Virtual Network Computing

From LinuxReviews
Jump to navigationJump to search
  XOrg Index Configuration HIDevices
Xorg logo3.png
Fonts Video Cards Monitors  


Template:HOWTO Index

Virtual Network Computing (VNC) is a desktop sharing system which uses the RFB (Remote FrameBuffer) protocol to remotely control another computer. It transmits the keyboard presses and mouse clicks from one computer to another relaying the screen updates back in the other direction, over a network.

VNC comes in many flavors, and this page is intended to be a central place at the wiki for information on the different VNC mechanisms that share the same protocol. There are several ways to use an existing remote X11 sessions and start up new sessions to use.

This document reviews the VNC packages based on whether they allow connecting to existing sessions, or do they only create new sessions. The VNC server is required nonetheless in both cases.

But really, if you use VNC, you want a copy & paste clipboard as well as paste passwords from a pop-up-menu and such ameneties. Only "Remmina" offers this.

VNC protocol[edit]

Definition[edit]

VNC is platform-independent: a VNC viewer on any operating system can connect to a VNC server on any other operating system. There are clients and servers for almost all operating systems and for Java. Multiple clients may connect to a VNC server at the same time. Popular uses of the technology include remote technical support, and accessing files on your work computer from your home computer.

VNC was originally developed at AT&T. The original VNC source code is open source under the GNU General Public License, as are many of the variants of VNC available today.


Security[edit]

By default, VNC is not a secure protocol. While passwords are not sent in plain-text (as in telnet), brute-force cracking could prove successful if both the encryption key and encoded password are sniffed from a network. For this reason it is recommended that a password of at least 8 characters be used.

However, VNC may be tunnelled over an SSH or VPN connection which would add an extra security layer with stronger encryption. SSH clients are available for all major platforms (and many smaller platforms as well); SSH tunnels can be created from UNIX clients (including Mac OS X), Windows clients, Mac OS Classic clients (System 7 and up) - and many others.

UltraVNC supports the use of an open-source encryption plugin which encrypts the entire VNC session including password authentication and data transfer. It also allows authentication to be performed based on NTLM and Active Directory user accounts.

RealVNC offers high-strength encryption as part of its commercial package.

Workspot released AES encryption patches for VNC.

Although some people believe that VNC can easily be used to break into a system, usually a user would have to explicitly enable remote access to the ports used by VNC in order to be hacked. In other words, a system running VNC on a network can only be accessed from within that network unless the user specifies otherwise (such as in the router's configuration settings).

You may also want to consider IPsec.

Server configuration methods[edit]

New sessions[edit]

RealVNC / Xvnc[edit]

Xvnc is the X VNC (Virtual Network Computing) server. It is based on a standard X server, but it has a "virtual" screen rather than a physical one. X applications display themselves on it as if it were a normal X display, but they can only be accessed via a VNC viewer.

This version is produced by the people who wrote the first generation VNC package in 1995 at Olivetti. RealVNC offers both GPL and proprietary packages.

the 'free' edition is GPL-2

TightVNC[edit]

TightVNC is a derivative of RealVNC, and offers better compression and better security than the GPL branch of RealVNC.

XF4VNC[edit]

xf4vnc provides two implementations of VNC in an Xserver. Both implementations are built around XFree86(tm) 4.x which provides numerous new extensions, such as RENDER and GLX.

The first, is to mimic the older 'Xvnc' virtual Xserver that exists in many other VNC implementations. This mode should be a drop in replacement for existing installations. The second is the 'vnc.so' X server module with allows you to access your normal X display with a VNC viewer.

However, xf4vnc does not come with the required vnc tools (vncpasswd etc) to build a full-fledged VNC server.

GPL-2

x11vnc[edit]

x11vnc can connect to the login manager's X session. The login manager kills it and all other clients after the login, but the session is available for a new connection; the solution to this problem is described here (KillInitClients) . The client is mostly used to connect to existing sessions. The connection can be secured with SSH or SSL.

XDMCP[edit]

Although the X Display Manager Control Protocol (XDMCP) is not a VNC service, it's close enough to be mentioned here. The login manager can be configured to accept remote connections.

