First a little background a few years ago I decided to take an older PC which I have modified to be used as a network attached storage (NAS) and internal web server. I have configured it in the past as a RAID 1 setup with Windows Small Business Server. Recently I have decided to enter the world of Linux and this box will be the first attempt at making a server. I am definitely a n00b in the world of Linux but eager to learn. For this post I will go over how I configured Ubuntu Linux 9.10 for VNC over SSH while using the GDM for graphically logging in to the server.
Need: Since I am new to Linux and still feel more comfortable with a graphical user interface (GUI) it is preferable to be able to use a GUI to administer the server as I did using Windows and their Remote Desktop Connection (RDC) service. My primary needs are to have a headless server that can be maintained via VNC over a SSL secure connection (headless system is a computer that does not have a keyboard, monitor or mouse).
Current configuration:
- x86 system with system hard drive and a RAID 1 storage array
- Running Ubuntu Server 9.10 for 32-bit x86
Software:
After some research on the wonderful resources and forums that the Linux community has, I determined what specific software that will be needed to facilitate this server setup. In order to complete this task the following four packages will be installed:
- Desktop environment: Ubuntu GNOME
- SSH Server
- xinetd
- VNC Server
To operate Virtual Network Computing (VNCW) you will need to install some type of desktop environment, for the purposes of this example, the standard GNOME interface for Ubuntu if you prefer the KDE or XFCE they are also available for Ubuntu. You can look up their install procedures here:
- KDE (https://help.ubuntu.com/community/InstallingKDE)
- Command Line: > sudo apt-get install kubuntu-desktop
- Xfce (https://help.ubuntu.com/community/InstallingXubuntu)
- Command Line: > sudo apt-get install xubuntu-desktop
To enable a secure shell connection for the VNC I installed Open SSH Server for secure port forwarding.
- For more basic description of SSH: Secure ShellW
- More information on VNC over SSH, https://help.ubuntu.com/community/VNCOverSSH
Installation of xinetd will allow for your VNC services to start on startup of your server, proper configuration of VNC for xinetd will be explained later in this tutorial. For more basic description of xinetd: xinetdW
Finally installation of the VNC Server, for the purposes of this demo we will be installing vnc4server.
How to install the necessary software:
Via the command line:
> sudo apt-get update # Update software packages to the most current available in their repositories (this will insure you will have the most up to date software packages from the approved repositories, this does not guarantee that you will have the newest version just the newest approved in their perspective repository.
> sudo apt-get upgrade # Upgrade current software to the newest from the updated repositories
> sudo apt-get install ubuntu-desktop # Install the Desktop Environment
> sudo apt-get install openssh-server # Install openSSH Server
> sudo apt-get install xinetd # Install xinetd
> sudo apt-get install vnc4server # Install VNC Server
> sudo shutdown -r now # Shutdown and restart your system, the system should boot to the GUI
Upon reboot, you can access the command line for further configuration that is outlined below by going to: Applications > Accessories > Terminal
Configure the VNC Server:
First we will run VNC and will set your VNC password, at the command line:
> vnc4server
The output will list your server name and display number “:#”, please note what number is after the colon, this will be used to shutdown the newly opened VNC session before we configure the VNC startup, now we will shutdown VNC server, at the command line:
> vnc4server -kill :#
Just in case we may need the default file we will backup the file .vnc/startup, at the command line:
> cd ~.vnc/ # Go to the correct directory
> sudo cp startup startup.original # Copy startup as startup.original
Now we will edit the file .vnc/startup
Change the file to look like the following, use your preferred text editor (gedit, vi, etc.), via the command line:
> sudo gedit startup # Open Gedit to edit the file .vnc/startup
#!/bin/sh
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
#xsetroot -solid grey
#vncconfig -iconic &
#xterm -geometry 80×24+10+10 -ls -title “$VNCDESKTOP Desktop” &
#twm &
