14 Remote graphical sessions with VNC #

To start your VNC viewer and initiate a session with the server, use the command:

> vncviewer jupiter.example.com:1

Instead of the VNC display number you can also specify the port number with two colons:

> vncviewer jupiter.example.com::5901

Note: Display and port number

The actual display or port number you specify in the VNC client must be the same as the display or port number selected when configuring a VNC server on the target machine. See Section 14.4, “Configuring persistent VNC server sessions” for further info.

When running vncviewer without specifying --listen or a host to connect to, it shows a window asking for connection details. Enter the host into the VNC server field like in Section 14.1.1, “Connecting using the vncviewer CLI” and click Connect.

Figure 14.1: vncviewer #

 

The VNC protocol supports different kinds of encrypted connections, not to be confused with password authentication. If a connection does not use TLS, the text “(Connection not encrypted!)” can be seen in the window title of the VNC viewer.

To use Remmina, verify whether the remmina package is installed on your system, and install it if not. Remember to install the VNC plug-in for Remmina as well:

# zypper in remmina remmina-plugin-vnc

Run Remmina by entering the remmina command.

Figure 14.2: Remmina's main window #

 

The main application window shows the list of stored remote sessions. Here you can add and save a new remote session, quick-start a new session without saving it, start a previously saved session, or set Remmina's global preferences.

To add and save a new remote session, click in the top left of the main window. The Remote Desktop Preference window opens.

Figure 14.3: Remote desktop preference #

 

Complete the fields that specify your newly added remote session profile. The most important are:

Select the Advanced tab to enter more specific settings.

Tip: Disable encryption

If the communication between the client and the remote server is not encrypted, activate Disable encryption, otherwise the connection fails.

Select the SSH tab for advanced SSH tunneling and authentication options.

Confirm with Save. Your new profile is now listed in the main window.

You can either start a previously saved session, or quick-start a remote session without saving the connection details.

14.2.4.1 Quick-starting remote sessions #

 

To start a remote session quickly without adding and saving connection details, use the drop-down box and text box at the top of the main window.

Figure 14.4: Quick-starting #

 

Select the communication protocol from the drop-down list, for example, “VNC”, then enter the VNC server DNS or IP address followed by a colon and a display number, and confirm with Enter.

14.2.4.3 Remote sessions window #

 

Remote sessions are opened in tabs of a separate window. Each tab hosts one session. The toolbar on the left of the window helps you manage the windows/sessions. For example, toggle full-screen mode, resize the window to match the display size of the session, send specific keystrokes to the session, take screenshots of the session, or set the image quality.

Figure 14.5: Remmina viewing remote session #

 

To edit a saved remote session, right-click its name in Remmina's main window and select Edit. Refer to Section 14.2.3, “Adding remote sessions” for the description of the relevant fields.

To copy a saved remote session, right-click its name in Remmina's main window and select Copy. In the Remote Desktop Preference window, change the name of the profile, optionally adjust relevant options, and confirm with Save.

To Delete a saved remote session, right-click its name in Remmina's main window and select Delete. Confirm with Yes in the next dialog.

If you need to open a remote session from the command line or from a batch file without first opening the main application window, use the following syntax:

 > remmina -c profile_name.remmina

Remmina's profile files are stored in the .local/share/remmina/ directory in your home directory. To determine which profile file belongs to the session you want to open, run Remmina, click the session name in the main window, and read the path to the profile file in the window's status line at the bottom.

Figure 14.6: Reading path to the profile file #

 

While Remmina is not running, you can rename the profile file to a more reasonable file name, such as sle15.remmina. You can even copy the profile file to your custom directory and run it using the remmina -c command from there.

The default configuration on SUSE Linux Enterprise Server serves sessions with a resolution of 1024x768 pixels at a color depth of 16-bit. The sessions are available on ports 5901 for “regular” VNC viewers (equivalent to VNC display 1) and on port 5801 for Web browsers.

Other configurations can be made available on different ports, see Section 14.3.3, “Configuring one-time VNC sessions”.

VNC display numbers and X display numbers are independent in one-time sessions. A VNC display number is manually assigned to every configuration that the server supports (:1 in the example above). Whenever a VNC session is initiated with one of the configurations, it automatically gets a free X display number.

By default, both the VNC client and server try to communicate securely via a self-signed SSL certificate, which is generated after installation. You can either use the default one, or replace it with your own. When using the self-signed certificate, you need to confirm its signature before the first connection—both in the VNC viewer and the Web browser.

Tip

Certain VNC clients refuse to establish a secure connection via the default self-signed certificate. For example, the Vinagre client verifies the certification against the GnuTLS global trust store and fails if the certificate is self-signed. In such a case, either use an encryption method other than x509, or generate a properly signed certificate for the VNC server and import it to the client's system trust store.

To connect to a one-time VNC session, a VNC viewer must be installed, see also Section 14.1, “The vncviewer client”. Alternatively use a JavaScript-capable Web browser to view the VNC session by entering the following URL: http://jupiter.example.com:5801

You can skip this section, if you do not need or want to modify the default configuration.

One-time VNC sessions are started via the systemd socket xvnc.socket. By default it offers six configuration blocks: three for VNC viewers (vnc1 to vnc3), and three serving a JavaScript client (vnchttpd1 to vnchttpd3). By default only vnc1 and vnchttpd1 are active.

To activate the VNC server socket at boot time, run the following command:

> sudo  systemctl enable xvnc.socket

To start the socket immediately, run:

> sudo  systemctl start xvnc.socket

The Xvnc server can be configured via the server_args option. For a list of options, see Xvnc --help.

When adding custom configurations, make sure they are not using ports that are already in use by other configurations, other services, or existing persistent VNC sessions on the same host.

Activate configuration changes by entering the following command:

> sudo systemctl reload xvnc.socket

Important: Firewall and VNC ports

When activating Remote Administration as described in Procedure 14.1, “Enabling one-time VNC sessions”, the ports 5801 and 5901 are opened in the firewall. If the network interface serving the VNC sessions is protected by a firewall, you need to manually open the respective ports when activating additional ports for VNC sessions. See Chapter 23, Masquerading and firewalls for instructions.