VNC Viewer: how to use, installation and settings. VNC Server or Remote Desktop on Ubuntu
- Tutorial
This guide is about how to set up noVNC for remote access to Windows computers.
Why noVNC?
- Windows has a “native” tool for remote access - Remote Desktop Connection. But it is not available in all versions of Windows - for example, it is not in the Home edition.- There are also many VNC servers and clients for any version of Windows. But to use them you need to install a VNC client. And there are cases when you can’t install anything (restricted rights), or it’s undesirable so as not to leave traces on someone else’s computer.
- There is also Chrome Remote Desktop, which only needs a browser extension on the client side. But I had a case when the Chrome protocol was blocked by an organization (everything was blocked there), and noVNC uses regular HTTP and therefore worked.
As far as I know, noVNC is the only tool that allows you to connect to a remote computer without installing any client - only a browser is used.
There is also SPICE, but I haven’t found a server for it on Windows.
As a result of this guide, we can simply open the link in the browser, enter the password and use the remote system.
A prerequisite is port forwarding, or the white IP of the remote computer. You can also use VNC repeater. But this is beyond the scope of this article.
General scheme
First we will install a regular VNC server on port 5900.Then we will install noVNC and WebSockify on port 5901.
The goal is for it to look something like this:
Now run command prompt with administrator rights:
Launch WebSockify:
C:\> cd c:\noVNC\websockify c:\noVNC\websockify> websockify.exe 5901 127.0.0.1:5900 --web c:\noVNC\noVNC-master WARNING: no "resource" module, daemonizing support disabled WebSocket server settings: - Listen on:5901 - Flash security policy server - Web server. Web root: c:\noVNC\noVNC-master - No SSL/TLS support (no cert file) - proxying from:5901 to 127.0.0.1:5900
The first parameter above is the port on which noVNC will listen: 5901
. This port must be made available to clients.
The second parameter is the IP and port where the VNC server is located: 127.0.0.1:5900
Third parameter --web instructs noVNC to give the contents of the directory c:\noVNC\noVNC-master via HTTP(s). By default, noVNC only provides a VNC websocket, but this option allows you to have HTTP server on the same port.
In the directory c:\noVNC\noVNC-master rename the file vnc.html V index.html so that it is given by default.
Now the noVNC client should be available on port 5901:
Also try opening the noVNC page from another computer/smartphone to make sure it is accessible from outside. If not, then check:
What do you have Windows Firewall doesn't block external connections to this port,
- that your router correctly forwards requests to this port to the right computer; If necessary, google “port forwarding”.
We connect (Connect), enter the VNC password and see the desktop of the remote computer!
If something went wrong, then errors should appear in our console.
You can stop the noVNC server by pressing Ctrl-C in the console. The configuration described above works over HTTP (and over WS).
Adding SSL with a self-signed certificate
Adding SSL is optional. You can create a self-signed certificate like this:Openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem
For Windows openssl you can take .
As a result, we get the file self.pem, which must be pointed to when starting noVNC:
C:\noVNC\websockify> websockify.exe 5901 127.0.0.1:5900 --web c:\noVNC\noVNC-master --cert=c:\noVNC\self.pem
Now we have HTTPS and WSS (WebSocket Secure) working. For WSS, you need to specify Encrypt in the Settings. Interestingly, noVNC uses the same port for HTTP and HTTPS - it “knows how” to distinguish between requests and respond correctly.
Since the certificate is self-signed, the browser will need to accept this certificate.
Let's Encrypt
I don't have instructions on how to configure the system so that Let's Encrypt automatically generates a certificate specifically for our system. This would require noVNC to be running on port 80, which is of course possible, but may be inconvenient, and find a way to integrate certbot so that these files are published in the desired directory. I think this is possible, but I didn’t do it. If you finish it, share it in the comments.In my case, I already have a home server with NGINX and a DDNS name, which is configured to automatically receive a certificate from Lets Encrypt.
You can run something similar for yourself. There are instructions on setting up Let's Encrypt for Linux and Windows.
Therefore for noVNC I just use existing ones pem-files generated for nginx.
