“UbuntuHelp:VNC”的版本间的差异
来自Ubuntu中文
小 |
小 |
||
| 第1行: | 第1行: | ||
{{From|https://help.ubuntu.com/community/VNC}} | {{From|https://help.ubuntu.com/community/VNC}} | ||
{{Languages|UbuntuHelp:VNC}} | {{Languages|UbuntuHelp:VNC}} | ||
| − | + | <<Include(Tag/TooLong)>> | |
| − | VNC | + | VNC is a protocol that allows a desktop to be viewed and controlled remotely over the Internet. To use VNC, you need to run a '''VNC server''' on the computer sharing a destkop, and a '''VNC client''' on the computer accessing the shared desktop. VNC is a widely useful tool, although you'll need to do some work to set it up for your particular use case. |
| − | + | This page will discuss some common uses for VNC, present programs you can use to solve your particular problem, and then guide you through some example scenarios. You may want to [[UbuntuHelp:[guide|skip straight to the examples]]]. | |
| − | + | == Common uses == | |
| − | VNC | + | The two most common uses for VNC are to control your own desktop from another computer and to let other people view your desktop while you're sitting at it. |
| − | VNC | + | === Accessing your desktop over the Internet === |
| − | + | Although VNC has some optional security features, you should not run VNC directly over an untrusted network like the Internet. Instead, you should set an SSH server up as discussed in the [[UbuntuHelp:SSHHowto|SSH guide]] and configure a VNC server that you can start in so-called '''once''' mode, as described below. When you have set up your SSH and VNC servers, you can use SSH to log in to your computer over the Internet, start your VNC server, and use [[UbuntuHelp:[port-forwarding|port-forwarding]]] to securely access the VNC server. | |
| − | + | <<Anchor(let-other-people)>> | |
| − | + | === Let other people view your desktop === | |
| − | + | At present, there is no easy, secure way of making your desktop available to others over the Internet. However, an application called [https://launchpad.net/remote-help-assistant Remote Help Assistant] is being developed to fill this gap, and needs unskilled volunteers to help test new versions. Contributing there might be the best use of your time, especially if you're not technically adept enough to reconfigure your system. | |
| − | + | If a small group of people regularly want to access your desktop, the best solution might be to [[UbuntuHelp:SSHHowto|set an SSH server up]], then add their public keys to your '''authorized_keys''' file, with very limited rights. As [[UbuntuHelp:SSHHowto#public-key-auth|discussed]] in the SSH guide, you can limit the SSH features that each public key can use - typically, a user that should only have VNC access would have a line like the following in '''authorized_keys''': | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | You may | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | == | + | |
| − | + | ||
| − | === | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | < | + | |
| − | === | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | ''' | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | ''' | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | + | command="/bin/sleep 4294967295":no-agent-forwarding:no-pty:no-user-rc:no-X11-forwarding:permitopen="localhost:5900" <public key> | |
| − | + | ||
| − | + | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | + | This will allow the specified person to log in to your computer using your username and their public key instead of your password. The long list of ''no-xyz'' statements disallow them from doing just about anything except connect to a VNC server. | |
| + | Because the Internet is a high speed public network, an attacker anywhere in the world could connect to an unsecured VNC server and start guessing passwords at a rate of thousands per minute. Even if they couldn't guess your password, they could snoop on the VNC session much like someone in an Internet cafe might peer over your shoulder. If securing your connection is not an option, it's possible to provide an unsecured VNC connection with a fairly low risk of disaster, so long as you follow three basic safety precautions: | ||
| + | * only allow the other person to view your desktop, '''not''' to control it | ||
| + | * tell your VNC server to request permission before allowing anyone to see your desktop | ||
| + | * don't do anything that you wouldn't do in an Internet cafe | ||
| + | If you're not comfortable with the risks, and the secure options discussed above aren't appropriate, you might be able to [[UbuntuWiki:TakingScreenshots|take|screenshots]] instead, and send them to the other person. | ||
| + | Whichever of the above techniques you use, you might find that you can connect to your VNC server from computers on your local network, but that other people can't connect to your server over the Internet. If that happens, you might need to [[UbuntuHelp:ServersBehindNAT|reconfigure your router]]. | ||
| + | <<Anchor(port-forwarding)>> | ||
| + | === SSH port-forwarding === | ||
| + | SSH has a feature called '''local port forwarding''' that allows programs on a computer running an SSH client to transparently connect to servers over the SSH connection. This works by setting up a dummy server on the computer running the SSH client (the '''local''' computer) that sends everything it hears ('''forward'''s it) to a real server on the other side of the SSH connection. | ||
| + | It's called '''port''' forwarding because different types of server listen on virtual "ports", a bit like USB ports on the back of your computer. Like with USB, any server can be plugged in to any port; but unlike USB, ports are numbered and there are strong conventions about which port you're supposed to use for which server. The convention for VNC servers is to listen on port numbers starting at 5,900 - so a computer that shared three different desktops would normally listen on ports 5,900, 5,901 and 5,902. | ||
