For some reason, I had a hell of a time finding good documentation regarding this simple subject matter, so here you go:
If you want merely to view VNC sessions on another system, install the tigervnc package.
If you want to run a VNC server on your system so that you can connect to it from other systems, you may choose to install only the tigervnc-server-minimal package or both it and the tigervnc-server package, which depends and builds on the minimal package. The former package contains these files:
$ rpm -q --filesbypkg tigervnc-server-minimal tigervnc-server-minimal /usr/bin/Xvnc tigervnc-server-minimal /usr/bin/vncconfig tigervnc-server-minimal /usr/bin/vncpasswd tigervnc-server-minimal /usr/share/man/man1/Xvnc.1.gz tigervnc-server-minimal /usr/share/man/man1/vncconfig.1.gz tigervnc-server-minimal /usr/share/man/man1/vncpasswd.1.gz
The latter adds:
$ rpm -q --filesbypkg tigervnc-server tigervnc-server /etc/sysconfig/vncservers tigervnc-server /usr/bin/vncserver tigervnc-server /usr/bin/x0vncserver tigervnc-server /usr/lib/systemd/system/vncserver@.service tigervnc-server /usr/share/man/man1/vncserver.1.gz tigervnc-server /usr/share/man/man1/x0vncserver.1.gz
If you’re reading this guide, you will definitely want to install the tigervnc-server package. Here’s a quick breakdown of the contents:
- The Xvnc file provided in the tigervnc-server-minimal package is the actual server software.
- The vncconfig file is a helper aqpplication for Xvnc which is used to configure and control a running instance of Xvnc.
- The vncpasswd file allows the user to create a password file (in $HOME/.vnc/passwd by default) which can then be used by Xvnc to authenticate users based on the password file provided.
- The vncservers file simply points to the new vncserver@.service file used by systemd.
- The vncserver@.service file is a template systemd service unit file which can be quickly modified by the user and placed in the /etc/systemd/system/ directory to cause the vncserver application to start automatically when the system enters the multi-user.target.
- This will start a separate desktop to which one might connect using a VNC client – to learn how to share your current desktop instance (the one you use at your physical desk), see the x0vncserver entry below and later the superior tigervnc-server-module solution.
- The vncserver binary file is a helper application which takes a simplified list of parameters and uses vncconfig and Xvnc to launch an instance of the VNC server more easily and conveniently than requiring the user to manually use vncconfig and Xvnc.
- The x0vncserver binary is an application which can be used to share the current X session (session 0) by leveraging XDamage to scrape the screen contents of X session 0 at a specified interval and present them via VNC.
- This had worked for me up until very recently where it may be the case that firegl (the proprietary AMD Catalyst driver) is preventing its functioning – when I remotely connect to a VNC server spawned by x0vncserver, I receive the first screen draw but it is frozen until I manually refresh the screen (though it does respond to interaction between refreshes). I now use the module described later.
So, once you have installed tigervnc-server, it is simple to set up once you know what you’re doing (which is not readily understood by the available documentation, if you ask me).
If you’d like to start a vncserver instance automatically, you may follow the instructions at the top of the vncserver@.service file (just open it with vim and follow the directions). Don’t forget to enable it (systemctl enable vncserver@.service) and start it (systemctl start vncserver@.service) as your intentions may require. If you do want this to happen, I recommend instead employing the tigervnc-server-module I will explain below.
First, ensure that your configuration files for the vncserver binary are in order. If you’re using GNOME, you should be fine. However, I use KDE on account of the current AMD Catalyst driver limitations, so I needed to ensure that vncserver starts a KDM/KDE session and not a GDM/GNOME session. This required me to track down the following configuration file chain:
- $HOME/.vnc/xstartup executes /etc/X11/xinit/xinitrc
- /etc/X11/xinit/xinitrc executes /etc/X11/xinit/Xclients
- /etc/X11/xinit/Xclients references /etc/sysconfig/desktop
- If /etc/sysconfig/desktop exists and directs the system to run a particular desktop environment, then it will. Otherwise, Fedora 21’s Xclients file runs GNOME. If GNOME is not installed, KDE is attempted, and then LXDE.
I happen to have GNOME installed, so I need to create /etc/sysconfig/desktop and modify its contents to be:
To start up a vncserver instance, simply execute the vncserver binary like so:
vncserver :1 -geometry 1920X1080
You can check the man page for other options, but defining the display (: and a number) and the resolution should suffice for most uses. Just make sure the resolution lines up with the system you’ll be using to view this desktop.
Once the command succeeds, you can check on the server instances currently in operation with:
And you can kill them off with syntax such as:
vncserver -kill :1
And that’s about it! Mega-simple. However, my guess is that you’ll want a workstation which you can remotely access in the condition in which you left it. For that, you could use:
That will share your current desktop at its current resolution, etc., as display 0. It can be killed with vncserver -kill :0.