Let's Encrypt creates the following files:
Cert.pem: Your domain"s certificate chain.pem: The Let"s Encrypt chain certificate fullchain.pem: cert.pem and chain.pem combined privkey.pem: Your certificate"s private key
On Ubuntu they can be found at this path: /etc/letsencrypt/live/your_domain_name
Need to copy (merge) fullchain.pem And privkey.pem into one file, for example let's call it encrypt.pem, and this is the file we will use for noVNC.
Of course, this will only work if nginx server and noVNC- on one domain. Ports may be different.
And we must not forget that certificates are only valid for a few months, and then you need to copy updated files.
Add noVNC as a Windows service
Download the zip archive and unpack the files from there so that they are in the same folder as the file websockify.exe, that is, in our case in c:\noVNC\websockify.When launched, the service will use the parameters from the file noVNCConfig.ini. Here is an example of my config:
5901 127.0.0.1:5900 --web C:\noVNC\noVNC-master --cert=c:\noVNC\encrypt.pem
In the console launched with administrator privileges, create a new service:
Sc create "noVNC Websocket Server" binPath= "c:\noVNC\websockify\noVNC Websocket Service.exe" DisplayName= "noVNC Websocket Server"
If you need to delete a service, do it like this:
Sc delete "noVNC Websocket Server"
Opening services ( Control Panel→ Administrative Tools → Services) and launch noVNC Websocket Server. You can also configure the service to start every time with Windows:
Known issues
Keyboard layout
I discovered that the Russian keyboard layout works in a rather unusual way:If the client has Russian language selected, then remote computer keystrokes are not transmitted at all.remote desktop Add tags |
VNC (Virtual Network Computing) is a remote access system that allows you to use a keyboard and mouse to interact with graphical interface desktop remote server. With its help, you can manage files, software and settings of a remote server without accessing the command line.
This guide will help you install VNC on an Ubuntu 16.04 virtual private server and configure secure connection using an SSH tunnel. The VNC server will use TightVNC, a fast and lightweight package remote control, which supports operation even with slow Internet.
Requirements
- Configured Ubuntu 16.04 server (refer to for this).
- Non-root user with sudo access.
- A local computer with a pre-installed VNC client that supports VNC connections over an SSH tunnel. Windows users can install TightVNC, RealVNC or UltraVNC. Mac users OS X can use the built-in Screen Sharing package or use cross-platform applications (for example, RealVNC). Linux users can choose vinagre, krdc, RealVNC, TightVNC, etc.
1: Install Desktop Environment and VNC Server
By default, Ubuntu 16.04 servers come without pre-installed graphical environment desktop and VNC server. Therefore, you first need to install these components. This tutorial uses the Xfce and TightVNC packages available in the official Ubuntu repository.
To install the specified packages on the server, enter:
sudo apt install xfce4 xfce4-goodies tightvncserver
To complete initial setup VNC server after installing it and select strong password, use the vncserver command.
The command will ask you to select and confirm a password, as well as a viewing password (optional). Users who access VNC using a browsing password will not be able to control VNC using a mouse or keyboard. This password allows you to demonstrate VNC to other users if necessary.
The vncserver command will complete the initial VNC setup and create configuration files.
2: Setting up a VNC server
First you need to define the commands that the VNC server will execute when starting. These commands should be in the xstartup file in the .vnc directory, which is stored in your home directory current user. The startup script was created by the vncserver team, but it needs to be modified to work with Xfce.
When VNC first starts, it uses port 5901. VNC calls this port:1. VNC can run other instances on other ports, which will be called :2, :3, etc.
To change the VNC server settings, you need to stop the instance using port 5901.
vncserver -kill:1
The command will return the following message (PID will be different):
Killing Xtightvnc process ID 17648
Create backup copy xstartup file:
mv ~/.vnc/xstartup ~/.vnc/xstartup.bak
Then create new file xstartup:
nano ~/.vnc/xstartup
Paste the following commands into it, which will be executed automatically when the VNC server starts. Save and close the file.
~/.vnc/xstartup
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4&
With the first command, xrdb $HOME/.Xresources, the VNC server GUI reads the .Xresources file. In the .Xresources file, the user can make changes to some settings of the graphical desktop (customize terminal colors, cursor themes, fonts). The second command simply launches Xfce, which is where all the graphics are stored software, necessary to manage the server.
