UbuntuHelp:VNC/Servers

文章出处:

https://help.ubuntu.com/community/VNC/Servers

点击翻译:

English

请不要直接编辑翻译本页，本页将定期与来源同步。

Parent page: Internet and Networking >> VNC

Introduction

A VNC server is a program that shares a desktop with other computers over the Internet. You will need a VNC server if you want other people to see your desktop. Every VNC server has different strengths and weaknesses and is appropriate for different uses. This page will discuss each of the VNC servers available in Ubuntu, and ways to configure them for most common uses of VNC.

Common security options

The most important thing when setting up a VNC server is to only let the right people access your desktop. The safest way to do that is usually to have someone sitting at the desktop deciding who gets to use it, but that's not always practical - for example, if you want to log in to your own computer from somewhere else. If you want to confirm each connection manually, you should look for these options:

• Request access each time - pop a window up asking whether to allow each connection as it comes in
• view-only access - allow VNC clients to view the destkop, but not to change anything. As well adding a little security, this avoids problems with both of you fighting over control of the mouse

Using these two options will give you the most security. Requesting access each time will ensure that nobody can connect without you noticing, and view-only access will mean that they can't change anything without asking you to do it for them. If you want to access your desktop when nobody is sitting at it, these options will be more useful:

• Only allow local connections - only let people connect if they already have access to your computer
• Start your VNC server in "once" mode - tell your VNC server to allow one connection, then block anything after that
• Set a password - require people to send a password before they can connect

These three options should give you a secure set-up, so long as they're used with port-forwarding. Only allowing local connections means that only people with user accounts on your computer can access your desktop. Starting the server in "once" mode means that people with user accounts on your computer would have to log in to your desktop between the time you start your VNC server and the time you connect from your VNC client. Setting a password means that, if anyone did try to connect in that brief interval, they probably wouldn't be able to get in before you noticed and stopped the server. Although passwords add some security, hard-to-guess passwords are as difficult to create as they are to remember. If nobody else has access to your computer, you might want to skip passwords altogether. Note: you must set a password if you want to use the in-built VNC client in Mac OS X.

vino

Vino is the default VNC server in Ubuntu to share your existing desktop with other users. If you are using Ubuntu 8.04 LTS (Hardy Heron), you will probably need to install another server because of a known bug that stops vino working for most people. To configure vino from within GNOME, go to System > Preferences > Remote Desktop

• To set vino to request access each time, tick Allow other users to view your desktop in the Remote Desktop configuration window
• There's no way to set vino to only listen for the next connection
• To set a password, tick Require the user to enter this password:, and enter a hard-to-guess password
• To put vino in view-only mode, untick Allow other users to control your desktop
• To only allow local connections,<
  >

In versions up to Ubuntu 8.10 ("Intrepid Ibex"): click on the tab marked Advanced, then tick Only allow local connections<
> In Ubuntu 9.04 ("Jaunty Jackalope") and newer: press `alt-f2` to open the "run application" window, then type in `gconftool -s /desktop/gnome/remote_access/network_interface lo --type string` and click Run

• To allow connections from anywhere,<
  >

In versions up to Ubuntu 8.10 ("Intrepid Ibex"): click on the tab marked Advanced, then untick Only allow local connections<
> In Ubuntu 9.04 ("Jaunty Jackalope") and newer: press `alt-f2` to open the "run application" window, then type in `gconftool -u /desktop/gnome/remote_access/network_interface` and click Run

krfb

Krfb is the default VNC server in Kubuntu, and is recommended for KDE users. Because it's highly integrated with KDE, running it in other environments is difficult. To configure krfb, go to System Settings > Sharing > Desktop Sharing > Configure....

