How to use VNC for remote desktop?

Interactive (desktop) programs may be run on Creodias machines in several ways. For most applications remote X11 viewing (aka X-over-ssh) is the best approach, as it allows to run just single application and view it on user’s PC screen as just another window open on the desktop, with ease, simplicity, and good integration with local system (possibility to cut-paste between programs run on both systems, automatical adaptation to user’s locale, etc.). Pure X11 performs also better on fast (low latency) local networks.

Some applications, especially those, extensively utilising raster graphics (like ESA SNAP and also some other satellite imagery processing graphical software) perform better if they are viewed with VNC (Virtual Network Computing) desktop sharing. In this model all the graphics processing is done on the server side, the final screen is there prepared, as on graphics card of the workstation, and the final screen image is sent to the viewer in pixelized form.


Prerequisites

In order to use VNC, the IP connection must exist between the server and the viewing terminal, and:

  1. the viewing terminal must be equipped with VNC-viewer application;
  2. the server must be equipped with VNC-server application;
  3. the server must be equipped with full interactive graphics environment, including desktop and window managers. CAUTION: full graphical environment uses up the machine resources even if it is not actually used, so it shouldn’t be installed/activated on machines not intended for remote interactive use;
  4. if the secure connection is to be used (VNC by itself provides very low level of security), fully functional ssh-client must be installed on the viewer and ssh-server on the server.

 

VNC-server

VNC server must be installed and configured on the server. The installation and configuration procedures depend on the operating system. The following instruction is prepared for RedHat-7 and its derivatives (CentOS-7, Scientific-7). The alternative instructions for other opsys are provided in the appendix to this manual. The VM should be created from any of xxxx-full images. It should have floating-ip address assigned. The security policy should be „allow_ping_ssh_rdp” if VNC is to be tunnelled within ssh connection, or loosened (see below) if the non-secure VNC connection is to be used.

At first, the ssh connection to the virtual machine must be established and it must be verified if the X11 is properly tunnelled in it:

me@my_worstation.home:~$ ssh -YC eouser@185.48.xxx.xxx

where 185.48.xxx.xxx is a public (floating-ip) address of the virtual machine.

Then try to run any X11 application (install the simplest one for testing, if not installed)

[eouser@vnctest~]$ sudo yum install xeyes
[eouser@vnctest~]$ xeyes

Ctrl-C

We assume it works smoothly.
 
If not installed previously, you need to install the Desktop Manager of your choice on server machine. E.g.

[eouser@vnctest ~]$ sudo yum groupinstall gnome


Of course, you may use any desktop manager, supported by the server operating system, instead of Gnome. Remember to reboot the machine after installing the display manager!
 


VNC server is not installed by default on the template images. You must install it:

[eouser@vnctest~]$ sudo yum install vnc-server

If the full graphics environment (e.g. Gnome) is not installed, you should install trivial window manager, fonts and simplest X11 utils:

[eouser@vnctest~]$ sudo yum install xorg-x11-apps xorg-x11-fonts-100dpi xorg-x11-fonts-75dpi xterm


Trivial Window Manager (twm) is no longer supported by RedHat and had been removed from RHEL-7 distribution. It can, however, be installed manually:

[eouser@vnctest~]$ wget ftp://rpmfind.net/linux/centos/6.8/os/x86_64/Packages/xorg-x11-twm-1.0.3-5.1.el6.x86_64.rpm
[eouser@vnctest~]$ sudo rpm -ivh --nodeps xorg-x11-twm-1.0.3-5.1.el6.x86_64.rpm


Now you must create your VNC configuration. Type

[eouser@vnctest~]$ vncserver

 

The very first time you start vncserver, you will be asked for access password. Type it (not neccessarily the same password as for user’s login).

After executing the command you’ll be provided with the information like this:

New 'vnctest:1 (eouser)' desktop is vnctest:1


Each VNC session of the machine gets a different number. ‘eouser’ got number 1 just because it was the first VNC server activated on that machine.

