Part 5 – CentOS setting up VNC server

Setting up VNC Server, including firewall configuration.

If you followed my previous posting (Parts 1 –3) you would have selected the options Server and Server GUI in the CentOS installation wizard. In doing this you would have installed VNC server. VNC server provides a remote desktop capability for the server. Although it is installed we need to configure some elements before we can connect to it. I will assume you have read part 3 SSH, I will assume you can connect using putty and SSH as the root user.

To get VNC server up and running the way I want (replicate a desktop environment remotely) we need to do 3 things

1. setup vncserver
   • edit config file /etc/sysconfig/vncservers
   • create / edit xstartup scripts and set vncpassword
2. edit the firewall to allow vnc connections.

edit config file /etc/sysconfig/vncservers

The vncserver configuration file is located in the /etc/sysconfig directory. From the SSH terminal session run our favourite editor vi, (see part 2, section proxy environment variables, for more details on the editor and commands), to edit the vncservers file

vi /etc/sysconfig/vncservers

Once inside this file find the following two lines

# VNCSERVERS="2:myusername"
# VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -nohttpd -localhost"

Uncomment these lines (remove the #), now we want to change the myusername to the username of the user you want to allow to have access to vnc. In this case I will use root and change the two lines to.

VNCSERVERS="2:root"
VNCSERVERARGS[2]="-geometry 800x600 -depth 16"

So lets look at these two lines, the first line sets up the user (in this case root) and the second line defines the resolution of the desktop (800x600) and the color depth (16bit). The 2: that appears referencing the user apart from referencing the user the number is helps dictate what tcp port the VNC server listens on. VNC server listens on 5900 + the user user number (each user has a port defined), so in our case the port will be 5902 (5900 + 2).

Note:

If you want to set up multiple users you can do that as follows. be aware that the root user will be port 5901 and linuxuser on 5902.

VNCSERVERS="1:root 2:linuxuser"
VNCSERVERARGS[1]="-geometry 1280x960 -depth 16"
VNCSERVERARGS[2]="-geometry 1024x768 -depth 16"

Once you have finished editing your file save and quit vi :wq.

create / edit xstartup scripts and set vncpassword

We now have to assign a password to each vnc session and configure the xstartup scripts for each user.

Login with each user assigned in the vncservers file. Once logged in, run the vncpasswd program and set the password. Below I show a screenshot of my terminal session logged in as root and running the vncpasswd program.

 In addition to setting the password, the vncpasswd program creates a .vnc folder in the users home folder

~/.vnc/ 

Once all users have had their passwords assigned we need to create the xstartupfile in each .vnc folder. We do this by logging in as root and restarting the vncserver service.

service vncserver stop
service vncserver start

Now at this stage we should be able to connect to the vncserver (apart from the firewall config), however if you could connect at this time you will notice that the desktop is very basic and does not show the Gnome desktop. The interface you would see is the basic windows handler called X11. You should be able to do most things from here but thats not what i was after, I wanted a Gnome desktop. So there is 1 thing left to do.

Now earlier we created the xstartup scripts but did nothing with them. We need to edit these files.

vi ~/.vnc/xstartup

uncomment the following two lines (remove the #).

# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc

Save and quit the file, remember to do this for each user.

Restart the vncserver

service vncserver stop
service vncserver start

Ok, we should be good to go in so far as vnc is concerned however we still need to configure the firewall, this is detailed further below. 

edit the firewall to allow vnc connections.

Connected via SSH login as root and edit the following file

/etc/sysconfig/iptables

This file contains the setup for the firewall. We are going to add one line to this file. find the following line

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

and insert the following line above it.

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901:5902 -j ACCEPT

the last line in the firewall list should always be the REJECT rule, this is to ensure that if nothing matches a rule in the listing that it will always be rejected.

That should now be it. We need to reboot the server so type

shutdown -r now

(this will reboot the server immediately).

Once you have rebooted the server, fire up your vnc client (viewer) and try and connect to the server. I show a screenshot of the Ultra VNC viewer (on the windows machine)  I use to connect to the servers.

Other parts in this series

• Introduction
• Install CentOS (and initial configuration) for the Windows Sys Admin.
  1. Part 1 - Basic Install
  2. Part 2 - Initial Configuration
  3. Part 3 - Proxy configuration
  4. Part 4 - SSH (Secure shelling)
  5. Part 5 - Setting up VNC Server (inc firewall)
  6. Part 6 - Setup Windows Authentication integration.
  7. Part 7 - Tips
• Online Documentation (all the good articles I have found on the tinterweb).

Part 5 – CentOS setting up VNC server