| + | Port-forwarding is a widely useful technique that is supported in all major SSH clients, although you will have to consult your client's documentation to find out exactly how your client does it. The command-line ssh client uses the '''-L''' option, so if you typed this for example: | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | + | ssh -L 5900:localhost:5900 joe@laptop | |
</nowiki></pre> | </nowiki></pre> | ||
| − | ''' | + | you would log in to Joe's laptop and forward his shared desktop to your computer. You could then start your VNC client and connect to port 5900 on your computer to see his shared desktop. ''5900:localhost:5900'' means ''start a dummy server on port 5,900 on this computer, and forward it to port 5,900 on the computer that Joe's laptop calls "localhost"''. The word "localhost" is the computer equivalent of the word "yourself", so the SSH server on Joe's laptop will think you mean Joe's laptop when you tell it to connect to "localhost" port 5900, but a VNC client on your computer will think you mean your computer when you tell it to connect to "localhost" port 5900. |
| − | + | <<Anchor(vnc-clients)>> | |
| − | < | + | == VNC Clients == |
| − | < | + | A VNC client lets you connect to a desktop that's been shared on another computer. Excellent VNC clients are available for every major Linux distribution and other operating system. Some popular clients include: |
| − | + | * [[UbuntuHelp:Vinagre]] is the remote desktop viewer that comes by default with Ubuntu | |
| − | * | + | * krdc is the standard KDE client, and can also act as a Windows Terminal Services client |
| − | < | + | * xvnc4viewer is a simplistic client recommended for Xubuntu users.<<BR>> |
| − | + | xvnc4viewer is available in the Universe repository | |
| − | * | + | * xtightvncviewer is a simplistic client recommended for use with tightvncserver<<BR>> |
| − | === | + | xtightvncviewer is available in the Universe repository |
| − | + | * [http://sourceforge.net/projects/cotvnc/ Chicken of the VNC] is a popular VNC client for Mac OS X<<BR>> | |
| − | ''' | + | Other Mac clients can be found on [http://www.apple.com/downloads/macosx/networking_security/ Apple's website] |
| − | + | * [http://www.tightvnc.com/ TightVNC] has a Windows version available | |
| − | + | * TightVNC Java client is a multiplatform Java client that can run in a web browser<<BR>> | |
| − | + | If you can't install software on the machine you'll log in from, you can make this available through a web server. It's available in the vnc-java package in the Multiverse repository | |
| − | ''' | + | {|border="1" cellspacing="0" |
| − | + | |{{https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconTip.png%7D%7D%7C%7CIf you accidentally display the remote desktop fullscreen, try pressing ''F8'' or ''F11'' to exit. | |
| − | + | |} | |
| − | + | To connect a VNC client to a VNC server, you need to know the name or the IP address of the computer you'll connect to, and the port or display number of its VNC server. By convention, port numbers start at 5,900 and go up, so a computer that shared three different desktops would normally listen on ports 5,900, 5,901 and 5,902. Display numbers use the 5,900 convention to try to make things easier - port number 5,900 is display number :0, port number 5,901 is display number :1, and so on. | |
| − | + | === Similar applications === | |
| − | + | * [https://launchpad.net/remote-help-assistant Remote Help Assistant] is an application being developed to make it easier to securely acces a VNC server | |
| − | + | * '''rdesktop''' is a client for Windows Terminal Services, available in the Main repository | |
| − | + | * '''qtnx''' is an [http://en.wikipedia.org/wiki/NX_technology NX] client for KDE, available in the Universe repository | |
| − | + | == VNC Servers == | |
| − | + | A VNC server is a program that shares a desktop with other computers over the Internet. You will need a VNC server if you want other people to see your desktop. Every VNC server has different strengths and weaknesses and is appropriate for different uses. This section will discuss each of the VNC servers available in Ubuntu, and ways to configure them for most common uses of VNC. | |
| − | + | The most important thing when setting up a VNC server is to only let the right people access your desktop. The safest way to do that is usually to have someone sitting at the desktop deciding who gets to use it, but that's not always practical - for example, if you want to log in to your own computer from somewhere else. | |
| − | + | If you want to confirm each connection manually, you should look for these options: | |
| − | + | * '''Request access each time''' - pop a window up asking whether to allow each connection as it comes in. | |
| − | / | + | * '''view-only access''' - allow VNC clients to view the destkop, but not to change anything. As well adding a little security, this avoids problems with both of you fighting over control of the mouse. |
| − | + | If you want to access your desktop when nobody is sitting at it, these options will be more useful: | |
| − | + | * '''Only allow local connections''' - only let people connect if they already have access to your computer. | |
| − | + | * '''Start your VNC server in "once" mode''' - tell your VNC server to allow one connection, then block anything after that | |
| − | * | + | * '''Set a password''' - require people to send a password before they can connect. |