But I recommend that you use the tigervnc-server-module, which I explain below, but for those who don’t want to follow us there yet, here’s how to connect to your new server:
Connecting to tigervnc-server on Fedora 21 Workstation
Unless otherwise specified, the vncserver displays pop up on ports 59XX, where each display value fills in the XXs. So, a server instance started with x0vncserver would be shared on port 5900 by default. A server instance started with vncserver :1 would be on port 5901, and so on. You could modify your firewalld configuration to include the vnc-server service and that will open up ports 5900 through 5903 for your use. You could also manually add the ports as you feel appropriate.
I prefer, however, to simply use SSH port forwarding to connect to the system first over port 22 and then use the sshd server to proxy port 5900 on my client system to locahost:5900 on the server system. If you need a primer on SSH port forwarding, see my post on that subject. This way, you don’t have to expose your VNC server to the network directly, and you limit your attack surface. Plus, you get the added bonus of relying on historically solid SSH encryption and the portability of the SSH protocol rather than TigerVNC encryption extensions.
So this is the better way to automatically share your current X session via TigerVNC. I don’t know why it isn’t well advertised or documented (maybe my Google skills are failing me?) but this package provides:
$ rpm -q --filesbypkg tigervnc-server-module tigervnc-server-module /etc/X11/xorg.conf.d/10-libvnc.conf tigervnc-server-module /usr/lib64/xorg/modules/extensions/libvnc.so
The 10-libvnc.conf file is a template which can have its comments removed to provide the functionality I am about to explain if your system will work with the defaults (mine would not on account of the AMD Catalyst driver). I recommend modifying the /etc/X11/xorg.conf file yourself or modifying the 10-libvnc.conf file based on the contents of the xorg.conf file as I explain below.
The libvnc.so module can be loaded by X when your system boots. I run the AMD Catalyst driver, so my xorg.conf file looks like this:
Section "ServerLayout" Identifier "aticonfig Layout" Screen 0 "aticonfig-Screen-0" 0 0 EndSection Section "Module" EndSection Section "Monitor" Identifier "aticonfig-Monitor-0" Option "VendorName" "ATI Proprietary Driver" Option "ModelName" "Generic Autodetecting Monitor" Option "DPMS" "true" EndSection Section "Device" Identifier "aticonfig-Device-0" Driver "fglrx" BusID "PCI:0:1:0" EndSection Section "Screen" Identifier "aticonfig-Screen-0" Device "aticonfig-Device-0" Monitor "aticonfig-Monitor-0" DefaultDepth 24 SubSection "Display" Viewport 0 0 Depth 24 EndSubSection EndSection
I need to add a line to the Module section to load the vnc module. I then need to add options to my Screen section to allow the vnc module to work properly. If you’re bad at remembering what changes you apply to a file, feel free to copy the current xorg.conf to another location as a backup. The new xorg.conf file looks like so:
Section "ServerLayout" Identifier "aticonfig Layout" Screen 0 "aticonfig-Screen-0" 0 0 EndSection Section "Module" Load "vnc" EndSection Section "Monitor" Identifier "aticonfig-Monitor-0" Option "VendorName" "ATI Proprietary Driver" Option "ModelName" "Generic Autodetecting Monitor" Option "DPMS" "true" EndSection Section "Device" Identifier "aticonfig-Device-0" Driver "fglrx" BusID "PCI:0:1:0" EndSection Section "Screen" Identifier "aticonfig-Screen-0" Device "aticonfig-Device-0" Monitor "aticonfig-Monitor-0" DefaultDepth 24 SubSection "Display" Viewport 0 0 Depth 24 EndSubSection Option "SecurityTypes" "VncAuth" Option "UserPasswdVerifier" "VncAuth" Option "PasswordFile" "/home/myaccount/.vnc/passwd" EndSection
The added lines being:
Load "vnc" ... Option "SecurityTypes" "VncAuth" Option "UserPasswdVerifier" "VncAuth" Option "PasswordFile" "/home/myuser/.vnc/passwd"
If this is successful, you should be able to reboot your system (or simply sudo systemctl isolate graphical.target) and note:
$ sudo netstat -luntap | grep 59 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 1355/Xorg.bin
Your X server started up a VNC server instance for you! And it’s the exact same session that you’re using right now. Try connecting to it and enjoy!
If this was unsuccessful, you will probably be faced with a dark, cold black screen when you reboot. Try using Ctrl+Alt+F2 to reach a terminal, log in, and cat /var/log/Xorg.0.log to see what’s going on. Try searching for “vnc” if you are unsure of where to look, but the log does tell you pretty plainly what has happened, usually. If it’s a syntax error in your xorg.conf file, try figuring it out, but if you can’t, revert your changes or restore the backup file you may have made as suggested above, and I’d be glad to work on it with you.