Example VNC-Server Setup

This example describes how you can set up a CentOS/Red-Hat host to accept VNC connections from PrivX.

VNC-Server Setup

  1. Install a VNC server on the host. In this case we use tigervnc-server:

    sudo yum install tigervnc-server 
    
  2. Log in as user to whom you want to provide vnc access or create a new user e.g. vnc-user. Then set their VNC password with:

    vncpasswd
    
  3. Create a copy of the VNC-configuration template:

    sudo cp /lib/systemd/system/[email protected] /etc/systemd/system/[email protected]:1.service
    

    📘

    Note

    This example configures the VNC service for monitor 1. You will need to adapt these instructions if using other monitors.

  4. Edit the VNC-server configuration [email protected]:1.service. Replace all instances of <USER> with the user name of the VNC user. Alternatively you may also set the user(s) in /etc/tigervnc/vncserver.users

    The VNC server is now configured to allow access for the VNC user.

Start VNC Server

sudo systemctl daemon-reload
sudo systemctl start [email protected]:1
sudo systemctl status [email protected]:1 -l

You may confirm that vnc server is listening on port 5901 by running

ss -tulpn| grep vnc

The command should output similar to the following:

tcp  LISTEN   0   5        *:5901      *:*   users:(("Xvnc",pid=1330,fd=9))
tcp  LISTEN   0   128      *:6001      *:*   users:(("Xvnc",pid=1330,fd=6))
tcp  LISTEN   0   5     [::]:5901   [::]:*   users:(("Xvnc",pid=1330,fd=10))
tcp  LISTEN   0   128   [::]:6001   [::]:*   users:(("Xvnc",pid=1330,fd=5))

If you want to automatically start the VNC sever at reboot, also run:

sudo systemctl enable [email protected]:1

Configure VNC Port with PrivX UI

On PrivX, under Administration→Hosts→Services, add VNC service and change PORT to 5901.

Connect to VNC Server

On PrivX, under Connections→Available Hosts, find the Host with configured VNC server and click to connect.

Stop VNC Server

sudo systemctl stop [email protected]:1

Change Port and Display

To change the display (in this example, from 1 to 0):

Copy existing VNC-server configuration to a file with the corresponding monitor number:

cp /etc/systemd/system/[email protected]:1.service /etc/systemd/system/[email protected]:0.service

Before reloading systemctl daemon you probably need to remove the remaining temporary files

rm /tmp/.X0-lock /tmp/.X11-unix/X0k

Reload the VNC server to apply the changes:

systemctl daemon-reload
==== AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon ===
Authentication is required to reload the systemd state.
Authenticating as: vnc-user
Password: 
==== AUTHENTICATION COMPLETE ===
[[email protected] system]$ systemctl start [email protected]:0
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: vnc-user
Password: 
==== AUTHENTICATION COMPLETE ===
[[email protected] system]$ systemctl status [email protected]:0
● [email protected]:0.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/[email protected]:0.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2021-03-17 16:55:56 EET; 11s ago
  Process: 8426 ExecStart=/usr/bin/vncserver_wrapper vnc-user %i (code=exited, status=2)
  Process: 8424 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 8426 (code=exited, status=2)

Mar 17 16:55:55 localhost.localdomain systemd[1]: Starting Remote desktop service (VNC)...
Mar 17 16:55:55 localhost.localdomain systemd[1]: Started Remote desktop service (VNC).
Mar 17 16:55:56 localhost.localdomain vncserver_wrapper[8426]: Warning: localhost.localdomain:0 is taken because of /tmp/.X0-lock
Mar 17 16:55:56 localhost.localdomain vncserver_wrapper[8426]: Remove this file if there is no X server localhost.localdomain:0
Mar 17 16:55:56 localhost.localdomain vncserver_wrapper[8426]: A VNC server is already running as :0
Mar 17 16:55:56 localhost.localdomain systemd[1]: [email protected]:0.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Mar 17 16:55:56 localhost.localdomain vncserver_wrapper[8426]: FATAL: 'runuser -l vnc-user' failed!
Mar 17 16:55:56 localhost.localdomain systemd[1]: Unit [email protected]:0.service entered failed state.
Mar 17 16:55:56 localhost.localdomain systemd[1]: [email protected]:0.service failed.

Notice the following warning: Warning: localhost.localdomain:0 is taken because of /tmp/.X0-lock

File .X0-lock should be deleted

rm /tmp/.X0-lock
systemctl start [email protected]:0
systemctl status [email protected]:0 -l
[email protected]:0.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/[email protected]:0.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2021-03-17 17:14:50 EET; 13s ago
  Process: 9358 ExecStart=/usr/bin/vncserver_wrapper vnc-user %i (code=exited, status=2)
  Process: 9356 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 9358 (code=exited, status=2)

Mar 17 17:14:50 localhost.localdomain systemd[1]: Starting Remote desktop service (VNC)...
Mar 17 17:14:50 localhost.localdomain systemd[1]: Started Remote desktop service (VNC).
Mar 17 17:14:50 localhost.localdomain vncserver_wrapper[9358]: Warning: localhost.localdomain:0 is taken because of /tmp/.X11-unix/X0
Mar 17 17:14:50 localhost.localdomain vncserver_wrapper[9358]: Remove this file if there is no X server localhost.localdomain:0
Mar 17 17:14:50 localhost.localdomain vncserver_wrapper[9358]: A VNC server is already running as :0
Mar 17 17:14:50 localhost.localdomain systemd[1]: [email protected]:0.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Mar 17 17:14:50 localhost.localdomain vncserver_wrapper[9358]: FATAL: 'runuser -l vnc-user' failed!
Mar 17 17:14:50 localhost.localdomain systemd[1]: Unit [email protected]:0.service entered failed state.
Mar 17 17:14:50 localhost.localdomain systemd[1]: [email protected]:0.service failed.

Now delete .X11-unix/X0k

rm /tmp/.X11-unix/X0k
systemctl daemon-reload
systemctl start [email protected]:0
systemctl status [email protected]:0
[email protected]:0.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/[email protected]:0.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-03-17 17:16:39 EET; 4s ago
  Process: 9513 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 9516 (vncserver_wrapp)
   CGroup: /system.slice/system-vncserver.slice/[email protected]:0.service
           └─9516 /bin/sh /usr/bin/vncserver_wrapper vnc-user :0

Mar 17 17:16:39 localhost.localdomain systemd[1]: Starting Remote desktop service (VNC)...
Mar 17 17:16:39 localhost.localdomain systemd[1]: Started Remote desktop service (VNC).
Mar 17 17:16:42 localhost.localdomain vncserver_wrapper[9516]: WARNING: The first attempt to start Xvnc failed, possibly because the font
Mar 17 17:16:42 localhost.localdomain vncserver_wrapper[9516]: catalog is not properly configured.  Attempting to determine an appropriate
Mar 17 17:16:42 localhost.localdomain vncserver_wrapper[9516]: font path for this system and restart Xvnc using that font path ...

Firewall setup

For running VNC connection from PrivX there is no need to open VNC dedicated port.

If you want to test VNC connection with an external client, e.g. Remmina:

Run

sudo firewall-cmd --add-port=5901/tcp --permanent
sudo firewall-cmd --reload

Confirm that port 5901 is now open in firewall by executing:

sudo firewall-cmd --list-ports

This should output:

5901/tcp

Did this page help you?