| − | '' | + | These options should give you a secure set-up, so long as they're used with [[UbuntuHelp:[port-forwarding|port-forwarding]]], as discussed above. Only allowing local connections means that only people with user accounts on your computer can access your desktop. Starting the server in "once" mode means that people with user accounts on your computer would have to log in to your desktop between the time you start your VNC server and the time you connect from your VNC client. Setting a password means that, if anyone did try to connect in that brief interval, they probably wouldn't be able to get in before you noticed and stopped the server. |
| − | + | Although passwords add some security, [[UbuntuHelp:StrongPasswords|hard-to-guess passwords]] are as difficult to create as they are to remember. If nobody else has access to your computer, you might want to skip passwords altogether. | |
| − | + | === Vino === | |
| − | + | Vino is the default VNC server in Ubuntu to share your existing desktop with other users. Unfortunately, a [https://bugs.launchpad.net/ubuntu/+source/vino/+bug/196675 bug] in the version that comes with Hardy makes it incompatible with most networks and VNC clients. | |
| − | + | To configure vino from within GNOME, go to System > Preferences > Remote Desktop | |
| − | '' | + | * To set vino to request access each time, tick '''Allow other users to view your destkop''' in the Remote Desktop configuration window |
| − | + | * There's no way to set vino to only listen for the next connection | |
| − | + | * To set a password, tick '''Require the user to enter this password:''', and enter a [[UbuntuHelp:StrongPasswords|hard-to-guess password]] | |
| − | + | * To put vino in view-only mode, untick '''Allow other users to control your desktop''' | |
| − | + | * To only allow local connections, click on the tab marked '''Advanced''', then tick '''Only allow local connections'''. | |
| − | + | === krfb === | |
| − | + | Krfb is the default VNC server in Kubuntu, and is recommended for KDE users. Because it's highly integrated with KDE, running it in other environments is difficult. | |
| − | ''' | + | To configure krfb, go to System Settings > Sharing > Desktop Sharing > Configure.... |
| − | + | * To set krfb to request access each time, tick '''Confirm uninvited connections before accepting''' | |
| − | + | * There's no official way to set krfb to only listen for the next connection, although see below for an unofficial solution | |
| − | + | * To set a password, type a [[UbuntuHelp:StrongPasswords|hard-to-guess password]] into the '''Password''' input box | |
| − | + | * To put krfb in view-only mode, untick '''Allow uninvited connections to control the desktop''' | |
| − | <pre><nowiki> | + | * There's no official way to only allow local connections, although see below for an unofficial solution |
| − | + | ==== Once mode ==== | |
| − | + | Krfb doesn't have any official way to accept the next connection then stop listening for connection attempts. However, the following Python script will listen for a single connection then exit krfb: | |
| − | + | <pre><nowiki>#!python numbers=off | |
| − | + | #!/usr/bin/python | |
| − | + | ||
| − | + | ||
| − | + | # Load extra functionality from the 'socket' and 'os' modules | |
| + | from socket import socket, AF_INET, SOCK_STREAM | ||
| + | from os import execl | ||
| − | + | # Listen for a connection | |
| − | + | server = socket(AF_INET, SOCK_STREAM) # This is an Internet (TCP) connection | |
| + | server.bind(('127.0.0.1', 5900)) # Listen for a local connection on port 5,900 | ||
| + | server.listen(1) # Listen for exactly 1 connection | ||
| + | sock = server.accept()[0] # Accept the connection | ||
| − | + | # Attach krfb to this connection | |
| + | execl('/usr/bin/krfb', 'krfb', '--kinetd', str(sock.fileno())) | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | + | To use this script, open your favourite text editor and paste the contents in. Make sure that the initial '#' character is the very first character in the file, save the file as '''krfb.py''', and set the file's permissions to make it executable. Although this simple program won't open a window of any kind, it will quietly wait for the next VNC client to connect to your computer, then pass the connection through to krfb. | |
| − | + | This script will only listen for local connections. To allow connections from anywhere, change '127.0.0.1' to '0.0.0.0' in the script. | |
| + | ==== Invitations ==== | ||
| + | Krfb lets you create "invitations" - individual passwords that are deactivated after an hour or after one use. These are a handy way of giving people one-time access to a computer, but only provide limited security. For example, if you send someone an invitation by e-mail or instant messaging, an attacker could read your invitation message as it went over the Internet and use it to log in. | ||
| + | Invitations can be useful when you want to let other people view your desktop, but you still need to follow the precautions discussed [[UbuntuHelp:[let-other-people|above]]]. | ||
| + | === x11vnc === | ||
| + | X11vnc is a VNC server that doesn't depend on GNOME or KDE, and is recommended for use by Xubuntu users. It's designed to be run from the command-line, which makes it flexible but difficult to learn. The few graphical parts of the interface are quite unattractive, because they're designed to work even on a very minimal installation. X11vnc is available in the '''x11vnc''' package in the Universe repository. | ||
| + | Although x11vnc does have a simple configuration file, it's generally easier to specify options on the command-line. To start x11vnc, type: | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | + | x11vnc -safer <options> | |
</nowiki></pre> | </nowiki></pre> | ||
| − | ''' | + | '''<options>''' is a series of commands separated by spaces. X11vnc has a lot of options, which are discussed fully in the [http://linux.die.net/man/1/x11vnc x11vnc man page]. Common options include: |
| − | + | * To set x11vnc to request access each time, include the '''-nopw -accept popup:0''' options | |