If you are going to use full graphical environment (e.g. Gnome) you must edit your VNC config file:

[eouser@vnctest ~]$ vim .vnc/xstartup

and uncomment following two lines:

# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc


(of course you may customize here also other X startup options) then restart your VNC server:

[eouser@vnctest ~]$ vncserver -kill :1; vncserver


Now break to ssh session (the break key depends on your ssh client! The example is for standard open-ssh client for linux workstation) and allow tunnelling of the VNC:

[eouser@vnctest ~]$ ~C
ssh> -L 23456:localhost:5901


then type Enter twice to return to the ssh connection.

Tilda-C is a meta-key-sequence for linux open-ssh, and it may be different for other ssh clients. Port number (5901 in this example) should be calculated as 5900 plus the number (desktop is vnctest:1) returned by VNC server invocation. The number 23456 is any number (5 digits) you would like to be used locally.

VNC-viewer

First, verify if the tunnelling works. Try:

me@my_worstation.home:~$ telnet localhost 23456

If it works, try to connect it with VNC-client. Multiple VNC viewer applications are available for most operation systems. For Ubuntu workstations, the most popular is „remmina” – it is available from standard repositories. Various viewers are also available for MacOS and Windows.

The package must be installed with e.g. „sudo apt install remmina” command (on Ubuntu) or similar command on other operation systems. It doesn’t require any initial setup.

Start your favourite VNC-viewer (e.g. as choosing: MainMenu→Internet→Remmina from main application menu). Create the new connection choosing:

protocol: VNC
user: leave empty
password: the password you gave creating the VNC setup on the server
server: localhost:23456 (the number you chose)
color depth: true color
quality: best

 

You may want to play with lowering color depth and/or quality in case of very poor network connection, but in most cases (even on mobile connections) the highest quality works fine.

Thus connect to this connection. The window „vnctest” (or whatever the name you gave to the VNC connection) should appear on your desktop, presenting the whole desktop of the remote machine, embedded in a single window. However, when the focus is on that window, the mouse and keyboard acts for remote machine. You may move mouse outside the window and click to bring focus elsewhere, to return to the local operations.

Now it is time for a bit of tuning:

create a file named .vnc/config on your server and put there the desired screen resolution (or multiple to chose between them). Remember, that whole your remote screen must fit into the window on your local workstation, so must be significantly smaller (esp. shorter).

[eouser@vnctest ~]$ echo -randr 800x600,1024x768,1280x800,1280x960,1280x1024,\
1680x1050,1920x1080 > .vnc/config

Now, using terminal session to your server, restart your VNC server, open another session and using display configuration utility choose the one best fitting your workstation window area:

[eouser@vnctest ~]$ vncserver -kill :1
Killing Xvnc process ID 4331
[eouser@vnctest ~]$ vncserver
New 'vnctest.novalocal:1 (eouser)' desktop is vnctest.novalocal:1
Starting applications specified in /home/eouser/.vnc/xstartup
Log file is /home/eouser/.vnc/vnctest.novalocal:1.log

You may also specify window size (or rather size of your remote desktop – the window will be slightly larger) directly in vncserver invocation, e.g.:

[eouser@vnctest ~]$ vncserver -geometry 1280x1024


Remember to adjust viewer size to show the whole remote desktop without rescaling it!

Using the remote programs

Now you may use remote programs as you like. E.g. you may open the terminal on remote machine from its menu (not the primary ssh terminal! The new one within your graphical session!) and type

$ snap

to start ESA SNAP utility. But you may run any other graphical program, either starting it from terminal command line, or from icon shortcut, or from remote desktop menu. E.g. you may start remote web browser by either typing „firefox” or choosing Firefox from the menu.


Finishing the session

The VNC session is not closed on disconnection of the VNC viewer! The session still exists and the next connection from the viewer will reconnect to the old session, rather than starting the new one. Of course, lots of server resources are allocated to such orphaned session.

In order to close the session gracefully, you should first logout the remote session, using GUI of the display manager. And then you should stop the VNC server, using terminal session to the server:

[eouser@vnctest ~]$ vncserver -kill :1

Where :1 is the number of your session, as assigned while the vncserver was started.


Running VNC without SSH

VNC without SSH tunnelling should be used only if some other secure connection (e.g. VPN) is in place. Using it over public Internet is strongly discouraged, as its very weak authentication form significant security leak.

The security group, applied to the server in OpenStack, must be loosened to allow tcp connections to port 5901 (and next ones, if there are multiple VNC servers running)

In order to use VNC directly, the SSH session may not exist at all, but if exists, it shouldn’t tunnel port 59xx. The option -L 23456:localhost:5901 must not be used for its invocation.