Now you need to transfer the rights to the file:
sudo chmod +x ~/.vnc/xstartup
Restart VNC:
During startup the server will return:
New "X" desktop is your_server_name.com:1
Starting applications specified in /home/8host/.vnc/xstartup
Log file is /home/8host/.vnc/liniverse.com:1.log
3: Testing the VNC Desktop
Now you need to make sure that the VNC server is configured correctly.
Create an SSH connection on your local computer, redirected to the VNC server's localhost. You can use a Linux or OS X terminal for this.
ssh -L 5901:127.0.0.1:5901 -N -f -l username server_ip_address
Note: Replace user and server_ip_address with a username with sudo access and your IP address.
If you are using graphical SSH client(e.g. PuTTY), use server_ip_address as the connection IP address, and then specify localhost:5901 in the SSH tunnel settings.
Now you can use VNC client to connect to the server. To do this you need to pass authentication. Enter the password set in section 1.
After this, the standard Xfce desktop will appear on the screen.
You can access your home directory files using file manager or command line.
4: Create a VNC service file
Now you need to configure the VNC server as a system service.
Create a new file /etc/systemd/system/ [email protected]:
sudo nano /etc/systemd/system/ [email protected]
Copy and paste the following code into it:
/etc/systemd/system/ [email protected]
Description=Start TightVNC server at startup
After=syslog.target network.target
Type=forking
User=8host
PAMName=login
PIDFile=/home/8host/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill:%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800:%i
ExecStop=/usr/bin/vncserver -kill:%i
WantedBy=multi-user.target
Note: Enter your username instead of 8host.
Save and close the file.
Restart the daemon:
sudo systemctl daemon-reload
Include the new file:
sudo systemctl enable [email protected]
Stop the current VNC server instance if it is still running:
vncserver -kill:1
Now try running it like any other systemd service:
sudo systemctl start vncserver@1
To make sure the server is running, check its status:
sudo systemctl status vncserver@1
If the server is running, the command will return:
[email protected]- TightVNC server on Ubuntu 16.04
Loaded: loaded (/etc/systemd/system/ [email protected]; enabled; vendor preset: enabled)
Active: active (running) since Mon 2016-04-25 03:21:34 EDT; 6s ago
Process: 2924 ExecStop=/usr/bin/vncserver -kill:%i (code=exited, status=0/SUCCESS)
...
systemd: Starting TightVNC server on Ubuntu 16.04...
systemd: pam_unix(login:session): session opened for user finid by (uid=0)
systemd: Started TightVNC server on Ubuntu 16.04.
Conclusion
Now on Ubuntu server A secure VNC server is installed on 16.04. It can be used to manage files, programs and settings of a remote server.
Tags: ,Remotely controlling a computer sounds intriguing, but only for those who have not encountered this before. In fact, this service has been around for a long time and is widely used by professionals. Many developers various programs initially implement this feature in their products so that they can quickly help customers cope with problems or software settings. With high-speed Internet, this happens very easily and quickly. However, sometimes there is a need to help acquaintances, friends or relatives, especially if these are older people who have picked up a mouse for the first time. Also, from time to time you urgently need to get to your home computer, for example, when you forgot to download an important presentation to a flash drive, or, while in another city, you want to show your friend your photos from your last trip to the Urals.
UltraVnc is another program for remote computer control.
Advantages: free and supports both Windows and unixOS (for example Linux).
Flaws: a bunch of scary settings in English.
So, the eyes are afraid, but the hands do. Download the latest version from the official website www.uvnc.com or download. Let's launch. Select server and viewer. The server is installed on those computers to which we will connect, and the viewer on those from which we will connect.
« Install service" And " Allow Ctrl+Alt+Del" Yes.
Field " Incoming Connections" - "Incoming connections."
Accept Socket Connections- turn it on (i.e. don’t touch it).
Display- shows the port number (theoretically). We don't touch it.
Ports– let the car remain.
Enable JavaViewer(HTTP connect) - allow java viewer (via browser). Yes.
Allow Loopback Connections- allow connection through a “loop” (as if not by yourself for the test). We leave it.
Loopback Only- only a “loop” - nothing else will work. No.
Field “Authentication” - “Authentication” (confirmation of identity/rights).