MIT license

UltraVNC[edit]

ultravnc client and server are only avaliable for windows but the client works flawlessly under wine as user(non root)

SSH X-forwarding[edit]

Single graphical programs can be launched and controlled remotely through SSH.

as-is license

Existing sessions[edit]

x11vnc[edit]

Template:Wikipedia x11vnc is designed to give a temporary access to the computer. It can be launched remotely with a single command, and the traffic can be secured via an SSH or SSL tunnel.

The server is compatible with vncviewer in windowed mode
The client is used to connect to existing sessions in fullscreen mode
creates the screen number rather randomly sometimes if the default port is taken.

vino[edit]

Vino is designed to be used with the Gnome desktop. It is some what easy to setup. The connection is viewable in windowed mode.

The instructions are simple enough to be given here.

configure:
via the GUI:
vino-preferences &
OR hack with gconftool:
gconftool-2 -s -t bool /desktop/gnome/remote_access/enabled true
OR hack the gconf xml:
vi ~/.gconf/desktop/gnome/remote_access/%gconf.xml
then restart the vino-session
start:
vino-session &

UltraVNC[edit]

UltraVNC supports the use of an open-source encryption plugin which encrypts the entire VNC session including password authentication and data transfer. It also allows authentication to be performed based on NTLM and Active Directory user accounts.

Windows-only server

Krfb (KDE Remote FrameBuffer)[edit]

krfb is a VNC compatible server for the KDE desktop. Unlike most over VNC servers it does not hook directly into X, so is a comparatively slow and very resource hungry alternative. Also, it seems that after KDE 3.5.1 something broke, so it is not possible to connect with any(?) Windows VNC clients (TightVNC, RealVNC, UltraVNC crash it after a few seconds) at the moment. This was solved for KDE4 by a complete rewrite of KRFB, and it is unlikely the problem will be fixed in the 3.5 tree.

Krdc (KDE Remote Desktop)[edit]

Krdc is the KDE remote desktop connection (RDP and VNC) client.

Thin-client solutions[edit]

FreeNX[edit]

Template:Wikipedia NX is an open standard server built on top of X that simplifies thin-client networking. It includes built-in support for encryption (using SSH), access to the local filesystem and local audio. The server also is able to translate foreign protocols to allow connections from RDP and other clients. NX is a product of NoMachine, which develops an open-source core, on which proprietary versions of both the server and client are built. FreeNX is a completely open-source project.

ThinLinc[edit]

ThinLinc is a fast and versatile thin client system. It is based on open protocols such as TightVNC and SSH. The ThinLinc server software can be used to distribute Linux/Unix desktops to thin clients. The system also supports Windows Terminal Services and Codeweavers CrossOver. ThinLinc supports redirection of sound, local printers, disk drives, and serial ports, on top of SSH. Clients for Windows, Linux, and Solaris and many more platforms are available. ThinLinc is commercial software, but free for one concurrent user.

VNC repeater for linux[edit]

there is a port from the ultravnc repeater on linux
it's here: http://koti.mbnet.fi/jtko/
the forum thread is here: http://forum.ultravnc.info/viewtopic.php?t=3910
you can have info about how the repeater works here: http://www.uvnc.com/pchelpware/repeater/index.html
ebuild avaliable here: http://bugs.gentoo.org/show_bug.cgi?id=174473

Reverse VNC[edit]

client[edit]

reverse VNC is a way to bypass firewalls:the vnc client listen for connections and the server goes to that connection so because the traffic going out is generaly not fileterd on firewall it bypass it.
you must start the client before the server
to start listening for connection type:

$ vncviewer --listen

VNC Viewer Free Edition 4.1.2 for X - built Apr 12 2007 17:51:33
Copyright (C) 2002-2005 RealVNC Ltd.
See http://www.realvnc.com for information on VNC.
 
Fri Apr 13 14:01:44 2007
 main:        Listening on port 5500

server on windows[edit]

RealVNC[edit]

right click in the bar where the vnc icon reside and click on add new client then add the ip of the computer

UltraVNC[edit]

right click in the bar where the vnc icon reside and click on add new client then add the ip of the computer in the Host Name box

server on linux[edit]

Other Methods and Applications[edit]

Links[edit]