LinuxReviws.org --get your your Linux knowledge
> Linux Reviews > Howtos >

Xvnc Terminal Server

How to turn your box into a Xvnc Terminal Server using tightvnc


  1. Install tightvnc
  2. Install and configure xinetd
  3. Change your login managers configuration so it listens to XDCMP requests
  4. Specify who has access to XDMCP
  5. Add the needed services to the services file
  6. Create a file called /etc/xinetd.d/xvncserver
  7. (re)start the xinetd service
  8. restart the gdm/kdm/xdm service
  9. Open a vncviewer to test it
  10. Connect using ssh


This will let you get a window with your remote server login manager on any Windows / Linux / Java system with vncviewer and internet access.

VNC stands for Virtual Network Computing. When you connect to a remote server with a vnc client you get a KDM/gdm/xdm login screen where you can login and work as if you were locally working on that computer.

A Xvnc server will automatically spawn when someone wants to connect, just like a terminal server. This allows multiple clients to connect using their own logins.

This guide uses tightvnc, a great client/server software package allowing remote network access to graphical desktops. It is tested to work with XFree86 v4.3.

IPv6 Notice

Xdmcp does not work if XFree is compiled with IPv6 support. Gentoo users can echo "x11-base/xfree -ipv6" >> /etc/portage/package.use or install using USE="-ipv6" emerge xfree to make sure it is compiled without IPv6 support.

1. Install tightvnc

emerge tightvnc on Gentoo. There are tightvnc packages available for most distributions.

2. Install and configure xinetd

xinetd comes with most distributions and chances are high you already have this up and running. emerge xinetd and rc-update add xinetd default on Gentoo.

Allow xinetd to listen to external calls:

open /etc/xinetd.conf

Make the line a comment by adding a # in front of it:

only_from = localhost

3. Change your login managers configuration so it listens to XDCMP requests

3.1. xdm

Open /etc/X11/xdm/xdm-config with your favorite editor.

Look at the last line :

DisplayManager.requestPort :0

Comment it out by inserting a ! at the beginning of the line.

The user nobody must have a valid shell assigned when using xdm. You will only get a gray screen when connecting to xdm if nobody has the default /bin/false set.

usermod -s /bin/bash nobody

3.2. kdm

Edit the kdm config file called kdmrc. It is located in /usr/kde/3.1/share/config/kdm OR /usr/kde/3.2/share/config/kdm on Gentoo and at /etc/kde/kdm/kdmrc on Mandrake. Enable XDMCP on port 177:

  [Xdmcp]
  Enable=true
  Willing=/etc/X11/xdm/Xwilling
  Xaccess=/etc/X11/xdm/Xaccess
  Port=177

Because the X server is started with -query localhost you should disallow using KDM to shutdown and reboot. You may also want to disallow remote root logins:

  [X-*-Core]
  AllowShutdown=None
  AllowRootLogin=false

As an alternative you can use acpid to make the system shutdown cleanly by using the power button (production systems should only allow root to do this anyway)

3.3. gdm

Start gdmconfig and find the tab "XDCMP". Make sure 'Enable XDMCP' is selected.

4. Specify who has access to XDMCP

Edit /etc/X11/xdm/Xaccess and uncomment the line '* #any host can get a login window by removing the single quote '.

It is better to use 192.168.0.* or 127.0.0.1 than * for security.

5. Add the needed services to the services file

Cut & paste the following lines to your /etc/services:

    #
    # VNC Servers
    #
    vnc-640x480x8 5950/tcp
    vnc-800x600x8 5951/tcp
    vnc-1024x768x8 5952/tcp
    vnc-1280x1024x8 5953/tcp
    vnc-1600x1200x8 5954/tcp
    
    vnc-640x480x16 5960/tcp
    vnc-800x600x16 5961/tcp
    vnc-1024x768x16 5962/tcp
    vnc-1280x1024x16 5963/tcp
    vnc-1600x1200x16 5964/tcp
    
    vnc-640x480x24 5970/tcp
    vnc-800x600x24 5971/tcp
    vnc-1024x768x24 5972/tcp
    vnc-1280x1024x24 5973/tcp
    vnc-1600x1200x24 5974/tcp
    
    vnc-640x480x32 5980/tcp
    vnc-800x600x32 5981/tcp
    vnc-1024x768x32 5982/tcp
    vnc-1280x1024x32 5983/tcp
    vnc-1600x1200x32 5984/tcp
  
   

6. Create a file called /etc/xinetd.d/xvncserver

with the following contents:

    
    service vnc-640x480x8
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 640x480 -depth 8
    }
    
    service vnc-800x600x8
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 800x600 -depth 8
    }
    
    service vnc-1024x768x8
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 1024x768 -depth 8
    }
    
    service vnc-1280x1024x8
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 1280x1024 -depth 8
    }
    
    service vnc-1600x1200x8
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 1600x1200 -depth 8
    }
    
    service vnc-640x480x16
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 640x480 -depth 16
    }
    
    service vnc-800x600x16
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 800x600 -depth 16
    }
    
    service vnc-1024x768x16
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 1024x768 -depth 16
    }
    
    service vnc-1280x1024x16
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 1280x1024 -depth 16
    }
    
    service vnc-1600x1200x16
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 1600x1200 -depth 16
    }
    
    service vnc-640x480x24
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 640x480 -depth 24
    }
    
    service vnc-800x600x24
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 800x600 -depth 24
    }
    
    service vnc-1024x768x24
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 1024x768 -depth 24
    }
    
    service vnc-1280x1024x24
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 1280x1024 -depth 24
      # port = 5973
    }
    
    service vnc-1600x1200x24
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 1600x1200 -depth 24
    }
    
    service vnc-640x480x32
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 640x480 -depth 32
    }
    
    service vnc-800x600x32
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 800x600 -depth 32
    }
    
    service vnc-1024x768x32
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 1024x768 -depth 32
    }
    
    service vnc-1280x1024x32
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 1280x1024 -depth 32
    }
    
    service vnc-1600x1200x32
    {
      protocol = tcp
      socket_type = stream
      wait = no
      user = nobody
      server = /usr/bin/Xvnc
      server_args = -inetd -query localhost -once -geometry 1600x1200 -depth 32
    }
    

7. (re)start the xinetd service

/etc/init.d/xinetd restart

8. restart the gdm/kdm/xdm service

This will end your X session!

/etc/init.d/xdm restart

9. Open a vncviewer to test it

vncviewer localhost:71

This will open up a 800x600x24bit client.

The last two numbers in the services file represent the resolution and color-depth. 1280x1024x8 is :53, 1280x1024x24 is :73.

10. Connect using ssh

You can/should use ssh (or other encryption) as tightvnc does not encrypt the connection (major security risk).

You can make a secure ssh tunnel for your vnc connection between client port 4961 and server port 5916:

ssh -C -L 4961:localhost:5961 my.dns-name.com

You will be asked for your home password. This makes an encrypted connection between my.dyndns-name.com:5961 and localhost:4961.

Add you@ in front of the domain (ssh -C -L 4961:localhost:5961 username@my.dns-name.com) to use a different username on the server.

Now, on the client, start a vncviewer and connect:

vncviewer -encodings "tight copyrect" -quality 3 localhost:4961

Links:

Manual pages:

Meet new people