We uncommented the previous file to allow execution of the X11 file xinitrc, and commented out some of the configuration that we will not need, now we will need to make this file executable, at the command line:
> sudo chmod 755 /etc/X11/xinit/xinitrc
References:
- http://www.ehow.com/how_5089245_install-vnc-server-ubuntu.html
- http://www.movingtofreedom.org/2007/02/16/howto-remote-desktop-with-vnc-in-ubuntu-edgy-gnu-linux/
Configuring xinetd:
Create a file called Xvnc in /etc/xinetd.d/Xvnc this file will be initialized to start your VNC service on startup of your computer, at the command line:
> sudo gedit /etc/xinetd.d/Xvnc
Insert the following text in the file, remember to insert the correct number for the display number (#), usually the default ports for VNC start at 5900, where the port corresponds to the display number, i.e. display :0 > 5900, display :1 > 5901, etc:
service Xvnc
{
type = UNLISTED
disable = no
socket_type = stream
protocol = tcp
wait = yes
user = root
server = /usr/bin/Xvnc
server_args = -inetd :1 -query localhost -geometry 1024×768 -depth 16 -once -fp /usr/share/fonts/X11/misc -DisconnectClients=0 -NeverShared passwordFile=/root/.vncpasswd -extension XFIXES
port = 590#
}
Update, Note: Depending on your setup, the ‘server_args’ statement may need to be changed for the passwordFile location, on my setup the root file is located at /root/.vncpasswd, Derek thankfully pointed out that it also could also be located at /root/.vnc/passwd. So please verify where your password file is located and update the Xvnc file accordingly.
We will need to restart xinetd, at the command line:
> sudo /etc/init.d/xinetd restart
GDM and XDMCP:
Next we will configure GDM and XDMCP in Ubuntu 9.10 (Thanks to Mark for figuring this out, http://www.peppertop.com/blog/?p=690)
For Ubuntu 9.10 it appears that there has been significant changes to GDM and XDMCP server.
Copy the sample configuration file, at the command line:
> sudo cp /usr/share/doc/gdm/examples/custom.conf /etc/gdm/
Edit the file and enable the XDMCP, this will allow a login screen for your VNC desktop environment, at the command line:
> sudo gedit /etc/gdm/custom.conf
Find the “[xdmcp]” heading and add “Enable=true” below.
Sample file:
# GDM configuration storage
[xdmcp]
Enable=true
[chooser]
[security]
[debug]
Save and close Gedit
For improved security we will disable how the Ubuntu 9.10 uses the newer GDM because by default they list the users at the login screen, to disable this at the command line:
> sudo -u gdm gconftool-2 -t bool -s /apps/gdm/simple-greeter/disable_user_list true
Reference: http://ubuntuforums.org/showthread.php?t=1344205
Configuring X11 to Operate Without a Monitor:
We will need to configure X11 to operate without a monitor, otherwise after you configure your server and disconnect the monitor the VNC will not function properly due to missing hardware.
Create a file called /etc/X11/xorg.conf and paste the following, at the command line:
> sudo gedit /etc/X11/xorg.conf
Insert the following text in the file:
Section “Device”
Identifier “VNC Device”
Driver “vesa”
EndSection
Section “Screen”
Identifier “VNC Screen”
Device “VNC Device”
Monitor “VNC Monitor”
SubSection “Display”
Modes “1280×1024″
EndSubSection
EndSection
Section “Monitor”
Identifier “VNC Monitor”
HorizSync 30-70
VertRefresh 50-75
EndSection
Reference: http://ubuntuforums.org/showthread.php?t=1297815
Hopefully with a configured xinetd, VNC, XDMCP and installed SSH you can restart your machine and try to VNC into your machine.
VNC Clients:
Mac: Jolly Fast VNC, this VNC viewer allows for SSH configuration
- Website: http://www.jinx.de/JollysFastVNC.html
- Download: http://www.jinx.de/JollysFastVNC_files/JollysFastVNC.0.98.50.%28928701%29.dmg
- SSH Configuration: -L 590#:localhost:590# username@servername.local
Windows: Putty, this VNC viewer allows for SSH configuration
- Website: http://www.chiark.greenend.org.uk/~sgtatham/putty/
- Download: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
- SSH Configuration: -L 590#:localhost:590# username@servername.local
- Tutorial for PuTTY: http://home.chattanooga.net/~john/Putty-Tunnel/putty-tunnel.html
Linux: Vinagre
- Website: http://projects.gnome.org/vinagre/
Ubuntu and other Linux distributions usually have a VNC viewer installed, for this example we will use the preinstalled Remote Desktop Viewer on Ubuntu. We will create a shell script to both create a SSH connection to your headless server and open the VNC viewer for you to select the server and login.