• To set krfb to request access each time, tick Confirm uninvited connections before accepting
• There's no official way to set krfb to only listen for the next connection, although see below for an unofficial solution
• To set a password, type a hard-to-guess password into the Password input box
• To put krfb in view-only mode, untick Allow uninvited connections to control the desktop
• There's no official way to only allow local connections, although see below for an unofficial solution

Once mode

Krfb doesn't have any official way to accept the next connection then stop listening for connection attempts. However, the following Python script will listen for a single connection then exit krfb:

#!python numbers=off
#!/usr/bin/python

# Load extra functionality from the 'socket' and 'os' modules
from socket import socket, AF_INET, SOCK_STREAM
from os import execl

# Listen for a connection
server = socket(AF_INET, SOCK_STREAM) # This is an Internet (TCP) connection
server.bind(('127.0.0.1', 5900))      # Listen for a local connection on port 5,900
server.listen(1)                      # Listen for exactly 1 connection
sock = server.accept()[0]             # Accept the connection

# Attach krfb to this connection
execl('/usr/bin/krfb', 'krfb', '--kinetd', str(sock.fileno()))

To use this script, open your favourite text editor and paste the contents in. Make sure that the initial '#' character is the very first character in the file, save the file as krfb.py, and set the file's permissions to make it executable. Although this simple program won't open a window of any kind, it will quietly wait for the next VNC client to connect to your computer, then pass the connection through to krfb. This script will only listen for local connections. To allow connections from anywhere, change `127.0.0.1` to `0.0.0.0` in the script.

Invitations

Krfb lets you create "invitations" - individual passwords that are deactivated after an hour or after one use. These are a handy way of giving people one-time access to a computer, but only provide limited security. For example, if you send someone an invitation by e-mail or instant messaging, an attacker could read your invitation message as it went over the Internet and use it to log in. Invitations can be useful when you want to let other people view your desktop, but you still need to follow the normal precautions when letting other people view your desktop.

x11vnc

X11vnc is a VNC server that doesn't depend on GNOME or KDE, and is recommended for use by Xubuntu users. It's designed to be run from the command-line, which makes it flexible but difficult to learn. The few graphical parts of the interface are quite unattractive, because they're designed to work even on a very minimal installation. X11vnc is available in the x11vnc package in the Universe repository. Although x11vnc does have a simple configuration file, it's generally easier to specify options on the command-line. To start x11vnc, type:

x11vnc -safer <options>

<options> is a series of commands separated by spaces. X11vnc has a lot of options, which are discussed fully in the x11vnc man page. Common options include:

• To set x11vnc to request access each time, include the -nopw -accept popup:0 options
• To set x11vnc to only listen for the next connection, include the -once option
• To set x11vnc to continually listen for connections, include the -forever option
• To set a password, include the -usepw option (and remove the -nopw option above)
• To put x11vnc in view-only mode, include the -viewonly option
• To set x11vnc to only allow local connections, include the -localhost option

For example, if you want x11vnc to grant view-only access to the next local connection after asking your permission, type this on the command-line:

x11vnc -safer -localhost -nopw -accept popup:0 -once -viewonly -display :0

If you use a password, you will first need to create a password file by doing:

x11vnc -storepasswd

Make sure to use a hard-to-guess password <<Anchor(x11vnc-before-login)>>

Connecting to your login screen

Because X11vnc is run from the command-line, it can be started while your computer is still showing a login screen. Exactly how to do this depends on which derivative of Ubuntu you use. In Ubuntu (but not Kubuntu or Xubuntu), x11vnc needs superuser access, and needs the ` -auth /var/lib/gdm/:0.Xauth -display :0` options to be specified on the command-line. You will also need superuser access to edit your `/etc/gdm/gdm.conf-custom` file, to stop your computer from closing your VNC session after you've typed your username and password. To edit `/etc/gdm/gdm.conf-custom`, type the following on a command-line:

sudo gedit /etc/gdm/gdm.conf-custom

Add the following under the "[daemon]" heading:

#to get remote vnc to not die after login
KillInitClients=false

Restart gdm to pick up the change with:

sudo /etc/init.d/gdm restart

Then you can run x11vnc before you've logged in by typing something like this:

sudo x11vnc -safer -localhost -once -nopw -auth /var/lib/gdm/:0.Xauth -display :0

(Thanks to the x11vnc FAQ for this tip)

1. == vnc4server ==
3. RealVNC server
5. This has been commented out, because it's not obvious what benefits Xvnc provides over x11vnc

tightvncserver

Whereas most VNC servers share your desktop, tightvnc creates a completely new desktop, not attached to any actual screen. This makes it much less useful for some things (like remote help), but much more useful for others (like creating a public area for collaboration). If tightvncserver won't start, you might need to uncomment the `$fontpath` lines in `/etc/vnc.conf`. Like x11vnc, tightvnc is designed to be run from the command-line. To start it, type:

tightvncserver -nolisten tcp :1

This will tell tightvnc to listen for VNC connections on port 5,901 from anywhere on the Internet. Without the -nolisten tcp option, tightvnc will also listen for a different type of connection (X11 instead of VNC), which isn't usually very useful. Tightvnc's unusual design means that it can't create a remote desktop on the standard VNC port (5,900) if you have an ordinary desktop running on your computer.

• There's no way to set tightvncserver to request access each time
• There's no way to set tightvncserver only to accept the next connection, although see below for a similar solution
• Tightvncserver always requires a password, and will ask you to specify one the first time it's run
• There's no way to put tightvncserver in view-only mode
• To set tightvncserver to only allow local connections, include the -localhost option

Once mode

Tightvncserver can't be set to accept the next connection then stop listening for connection attempts. But it can be set to automatically disconnect each client when the next client connects, and can be stopped after your connection is disconnected. To only allow local connections and automatically disconnect clients, start tightvnc by typing:

tightvncserver -nolisten tcp -localhost -nevershared :1

Then when your client is disconnected by the next client connecting, type:

tightvncserver -kill :1

Customising your session

By default, tightvncserver provides a session with a simple window manager and a terminal. The first time tightvncserver runs, it creates a `~/.vnc/xstartup` file that you can use to customise your session. Here is an example file that would give you a GNOME desktop:

#!python numbers=off
#!/bin/sh

# Change "GNOME" to "KDE" for a KDE desktop, or "" for a generic desktop
MODE="GNOME"

#Uncommment this line if using Gnome and your keyboard mappings are incorrect.
#export XKL_XMODMAP_DISABLE=1

# Load X resources (if any)
if [ -e "$HOME/.Xresources" ]
then
        xrdb "$HOME/.Xresources"
fi

# Try a GNOME session, or fall back to KDE
if [ "GNOME" = "$MODE" ]
then
        if which gnome-session >/dev/null
        then
                gnome-session &
        else
                MODE="KDE"
        fi
fi

# Try a KDE session, or fall back to generic
if [ "KDE" = "$MODE" ]
then
        if which startkde >/dev/null
        then
                startkde &
        else
                MODE=""
        fi
fi

# Run a generic session
if [ -z "$MODE" ]
then
        xsetroot -solid "#DAB082"
        x-terminal-emulator -geometry "80x24+10+10" -ls -title "$VNCDESKTOP Desktop" &
        x-window-manager &
fi

Your changes will take effect the next time you start tightvncserver.

Similar applications

• GNU Screen allows you to open, share, disconnect, and later return to a text-based terminal
• directvnc is a VNC server that shares a Linux framebuffer instead of a desktop
• linuxvnc is a VNC server that shares a text-based console instead of a desktop
• xrdp is a server for Microsoft's Remote Desktop protocol, a client for which comes with all modern versions of Windows
• xserver-xephyr allows you to create a desktop within a desktop on a single computer
• Apple Remote Desktop is a desktop sharing application for Mac OS that includes a VNC server

Troubleshooting

Having Compiz enabled may interrupt screen updates with some servers and clients. Using -noxdamage with x11vnc can prevent this.