VNC Password- control password (in English).
View-Only Password– password for viewing only (in English). It would be nice to set it up as different from VNC.
Require MS Logon— applies Accounts windows. We don't tick the box.
Field “File Transfer” - “File transfer”. Yes, it will come in handy.
Field “DSM Plugin” - data encryption. Whatever you want, I don’t bet.
Field “When last client disconnects” - “When the last client is disconnected.”
- Nothing to do. We choose.
— Block the computer.
— End the session.
Field “Keyboard&Mouse” - “Keyboard and mouse”. I don't post anything.
— Disables the mouse and keyboard of the person who connects.
— Disables the mouse and keyboard of the person to whom it is connected.
— Japanese keyboard.
Field “Query on incoming connection” - “Request for an incoming connection”.
Asks the user if he allows a connection to it.
Display Query Window— message display time. If the user didn't click anything:
— Refuse– connection failure.
— Accept– connection resolution.
Field "Multi Viewer Connections" - " Simultaneous connection several clients."
— « Disconnect all existing connections"—disable the last one after connecting the new one. We leave it.
— « Keep existing connections» — hold all connections.
— « Refuse the new connection"- the item means that there is a ban on a new connection, although in practice there is no ban.
— « Refuse all new connections» - do not allow new connections if one already exists.
Field "Misc. “- there are all sorts of useful things for convenience, speeding up work, reducing traffic.
— Remove Aero (Vista)- disable Aero (3D, transparency and other “decorations”). Let's celebrate.
— Remove Wallpaperfor Viewers- removes wallpaper from the desktop. We put a tick.
— EnableBlank Monitor Viewer Request- disabling the monitor of the managed computer. This option does not work properly, so I uncheck it.
— Disable Only Inputson Blanking Request- only prohibits input from the server console, but the screen does not close.
— Enable Alpha-Blending Monitor Blanking- another option to disable the server monitor. Use if there are problems with the first option.
— Capture Alpha-Blending- ability to see the included video. It works with glitches, but very useful feature, when you need to view video cameras, for example. Let's celebrate.
— Disable Tray icon- disables the tray icon. Let's celebrate.
— Forbid the user to close down WinVNC- prohibits disabling the server. We put a tick.
— Default Server Screen Scale- screen scale when connected. We leave 1/1.
Field “Logging” - “Creating a log file”
Log debug infos to the WinVNC.log file- writes the server log. No need.
The settings are set, click Apply and OK.
Three icons appear on the desktop: Ultra VNC Viewer, Ultra VNC Server and Ultra VNC Settings.
Open “Settings” and we can change them here. But there is one new setting « ScreenCapture"—screen capture. Allows you to take screenshots of your desktop.
Field “Capture Options” - “Capture options”. — Poll Full Screen – the entire screen.
— Poll Foreground Window– active window.
— Poll Console Windows Only– console window only.
— Poll On Event Only–event window only.
— Poll Window Under Cursor– window under the cursor.
— LowAccuracy(low accuracy) - gives an increase in speed at the expense of accuracy.
Field "Advanced" - "Advanced".
Use System HookDll- the option makes sense on Windows 9x.
Video Hook Driver- use the video capture driver. Provides best performance on Windows XP, Vista, 7.
Show Primary Display— show the first screen.
Show Secondary Display– show second screen.
Capture Alpha-Blending– video image capture.
Remote Aer While connected– disable Aero when connected.
Remote Wall paper While connected– disable desktop wallpaper when connected.
Double clicking on the “server” icon (Ultra VNC Server) starts the server if it is not already running.
Now we launch the “viewer” (Ultra VNC Viewer).
The “Quick Options” field configures the connection speed.
We leave the car. There are also settings:
— View Only– viewing only. Only when peeking.
— Auto Scaling– there are no scroll bars; when you move the mouse down, the screen moves itself. Let's put it.
— Confirm Exit— confirm exit. No need .
In general, we don’t need anything else, so we enter the computer’s IP address ( How to find out the IP address of your computer, see), on which there is an already configured server (UltraVNCServer) and click “ Connect" After asking for a password, we get to the computer we need.