Example script for using SSH and the built in Remote Desktop Viewer/VNC client on Ubuntu, at the command line:
> sudo gedit /home/username/Desktop/VNCtoServer.sh # Create a new file for the shell script on your Desktop
Insert the following text in the file:
#! /bin/bash
# Open Vinagre VNC Viewer and Open SSH Tunnel to Server for VNC
vinagre & ssh -L 590#:localhost:590# username@servername.local cat – &
exit 0
Save file and close Gedit
> sudo chmod 775 /home/username/Desktop/VNCtoServer.sh # This will make the shell script file executable
You can now run this script every time you want to VNC into your server.
Linux: TightVNC
- Website: http://www.tightvnc.com/
- Tutorial for TightVNC and SSH: http://ubuntu-tutorials.com/2007/06/12/vnc-over-ssh-securing-the-remote-desktop/
To install, at the command line:
> sudo apt-get install xtightvncviewer # Install tightvnc client
For convenience I created a launcher for TightVNC to load with the SSH client, for the Command Field for the launcher: vncviewer -via username@servername.local localhost:590#
I hope this helps, Enjoy!
Thanks for this how-to. I have been looking a long time for just such a “recipe” that puts all the steps together in one place. Nicely done.
Where I work, I am in the process of assembling a datacenter using Ubuntu 9.10 (and eventually the next LTS version) with the servers running KVM as the hypervisor. So far, the KVM vm’s I have built (BSD, W2k/3/8, Ubuntu Linux) have been very stable. Having little funding has predicated the adoption of KVM and so far this part looks pretty solid.
Using vino and vinagre to manage the servers has been a bit lack-luster so to speak. I can’t wait to uninstall them after the rebuild. What I wanted to do was have headless KVM hosts and I think you have given me the missing piece. I plan to rebuild one of my hosting nodes to these specifications, test the remote capabilities,load KVM, reload a vm. and see how it works. With the ssl configured, I should be able to have a single control point using the KVM management gui. At least that is the plan
Being a bit of a linux noob so to speak, I’ve cut my I.T. teeth on Windoze, and developed a profound aversion to being price gouged by MS, VMWare and Citrix and found Linux to be just what we need as our base platform. So, thanks again.
Thanks again
Gerald Dickinson
Texas Real Estate Commission
Hi Gerald,
You’re welcome. I had to piece information together from the forums and older blog posts for different versions of Ubuntu. I am always worried how things will break as I upgrade to the newest distribution. I will also likely settle on their next LTS when it is released. Hopefully the configuration will work without any issues on your headless systems.
I was using Windows and their RDC to administer our data storage servers, but with running a small business it was beginning to get costly with all the software upgrades and worse the supporting software costs. Then the inevitable with each version of software requiring upgrades in hardware. So jumping into the world of open source hopefully it will allow for longer use of hardware and minimal maintenance in time! Next I’ll be looking into OpenVPN to see if it will lower costs there???
Thank you for stopping by my small blog. I truly appreciate the kind words!
- Scott Yee
Hi. I just thought I’d mention that I’ve updated the blog post you link to above to recommend also adding “DisplaysPerHost=2″ to the GDM config file. It might be that this isn’t necessary when using a VNC connection (I’ve just been looking at straight XDMCP connections), but if you find that you can’t log out then in again without restarting GDM, this might be the fix you need.
Thanks Mark!!
passwordFile=/root/.vncpasswd
What is the file /root/.vncpasswd? How do I create it?
I can’t log in:
dereks@dereks-laptop:~$ vncviewer -via dereks@server localhost:5901
Connected to RFB server, using protocol version 3.8
Performing standard VNC authentication
Password:
No password configured for VNC Auth
dereks@dereks-laptop:~$
I found the problem, there is a missing / character. It should be:
/root/.vnc/passwd
…in the step where you “gedit /etc/xinetd.d/Xvn”.