| − | + | * To set x11vnc to only listen for the next connection, include the '''-once''' option | |
| − | ''' | + | * To set x11vnc to continually listen for connections, include the '''-forever''' option |
| + | * To set a password, include the '''-usepw''' option (and remove the '''-nopw''' option above) | ||
| + | * To put x11vnc in view-only mode, include the '''-viewonly''' option | ||
| + | * To set x11vnc to only allow local connections, include the '''-localhost''' option | ||
| + | For example, if you want x11vnc to grant view-only access to the next local connection after asking your permission, type this on the command-line: | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | + | x11vnc -safer -localhost -nopw -accept popup:0 -once -viewonly -display :0 | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | + | If you use a password, you will first need to create a password file by doing: | |
<pre><nowiki> | <pre><nowiki> | ||
| − | + | x11vnc -storepasswd | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | ''' | + | Make sure to use a [[UbuntuHelp:StrongPasswords|hard-to-guess password]] |
| + | <<Anchor(x11vnc-before-login)>> | ||
| + | ==== Connecting to your login screen ==== | ||
| + | Because X11vnc is run from the command-line, it can be started while your computer is still showing a login screen. Exactly how to do this depends on which derivative of Ubuntu you use. In Ubuntu (but not Kubuntu or Xubuntu), x11vnc needs superuser access, and needs the '' -auth /var/lib/gdm/:0.Xauth -display :0'' options to be specified on the command-line. You will also need superuser access to edit your ''/etc/gdm/gdm.conf'' file, to stop your computer from closing your VNC session after you've typed your username and password. | ||
| + | To edit ''/etc/gdm/gdm.conf'', type the following on a command-line: | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | + | sudo gedit /etc/gdm/gdm.conf | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | + | Search for "!KillInitClients" in that file, and you should see a line that looks like this: | |
<pre><nowiki> | <pre><nowiki> | ||
| − | + | #KillInitClients=true | |
| − | + | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | + | change that line to look like this: | |
<pre><nowiki> | <pre><nowiki> | ||
| − | + | KillInitClients=false | |
</nowiki></pre> | </nowiki></pre> | ||
| − | + | Then you can run x11vnc before you've logged in by typing something like this: | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | ' | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | + | sudo x11vnc -safer -localhost -once -nopw -auth /var/lib/gdm/:0.Xauth -display :0 | |
</nowiki></pre> | </nowiki></pre> | ||
| − | + | (Thanks to [http://www.karlrunge.com/x11vnc/#faq-display-manager the x11vnc FAQ] for this tip) | |
| + | === tightvncserver === | ||
| + | Whereas most VNC servers share your desktop, tightvnc creates a completely new desktop, not attached to any actual screen. This makes it much less useful for some things (like remote help), but much more useful for others (like creating a public area for collaboration). If tightvncserver won't start, you might need to uncomment the `$fontpath` lines in '''/etc/vnc.conf'''. | ||
| + | Like x11vnc, tightvnc is designed to be run from the command-line. To start it, type: | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | + | tightvncserver -nolisten tcp :1 | |
</nowiki></pre> | </nowiki></pre> | ||
| − | + | This will tell tightvnc to listen for VNC connections on port 5,901 from anywhere on the Internet. Without the '''-nolisten tcp''' option, tightvnc will also listen for a different type of connection (X11 instead of VNC), which isn't usually very useful. Tightvnc's unusual design means that it can't create a remote desktop on the standard VNC port (5,900) if you have an ordinary desktop running on your computer. | |
| − | + | * There's no way to set tightvncserver to request access each time | |
| − | + | * There's no way to set tightvncserver only to accept the next connection, although see below for a similar solution | |
| − | ''' | + | * Tightvncserver always requires a password, and will ask you to specify one the first time it's run |
| − | + | * There's no way to put tightvncserver in view-only mode | |
| − | + | * To set tightvncserver to only allow local connections, include the '''-localhost''' option | |
| − | + | ==== Once mode ==== | |
| − | * | + | Tightvncserver can't be set to accept the next connection then stop listening for connection attempts. But it can be set to automatically disconnect each client when the next client connects, and can be stopped after your connection is disconnected. To only allow local connections and automatically disconnect clients, start tightvnc by typing: |
| − | ' | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | * | + | |
| − | + | ||
| − | * | + | |
| − | + | ||
| − | ''' | + | |
| − | + | ||
| − | ==== | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | + | tightvncserver -nolisten tcp -localhost -nevershared :1 | |
</nowiki></pre> | </nowiki></pre> | ||
| − | + | Then when your client is disconnected by the next client connecting, type: | |
| − | + | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | + | tightvncserver -kill :1 | |
</nowiki></pre> | </nowiki></pre> | ||
| − | + | === Similar applications === | |
| − | === | + | * [http://www.gnu.org/software/screen/ GNU Screen] allows you to open, share, disconnect, and later return to a text-based terminal. |
| − | + | * '''directvnc''' is a VNC server that shares a Linux framebuffer instead of a desktop | |
| − | + | * '''linuxvnc''' is a VNC server that shares a text-based console instead of a desktop | |
| − | + | * '''xrdp''' is a server for Microsoft's Remote Desktop protocol, a client for which comes with all modern versions of Windows | |