(Visited 28,161 times, 7 visits today)
We present to your attention a new course from the team The Codeby- "Penetration testing of Web Applications from scratch." General theory, preparation of the working environment, passive fuzzing and fingerprinting, Active fuzzing, Vulnerabilities, Post-exploitation, Tools, Social Engeneering and much more.
Virtual Network Computing (VNC) allows for shared access other remote users to the localhost desktop environment over the network. To provide access to the desktop, a VNC server must be running on the local host, and deleted users connect to the VNC server using some VNC viewer client.
In this tutorial I will explain how to set up a VNC server on Linux. For this I will be using vino, a VNC server software for the GNOME desktop environment.
For VNC installations vino server on a machine with Debian, Ubuntu or Linux Mint:
$ sudo apt-get install vino
To install the vino VNC server on a machine running Fedora, CentOS or RHEL:
$ sudo yum install vino
After installation, you can run vino and enable the VNC server by entering the vino-preferences command.
$vino-preferences
The above command will open the vino settings window to access the desktop as shown below. In the window where " Sharing» Check the box to allow other users to see your desktop. You can also set a VNC password. When the settings are done, this window can be closed.
In theory, the vino-preferences utility itself should start the VNC server. If the VNC server is not running for some reason, you can start the VNC server manually as follows.
$ /usr/lib/vino/vino-server &
On the latest Linux Mint with the Cinnamon desktop, vino-preferences are known to be missing. To enable VNC server configuration in Mint on the Cinnamon desktop, use dconf-editor instead, as described here.
You can check if vino is running by typing the following command.
$ sudo netstat -pl | grep vino tcp 0 0 *:5900 *:* LISTEN 3246/vino-server tcp6 0 0 [::]:5800 [::]:* LISTEN 3246/vino-server tcp6 0 0 [::]:5900 [:: ]:* LISTEN 3246/vino-server
As you can see above, vino-server is running on TCP port with numbers 5800 and 5900. You can use any software with VNC client function to connect to the VNC server.
If the VNC server is configured so that you must confirm every VNC access to your desktop, then you will see the following pop-up message every time a VNC connection request is received. Only after you enable VNC will the VNC client be able to access your desktop.
The article talks about setting up the ability to connect to Ubuntu via remote desktop (similar to RDP in Windows). Example commands executed on Linux Ubuntu 18.04.
Installing and configuring a VNC server
Let's consider two use cases graphical shell- xfce and gnome.
If you are using a firewall, add a rule:
iptables -A INPUT -p tcp --dport 5901 -j ACCEPT
* in this example, we allow incoming connections on the port 5901 . To work with multiple ports, add them by analogy.
XFCE
Installation
apt install xfce4 xfce4-goodies tightvncserver
yn).
Settings
vncserver -kill:1
* copy :1
Setting up a VNC server:
vi ~/.vnc/xstartup
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4
Start vncserver again:
Gnome
Installation
Installation is performed with the following command:
apt install ubuntu-desktop gnome-panel gnome-settings-daemon metacity nautilus gnome-terminal vnc4server
Set a password for remote desktop access. To do this, enter the command:
When prompted for a password, enter it twice. You will then be prompted to enter a password for guest access - you can agree ( y) and enter a password or refuse ( n).
Settings
First, stop the VNC server instance:
vncserver -kill:1
* copy :1 , by default, listens on port 5900+1 (5901).
Setting up a VNC server for the current user:
vi ~/.vnc/xstartup
#!/bin/sh
# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid gray
vncconfig -iconic &
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &!}
x-window-manager &
Gnome-panel &
gnome-settings-daemon &
metacity &
Start vncserver again:
Connecting to the remote desktop
Launch the VNC client. For example, on Linux - Remmina, on Windows - TightVNC Viewer or RealVNC. Enter the IP address of the computer with VNC and the port number:
You will be asked for a password - enter the one you set during setup.
Service autostart
To make the VNC server start after a reboot, create a new unit in systemd:
vi /etc/systemd/system/vncserver.service
Description=VNC server
After=syslog.target network.target
Type=forking
User=root
PAMName=login
PIDFile=/root/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill:1 > /dev/null 2>&1
ExecStart=/usr/bin/vncserver
ExecStop=/usr/bin/vncserver -kill:1
WantedBy=multi-user.target
Update systemd:
systemctl daemon-reload
Allow autostart of the service.