Also, if you cut and paste from this web page, the quotes (“) will get pasted as directional quotes ( “ and ” ) and that will cause X to fail to launch. So make sure to manually use the ” character.
Thanks for writing this up, it was a big help.
Derek, Thank you for the information on the quotes and the correction. I was wondering which VNC server are you using? For more information on setting the VNC password: http://linux.die.net/man/1/vncpasswd, especially if you want to set different passwords for different users. The tutorial I wrote was mostly for my home box so basically everything was for root (I know not always the best security).
Thanks again!
Thank you for this guide. Works like a charm on ubuntu 9.10 for me.
Scott,
I used vnc4server, just like your tutorial. The problem is simply a typo in your article. You have us create a VNC password file as root, which gets created at /root/.vnc/passwd, but in your example file “/etc/xinetd.d/Xvnc” you have a missing forward-slash. It says /root/.vncpasswd instead of /root/.vnc/passwd.
My next post will show an alternate setup.
The configuration described above will only allow one user to connect at a time. It will also allow you to resume sessions; i.e., to open a bunch of programs, disconnect, and then reconnect later (with all those same apps still open). If you leave a VNC session running, then the only thing keeping a user from seeing your desktop (and launching a shell as you) will be the VNC password.
But here is an alternate configuration. In this example, many different users can connect with VNC and login concurrently. Each user will have a private VNC session (not a shared session). And when the user logs out, their VNC session will be closed and their Gnome session will be killed. This is useful if you need a VNC server that can provide Linux desktops to many different people at the same time.
First, note that (unlike Scott’s example above) there is no VNC password. Instead, users must log in each time using their GDM (system account) login. Also, in this setup, VNC gets run as user “nobody” instead of user “root”. (However, when the VNC client user logs in to GDM, they will be acting as the user account they logged in with.)
To set up this multi-user access, the only change from the tutorial above is in the file “/etc/xinetd.d/Xvnc”.
Here is the new version of “/etc/xinetd.d/Xvnc” (for multiple, concurrent user logins):
{
type = UNLISTED
disable = no
socket_type = stream
protocol = tcp
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -geometry 1024×768 -depth 16 -once -fp /usr/share/fonts/X11/misc -NeverShared -SecurityTypes None -extension XFIXES
port = 7900
}
The key differences are:
wait = no
user = nobody
server_args = [...snip...] -SecurityTypes None
Finally, on my VNC desktop server I also run virtual machines using Virt-Manager, libvirtd, and KVM. By default that will use VNC on ports 5900, 5901, 5902, etc. for Virtual Machine terminals. That will conflict is you also try to use those ports for VNC GDM logins.
To avoid a conflict between my Virtual Machine terminals and my GDM VNC logins, I cranked up my VNC port to 7900. That means I’d need to start two thousand Virtual Machines before I’d see a port conflict.
Forgot to mention: If you have many users using a VNC desktop server, you probably want to prevent them from being able to shut down the computer. See “Security Issues” at http://homepage.ntlworld.com/daniel.rigal/xdmvnc.html
Derek, thanks for the comments, I’ve been wanting to look into security issues next on my box setup.
Great stuff, liked this post!
Great guide. I have tried to use it to setup xubuntu desktop. I think I have done everything but I can’t get the GUI interface xfce to work on the server it says
Fatal server error: no screens found
xinit: No such file or directory (errno 2): unable to connect to X server
xinit: No such process (errno 3): Server error.
Any idea of what I can try?
Hi John,
Hmmm, I’ve never performed a full xfce install, but after some searching, there are a few things you can try to maybe fix this error. I’ve seen a few forum posts that state that you will need to make sure that xserver is installed, try the command “sudo apt-get install xserver-xorg”
Also you may want to verify the permissions and ownership of xserver, you may want to try,
sudo chmod a+s /usr/bin/X /usr/bin/Xorg
References:
– http://www.linuxquestions.org/questions/linux-software-2/xinit-x-problem-237498/
– https://help.ubuntu.com/community/XineramaHowTo
I hope this helps.
- Scott