| − | + | * '''xserver-xephyr''' allows you to create a desktop within a desktop on a single computer | |
| − | + | * [[UbuntuHelp:AppleRemoteDesktop|Apple Remote Desktop]] is a desktop sharing application for Mac OS that includes a VNC server | |
| − | + | == Guide to example scenarios == | |
| − | + | This section discusses some situations where you would want to use VNC, and how to set a server up for that situation. The first scenario ("Accessing your PC") describes how to set VNC up for a computer that logs in automatically as soon as it starts up. Because accessing a shared login screen requires more security privileges than accessing your personal desktop, the second scenario ("Accessing a family PC") describes the extra steps you need to take in order to access your computer before you've logged in. | |
| − | + | <<Anchor(accessing-your-pc)>> | |
| − | === | + | === Accessing your PC over the Internet === |
| − | This | + | This section describes how to connect to your own desktop computer from somewhere else on the Internet. See below for instructions about logging in to a shared computer. |
| − | See | + | To set your VNC server up, follow these steps. You should only need to do this once: |
| − | + | <ol><li>[[UbuntuHelp:InstallingSoftware|Install]] the ''x11vnc'' and ''openssh-server'' packages on your PC. | |
| − | ''' | + | </li><li>If you have previously reconfigured the firewall on your PC, make sure the firewall allows incoming connections on port ''22'' from anywhere, and on port ''5900'' from ''localhost'' (also known as ''127.0.0.1''). |
| − | + | </li><li>If your PC is behind a home router, or any other device that uses NAT, [[UbuntuHelp:ServersBehindNAT#Procedure|configure|your router]] to send connection attempts on port 22 (but '''not''' port 5900) to your computer. | |
| − | + | </li><li>[[UbuntuHelp:SSHHowto#Logging_in_from_other_computers|Choose an SSH client]] for the computer you'll log in from, and create a public key for that computer. | |
| − | + | </li><li>In a text editor on your PC, open the file '''''<home>''/.ssh/authorized_keys''', then add the public key you just created to the bottom of the file.</li></ol> | |
| − | </ | + | |
| − | < | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | Each time you want to connect to your PC, follow these steps: | |
| − | + | <ol><li>Find your PC's public name or IP address. Unless your computer has been assigned a memorable name, the easiest way to do this is to go to [http://whatismyip.com/ www.whatismyip.com] from your PC. You can assign your computer a name by getting one from a [[UbuntuHelp:DynamicDNS|dynamic DNS]] provider. | |
| − | + | </li><li>Start an SSH session on your PC with your SSH client, use local port-forwarding to connect port 5,900 on your desktop to port 5,900 on localhost, and run the command `x11vnc -safer -localhost -nopw -once -display :0` | |
| − | + | </li><li>Start your VNC client, and connect to localhost port 5,900</li></ol> | |
| − | + | ||
| − | < | + | If you have a dial-up Internet connection, your IP address will change every time you connect to the Internet. If you have a broadband Internet connection, your address will probably only change once every few months - usually right around the day you forget to check your address. |
| − | + | If you were connecting from an Ubuntu computer with a command-line VNC client, you could do the following on a command-line: | |
| − | + | ||
| − | + | ||
| − | ' | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | </ | + | |
| − | + | ||
| − | + | ||
| − | < | + | |
| − | + | ||
| − | </ | + | |
| − | + | ||
| − | + | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | + | ssh -f -L 5900:localhost:5900 <your-name>@<your-computer> \ | |
| + | x11vnc -safer -localhost -nopw -once -display :0 \ | ||
| + | && sleep 5 \ | ||
| + | && vncviewer localhost:0 | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | + | If the above VNC connection is terribly slow, then you may need to enable a compression mechanism, e.g., <code><nowiki>vncviewer -encodings "tight" localhost:0</nowiki></code>. Alternatively, if your VNC viewer supports the "-via" option (e.g., xtightvncviewer does so) then you need neither manual port-forwarding nor manual settings for compression. Instead, you SSH into the remote computer, start the VNC server with <code><nowiki>x11vnc -safer -localhost -nopw -once -display :0</nowiki></code> and, again on your client machine, start the client with the following command line: | |
| − | + | ||
| − | + | ||
| − | + | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | + | vncviewer -via <your-name>@<your-computer> localhost:0 | |
</nowiki></pre> | </nowiki></pre> | ||
| − | + | In Ubuntu, the ''vncviewer'' command will run whichever VNC client you have installed. | |
| − | === | + | === Accessing a family PC over the Internet === |
| − | + | Accessing a family PC is a similar problem to accessing your own PC, except that the VNC server needs more security privileges in order to show your login screen. | |
| − | + | First, make sure that you can [[UbuntuHelp:[accessing-your-pc|access your own desktop after logging in]]] - once you've logged in, accessing a shared PC is no different to accessing your own PC. | |
| + | Second, follow the instructions to [[UbuntuHelp:[x11vnc-before-login|get x11vnc working before you log in]]]. After this step, you should start the VNC server on the family PC with superuser privileges: | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | + | ssh -L 5900:localhost:5900 <your-name>@<your-computer> | |
| + | sudo x11vnc -safer -localhost -nopw -once -auth /var/lib/gdm/:0.Xauth -display :0 | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | + | Then connect your VNC client in the same way you did before. | |
