1px solid #666666;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;"> | |||
<div style="background:#C0C0C0;border:1px solid #666666;padding-left:5px;padding-right:5px;"> | |||
'''Note: Display and Port Number''' | '''Note: Display and Port Number''' | ||
The actual display or port number you specify in the VNC client must be the same as the display or port number picked by the '''<code>vncserver</code>''' command on the target machine. See Section 4.4, "Persistent VNC Sessions" for further info. | The actual display or port number you specify in the VNC client must be the same as the display or port number picked by the '''<code>vncserver</code>''' command on the target machine. See Section 4.4, "Persistent VNC Sessions" for further info. | ||
</div> | </div> | ||
| Line 81: | Line 79: | ||
Select the ''Advanced'' tab to enter more specific settings. | Select the ''Advanced'' tab to enter more specific settings. | ||
<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;"> | |||
<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;"> | |||
'''Tip: Disable Encryption''' | '''Tip: Disable Encryption''' | ||
If the communication between the client and remote server is not encrypted, active ''Disable encryption'', otherwise the connection fails. | If the communication between the client and remote server is not encrypted, active ''Disable encryption'', otherwise the connection fails. | ||
</div> | </div> | ||
| Line 139: | Line 135: | ||
# In case not all needed packages are available yet, you need to approve the installation of missing packages. | # In case not all needed packages are available yet, you need to approve the installation of missing packages. | ||
<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;"> | |||
<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;"> | |||
'''Tip: Restart the Display Manager''' | '''Tip: Restart the Display Manager''' | ||
YaST makes changes to the display manager settings. You need to log out of your current graphical session and restart the display manager for the changes to take effect. | YaST makes changes to the display manager settings. You need to log out of your current graphical session and restart the display manager for the changes to take effect. | ||
</div> | </div> | ||
| Line 177: | Line 171: | ||
tux > sudo systemctl reload xvnc.socket | tux > sudo systemctl reload xvnc.socket | ||
<div style="background:#FDDFA6;border:1px solid #BB7B03;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;"> | |||
<div style="background:#FDDFA6;border:1px solid #BB7B03;padding-left:5px;padding-right:5px;"> | |||
'''Important: Firewall and VNC Ports''' | '''Important: Firewall and VNC Ports''' | ||
When activating Remote Administration as described in Procedure 4.1, "Enabling One-time VNC Sessions", the ports <code>5801</code> and <code>5901</code> are opened in the firewall. If the network interface serving the VNC sessions is protected by a firewall, you need to manually open the respective ports when activating additional ports for VNC sessions. See Book ''"Security Guide", Chapter 15 "Masquerading and Firewalls"'' for instructions. | When activating Remote Administration as described in Procedure 4.1, "Enabling One-time VNC Sessions", the ports <code>5801</code> and <code>5901</code> are opened in the firewall. If the network interface serving the VNC sessions is protected by a firewall, you need to manually open the respective ports when activating additional ports for VNC sessions. See Book ''"Security Guide", Chapter 15 "Masquerading and Firewalls"'' for instructions. | ||
</div> | </div> | ||
| Line 188: | Line 180: | ||
A persistent session can be accessed from multiple clients simultaneously. This is ideal for demonstration purposes where one client has full access and all other clients have view-only access. Another use case are trainings where the trainer might need access to the trainee's desktop. | A persistent session can be accessed from multiple clients simultaneously. This is ideal for demonstration purposes where one client has full access and all other clients have view-only access. Another use case are trainings where the trainer might need access to the trainee's desktop. | ||
<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;"> | |||
<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;"> | |||
'''Tip: Connecting to a Persistent VNC Session''' | '''Tip: Connecting to a Persistent VNC Session''' | ||
To connect to a persistent VNC session, a VNC viewer must be installed. Refer to Section 4.1, "The '''<code>vncviewer</code>''' Client" for more details. | To connect to a persistent VNC session, a VNC viewer must be installed. Refer to Section 4.1, "The '''<code>vncviewer</code>''' Client" for more details. | ||
</div> | </div> | ||
| Line 216: | Line 206: | ||
The password(s) you are providing here are also used for future sessions started by the same user. They can be changed with the '''<code>vncpasswd</code>''' command. | The password(s) you are providing here are also used for future sessions started by the same user. They can be changed with the '''<code>vncpasswd</code>''' command. | ||
<div style="background:#FDDFA6;border:1px solid #BB7B03;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;"> | |||
<div style="background:#FDDFA6;border:1px solid #BB7B03;padding-left:5px;padding-right:5px;"> | |||
'''Important: Security Considerations''' | '''Important: Security Considerations''' | ||
Make sure to use strong passwords of significant length (eight or more characters. Do no share these passwords. | Make sure to use strong passwords of significant length (eight or more characters. Do no share these passwords. | ||
</div> | </div> | ||
| Line 233: | Line 221: | ||
WINDOWMANAGER=icewm vncserver -geometry 1024x768 | WINDOWMANAGER=icewm vncserver -geometry 1024x768 | ||
<div style="background:#C0C0C0;border:1px solid #666666;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;"> | |||
<div style="background:#C0C0C0;border:1px solid #666666;padding-left:5px;padding-right:5px;"> | |||
'''Note: One Configuration for Each User''' | '''Note: One Configuration for Each User''' | ||
Persistent VNC sessions are configured in a single per-user configuration. Multiple sessions started by the same user will all use the same start-up and password files. | Persistent VNC sessions are configured in a single per-user configuration. Multiple sessions started by the same user will all use the same start-up and password files. | ||
</div> | </div> | ||
| Line 251: | Line 237: | ||
# In case not all needed packages are available yet, you need to approve the installation of missing packages. | # In case not all needed packages are available yet, you need to approve the installation of missing packages. | ||
<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;"> | |||
<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;"> | |||
'''Tip: Restart the Display Manager''' | '''Tip: Restart the Display Manager''' | ||
YaST makes changes to the display manager settings. You need to log out of your current graphical session and restart the display manager for the changes to take effect. | YaST makes changes to the display manager settings. You need to log out of your current graphical session and restart the display manager for the changes to take effect. | ||
</div> | </div> | ||
| Line 323: | Line 307: | ||
TLS encryption with certificate. If you use a self-signed certificate, you will be asked to verify it on the first connection. On subsequent connections you will be warned only if the certificate changed. So you are protected against everything except man-in-the-middle on the first connection (similar to typical SSH usage). If you use a certificate signed by a certificate authority matching the machine name, then you get full security (similar to typical HTTPS usage). | TLS encryption with certificate. If you use a self-signed certificate, you will be asked to verify it on the first connection. On subsequent connections you will be warned only if the certificate changed. So you are protected against everything except man-in-the-middle on the first connection (similar to typical SSH usage). If you use a certificate signed by a certificate authority matching the machine name, then you get full security (similar to typical HTTPS usage). | ||
<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;"> | |||
<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;"> | |||
'''Tip: Path to Certificate and Key''' | '''Tip: Path to Certificate and Key''' | ||
With X509 based encryption, you need to specify the path to the X509 certificate and the key with <code>-X509Cert</code> and <code>-X509Key</code> options. | With X509 based encryption, you need to specify the path to the X509 certificate and the key with <code>-X509Cert</code> and <code>-X509Key</code> options. | ||
</div> | </div> | ||