VNC Server on RHEL
On a 64-bit CentOS 5.8 box.
Install necessary packages
yum -y install vnc vnc-server
Set up VNC users
useradd vncuser
su vncuser
vncpasswd
Enter the password you’ll use to connect. This creates a .vnc file in
the user’s homedir. Now edit ~/.vnc/xstartup to uncomment the lines
pertaining to a normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc
Set up the VNC configuration
I added this to /etc/sysconfig/vncservers:
# No SSH tunneling
VNCSERVERS="2:support"
VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -nohttpd"
Set firewall rules
Look at the 2:support above. The number is added to ports 5800, 5900
and 6000 for connections.
| Port | Function |
|---|---|
| 5800+n | For Java-based VNC viewers (e.g. through a webstart application) |
| 5900+n | VNC Client port |
| 6000+n | X Server port |
At a bare minimum, port 5902 must be open. If you want other fancy
stuff, open ports 5802, 5902 and 6002 (do this securely; see
section below).
Start the VNC Service
service vncserver start
Test, test, test!
Using VNC Securely
To tunnel your VNC connection through SSH, add -localhost to
VNCSERVERARGS in /etc/sysconfig/vncservers. In the example above,
VNCSERVERS="2:support"
VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -nohttpd -localhost"
Restart the VNC service. We’re now listening on port 5902 for local
connections to that port only.
Client-side connection
Easy peasy:
ssh -L 5902:localhost:5902 support@server.example.com -N
Tunnels all requests on port 5902 on your computer to port 5902 on the
server ("-L") and doesn’t execute any commands ("-N", port-forwarding
only.) You can add “-f” to push this into the background.
Troubleshooting
If you cannot start the VNC service (i.e. get a “FAILED”), make sure
that you do these in order:
useradd vncusersu vncuservncpasswd vncuserexitservice vncserver restart
Step 2 is important! You need to be the user when setting your VNC
password. vncpasswd vncuser as root won’t work.