| − | + | == Further information == | |
| − | + | Remote desktop solutions are a broad and complex topic. The following links provide more detail about the technologies involved: | |
| − | + | * [[UbuntuHelp:WikiPedia:Vnc|Wikipedia's VNC page]] | |
| − | == | + | * [[UbuntuHelp:WikiPedia:Remote_administration|Wikipedia's remote administration page]] |
| − | + | * [[UbuntuHelp:WikiPedia:Remote_Desktop_Protocol|The Remote Desktop Protocol]] is a similar protocol, popular in Windows | |
| − | *VNC | + | * [[UbuntuHelp:WikiPedia:NX_technology|The NX Protocol]] is another similar protocol |
| − | * | + | * [[UbuntuHelp:WikiPedia:X_display_manager|The XDMCP protocol]] also enables remote login |
| − | * | + | * [http://tldp.org/HOWTO/XDMCP-HOWTO/ The XDMCP How-to] and two Ubuntu [http://ubuntuforums.org/showpost.php?p=5229232&postcount=458 forum] [http://ubuntuforums.org/showpost.php?p=4963842&postcount=1 posts] give explanations about how to use XDMCP |
| − | + | * [[UbuntuHelp:DynamicDNS]] is a way to obtain a stable DNS name even if your IP changes dynamically | |
| − | + | * [[UbuntuHelp:WikiPedia:KVM_switch|KVM switches]] are hardware devices that switch a keyboard, monitor and mouse between two or more computers | |
| − | [[category: | + | * [[UbuntuHelp:Xen]] is a way of running a virtual machine in Linux |
| + | * [[UbuntuHelp:WikiPedia:Wake-on-LAN||Wake-on-LAN]] is a way of powering a computer on over a network or the Internet. | ||
| + | [[category:CategoryNetworking]] [[category:CategoryInternet]] | ||
[[category:UbuntuHelp]] | [[category:UbuntuHelp]] | ||
2008年10月19日 (日) 18:00的版本
 |
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
<<Include(Tag/TooLong)>> VNC is a protocol that allows a desktop to be viewed and controlled remotely over the Internet. To use VNC, you need to run a VNC server on the computer sharing a destkop, and a VNC client on the computer accessing the shared desktop. VNC is a widely useful tool, although you'll need to do some work to set it up for your particular use case. This page will discuss some common uses for VNC, present programs you can use to solve your particular problem, and then guide you through some example scenarios. You may want to [[UbuntuHelp:[guide|skip straight to the examples]]].
Common uses
The two most common uses for VNC are to control your own desktop from another computer and to let other people view your desktop while you're sitting at it.
Accessing your desktop over the Internet
Although VNC has some optional security features, you should not run VNC directly over an untrusted network like the Internet. Instead, you should set an SSH server up as discussed in the SSH guide and configure a VNC server that you can start in so-called once mode, as described below. When you have set up your SSH and VNC servers, you can use SSH to log in to your computer over the Internet, start your VNC server, and use [[UbuntuHelp:[port-forwarding|port-forwarding]]] to securely access the VNC server. <<Anchor(let-other-people)>>
Let other people view your desktop
At present, there is no easy, secure way of making your desktop available to others over the Internet. However, an application called Remote Help Assistant is being developed to fill this gap, and needs unskilled volunteers to help test new versions. Contributing there might be the best use of your time, especially if you're not technically adept enough to reconfigure your system. If a small group of people regularly want to access your desktop, the best solution might be to set an SSH server up, then add their public keys to your authorized_keys file, with very limited rights. As discussed in the SSH guide, you can limit the SSH features that each public key can use - typically, a user that should only have VNC access would have a line like the following in authorized_keys:
command="/bin/sleep 4294967295":no-agent-forwarding:no-pty:no-user-rc:no-X11-forwarding:permitopen="localhost:5900" <public key>
This will allow the specified person to log in to your computer using your username and their public key instead of your password. The long list of no-xyz statements disallow them from doing just about anything except connect to a VNC server. Because the Internet is a high speed public network, an attacker anywhere in the world could connect to an unsecured VNC server and start guessing passwords at a rate of thousands per minute. Even if they couldn't guess your password, they could snoop on the VNC session much like someone in an Internet cafe might peer over your shoulder. If securing your connection is not an option, it's possible to provide an unsecured VNC connection with a fairly low risk of disaster, so long as you follow three basic safety precautions:
- only allow the other person to view your desktop, not to control it
- tell your VNC server to request permission before allowing anyone to see your desktop
- don't do anything that you wouldn't do in an Internet cafe
If you're not comfortable with the risks, and the secure options discussed above aren't appropriate, you might be able to take|screenshots instead, and send them to the other person. Whichever of the above techniques you use, you might find that you can connect to your VNC server from computers on your local network, but that other people can't connect to your server over the Internet. If that happens, you might need to reconfigure your router. <<Anchor(port-forwarding)>>
SSH port-forwarding