The viewer establishes the connection not to a tunnelled port, but rather directly to VNC server:

server: ip-number-of-my-server:5901


Note, that even in case a VPN is used, SSH usually still somewhat improves the performance, as its data are not only encrypted, but also compressed – and the gain on compression is usually higher, than encryption overhead.

 

Tips and tricks

If you are the only user of the remote server and you are absolutely sure that no other concurrent VNC session may be active (neither yours nor owned by other user of the machine), then you may shortcut connection startup to:

me@my_worstation.home:~ ssh -YCL 23456:localhost:5901 eouser@185.48.xxx.xxx


Window Managers. For most uses the full graphical environment, like Gnome, is most convenient. But, for simple use, like invoking single remote graphical program (e.g. SNAP), the very limited TWM may be more convenient. It is sufficient to have an x-terminal open, allowing to launch our favourite program and eventually make some simple operations from command-line.
Even „null” window manager may be effectively used: the application to be launched may be defined in .vnc/xsession file – it will be then launched on VNC server start as the only application of fixed geometry on the screen, and all other operations must be done from terminal session. „null” or trivial (TWM) sessions use up much less server resources and save lots of system disk space.

Remote/local clipboards are not fully integrated. On some combinations of the systems it doesn’t work at all. Even if it works, you should be aware that only plain ASCII text may be cut-pasted: national chars and unicode are not supported. If the keybord shortcuts Ctrl-C/Ctrl-V do not work, you should try right-mouse-button menu.
 
Reconnecting to a broken session. If you got disconnected from the server (your ssh session was closed) without shutting down your desktop session and without stopping the VNC server, you may either kill the previous session and start the new one, or reconnect to the old one. To reconnect just establish the ssh session again with proper port tunnelling, e.g.:

me@my_worstation.home:~ ssh -YCL 23456:localhost:5901 eouser@185.48.xxx.xxx
and check if the session still exists:
[eouser@vnctest ~]$ vncserver -list

then, if it is running, connect with your VNC viewer. You will return to the previous session.
 
Resizing of the VNC viewer window does not affect the remote desktop size. In the worst case it would be proportionally rescaled, which looks awful. In order to resize the view, you should do the following:

  1. resize the desktop size using the remote desktop manager utility;
  2. adjust view size in your VNC viewer (in Remmina: first button in the taskbar to the left)

 
Appendix – Other Operating Systems

The example above used Ubuntu 16.4 client (user’s workstation) and CentOS 7.2 computing server. The setup slightly differs from one operating system to another.

The same setup as for CentOS may be used for other systems of the RedHat family (RedHat, CentOS, Scientific Linux).

RedHat-6 family

RedHat-6 and its family (CentOS-6, etc.) still support twm. It might be installed from the repository package:

$ sudo yum install xorg-x11-twm

 

Ubuntu

The VNC server package is called vnc4server. It must be installed using the command:

$ sudo apt-get install vnc4server

If the full graphics environment is not used, at least the minimal window manager must be installed:

$ sudo apt-get install twm

Full graphics environment might be installed with Gnome, or any simpler one e.g. (remember to reboot after installation and to edit your .vnc/xstartup file!)

$ sudo apt-get install lubuntu-desktop


VNC server is invoked by command

$ vnc4server


The same applies to all systems of Ubuntu family and to most of Debian derivatives.


VNC viewers


For Ubuntu family the standard viewer is Remmina. It is included in most desktop metapackages, but if not found in the system, it may be installed as

$ sudo apt-get install remmina


For RedHat family the standard viewer is vncviewer. To be installed as

$ sudo yum install vnc


and to be started from menu or as:

$ vncviewer


For Windows there is no standard VNC viewer, however, many free packages (most popular are TightVNC, RealVNC, TigerVNC) are available for download – either as products dedicated for MS-Windows or as ports of linux programs.


For Mac the VNC client is included in the system as ‘screen sharing’ utility.


Universal viewer: TightVNC is java-based viewer, available for virtually every platform. It requires Java runtime environment to be installed. It is available also for mobile devices. For linux, however, it perfoms a bit slower than native remmina.