SSH has a feature called local port forwarding that allows programs on a computer running an SSH client to transparently connect to servers over the SSH connection. This works by setting up a dummy server on the computer running the SSH client (the local computer) that sends everything it hears (forwards it) to a real server on the other side of the SSH connection. It's called port forwarding because different types of server listen on virtual "ports", a bit like USB ports on the back of your computer. Like with USB, any server can be plugged in to any port; but unlike USB, ports are numbered and there are strong conventions about which port you're supposed to use for which server. The convention for VNC servers is to listen on port numbers starting at 5,900 - so a computer that shared three different desktops would normally listen on ports 5,900, 5,901 and 5,902. Port-forwarding is a widely useful technique that is supported in all major SSH clients, although you will have to consult your client's documentation to find out exactly how your client does it. The command-line ssh client uses the -L option, so if you typed this for example:
ssh -L 5900:localhost:5900 joe@laptop
you would log in to Joe's laptop and forward his shared desktop to your computer. You could then start your VNC client and connect to port 5900 on your computer to see his shared desktop. 5900:localhost:5900 means start a dummy server on port 5,900 on this computer, and forward it to port 5,900 on the computer that Joe's laptop calls "localhost". The word "localhost" is the computer equivalent of the word "yourself", so the SSH server on Joe's laptop will think you mean Joe's laptop when you tell it to connect to "localhost" port 5900, but a VNC client on your computer will think you mean your computer when you tell it to connect to "localhost" port 5900. <<Anchor(vnc-clients)>>
VNC Clients
A VNC client lets you connect to a desktop that's been shared on another computer. Excellent VNC clients are available for every major Linux distribution and other operating system. Some popular clients include:
- UbuntuHelp:Vinagre is the remote desktop viewer that comes by default with Ubuntu
- krdc is the standard KDE client, and can also act as a Windows Terminal Services client
- xvnc4viewer is a simplistic client recommended for Xubuntu users.<
>
xvnc4viewer is available in the Universe repository
- xtightvncviewer is a simplistic client recommended for use with tightvncserver<
>
xtightvncviewer is available in the Universe repository
- Chicken of the VNC is a popular VNC client for Mac OS X<
>
Other Mac clients can be found on Apple's website
- TightVNC has a Windows version available
- TightVNC Java client is a multiplatform Java client that can run in a web browser<
>
If you can't install software on the machine you'll log in from, you can make this available through a web server. It's available in the vnc-java package in the Multiverse repository
| {{https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconTip.png%7D%7D%7C%7CIf you accidentally display the remote desktop fullscreen, try pressing F8 or F11 to exit. |
To connect a VNC client to a VNC server, you need to know the name or the IP address of the computer you'll connect to, and the port or display number of its VNC server. By convention, port numbers start at 5,900 and go up, so a computer that shared three different desktops would normally listen on ports 5,900, 5,901 and 5,902. Display numbers use the 5,900 convention to try to make things easier - port number 5,900 is display number :0, port number 5,901 is display number :1, and so on.
Similar applications
- Remote Help Assistant is an application being developed to make it easier to securely acces a VNC server
- rdesktop is a client for Windows Terminal Services, available in the Main repository
- qtnx is an NX client for KDE, available in the Universe repository
VNC Servers
A VNC server is a program that shares a desktop with other computers over the Internet. You will need a VNC server if you want other people to see your desktop. Every VNC server has different strengths and weaknesses and is appropriate for different uses. This section will discuss each of the VNC servers available in Ubuntu, and ways to configure them for most common uses of VNC. The most important thing when setting up a VNC server is to only let the right people access your desktop. The safest way to do that is usually to have someone sitting at the desktop deciding who gets to use it, but that's not always practical - for example, if you want to log in to your own computer from somewhere else. If you want to confirm each connection manually, you should look for these options:
- Request access each time - pop a window up asking whether to allow each connection as it comes in.
- view-only access - allow VNC clients to view the destkop, but not to change anything. As well adding a little security, this avoids problems with both of you fighting over control of the mouse.
If you want to access your desktop when nobody is sitting at it, these options will be more useful:
- Only allow local connections - only let people connect if they already have access to your computer.
- Start your VNC server in "once" mode - tell your VNC server to allow one connection, then block anything after that
- Set a password - require people to send a password before they can connect.
These options should give you a secure set-up, so long as they're used with [[UbuntuHelp:[port-forwarding|port-forwarding]]], as discussed above. Only allowing local connections means that only people with user accounts on your computer can access your desktop. Starting the server in "once" mode means that people with user accounts on your computer would have to log in to your desktop between the time you start your VNC server and the time you connect from your VNC client. Setting a password means that, if anyone did try to connect in that brief interval, they probably wouldn't be able to get in before you noticed and stopped the server. Although passwords add some security, hard-to-guess passwords are as difficult to create as they are to remember. If nobody else has access to your computer, you might want to skip passwords altogether.
Vino
Vino is the default VNC server in Ubuntu to share your existing desktop with other users. Unfortunately, a bug in the version that comes with Hardy makes it incompatible with most networks and VNC clients. To configure vino from within GNOME, go to System > Preferences > Remote Desktop
- To set vino to request access each time, tick Allow other users to view your destkop in the Remote Desktop configuration window
- There's no way to set vino to only listen for the next connection
- To set a password, tick Require the user to enter this password:, and enter a hard-to-guess password
- To put vino in view-only mode, untick Allow other users to control your desktop
- To only allow local connections, click on the tab marked Advanced, then tick Only allow local connections.
krfb
Krfb is the default VNC server in Kubuntu, and is recommended for KDE users. Because it's highly integrated with KDE, running it in other environments is difficult. To configure krfb, go to System Settings > Sharing > Desktop Sharing > Configure....
- To set krfb to request access each time, tick Confirm uninvited connections before accepting
- There's no official way to set krfb to only listen for the next connection, although see below for an unofficial solution
- To set a password, type a hard-to-guess password into the Password input box
- To put krfb in view-only mode, untick Allow uninvited connections to control the desktop
- There's no official way to only allow local connections, although see below for an unofficial solution
Once mode
Krfb doesn't have any official way to accept the next connection then stop listening for connection attempts. However, the following Python script will listen for a single connection then exit krfb:
#!python numbers=off
#!/usr/bin/python
# Load extra functionality from the 'socket' and 'os' modules
from socket import socket, AF_INET, SOCK_STREAM
from os import execl
# Listen for a connection
server = socket(AF_INET, SOCK_STREAM) # This is an Internet (TCP) connection
server.bind(('127.0.0.1', 5900)) # Listen for a local connection on port 5,900
server.listen(1) # Listen for exactly 1 connection
sock = server.accept()[0] # Accept the connection
# Attach krfb to this connection
execl('/usr/bin/krfb', 'krfb', '--kinetd', str(sock.fileno()))
To use this script, open your favourite text editor and paste the contents in. Make sure that the initial '#' character is the very first character in the file, save the file as krfb.py, and set the file's permissions to make it executable. Although this simple program won't open a window of any kind, it will quietly wait for the next VNC client to connect to your computer, then pass the connection through to krfb. This script will only listen for local connections. To allow connections from anywhere, change '127.0.0.1' to '0.0.0.0' in the script.
Invitations
Krfb lets you create "invitations" - individual passwords that are deactivated after an hour or after one use. These are a handy way of giving people one-time access to a computer, but only provide limited security. For example, if you send someone an invitation by e-mail or instant messaging, an attacker could read your invitation message as it went over the Internet and use it to log in. Invitations can be useful when you want to let other people view your desktop, but you still need to follow the precautions discussed [[UbuntuHelp:[let-other-people|above]]].
x11vnc
X11vnc is a VNC server that doesn't depend on GNOME or KDE, and is recommended for use by Xubuntu users. It's designed to be run from the command-line, which makes it flexible but difficult to learn. The few graphical parts of the interface are quite unattractive, because they're designed to work even on a very minimal installation. X11vnc is available in the x11vnc package in the Universe repository. Although x11vnc does have a simple configuration file, it's generally easier to specify options on the command-line. To start x11vnc, type:
x11vnc -safer <options>
<options> is a series of commands separated by spaces. X11vnc has a lot of options, which are discussed fully in the x11vnc man page. Common options include:
- To set x11vnc to request access each time, include the -nopw -accept popup:0 options
- To set x11vnc to only listen for the next connection, include the -once option
- To set x11vnc to continually listen for connections, include the -forever option
- To set a password, include the -usepw option (and remove the -nopw option above)
- To put x11vnc in view-only mode, include the -viewonly option
- To set x11vnc to only allow local connections, include the -localhost option
For example, if you want x11vnc to grant view-only access to the next local connection after asking your permission, type this on the command-line:
x11vnc -safer -localhost -nopw -accept popup:0 -once -viewonly -display :0
If you use a password, you will first need to create a password file by doing:
x11vnc -storepasswd
Make sure to use a hard-to-guess password <<Anchor(x11vnc-before-login)>>
Connecting to your login screen
Because X11vnc is run from the command-line, it can be started while your computer is still showing a login screen. Exactly how to do this depends on which derivative of Ubuntu you use. In Ubuntu (but not Kubuntu or Xubuntu), x11vnc needs superuser access, and needs the -auth /var/lib/gdm/:0.Xauth -display :0 options to be specified on the command-line. You will also need superuser access to edit your /etc/gdm/gdm.conf file, to stop your computer from closing your VNC session after you've typed your username and password. To edit /etc/gdm/gdm.conf, type the following on a command-line:
sudo gedit /etc/gdm/gdm.conf
Search for "!KillInitClients" in that file, and you should see a line that looks like this:
#KillInitClients=true
change that line to look like this:
KillInitClients=false
Then you can run x11vnc before you've logged in by typing something like this:
sudo x11vnc -safer -localhost -once -nopw -auth /var/lib/gdm/:0.Xauth -display :0
(Thanks to the x11vnc FAQ for this tip)
tightvncserver
Whereas most VNC servers share your desktop, tightvnc creates a completely new desktop, not attached to any actual screen. This makes it much less useful for some things (like remote help), but much more useful for others (like creating a public area for collaboration). If tightvncserver won't start, you might need to uncomment the `$fontpath` lines in /etc/vnc.conf. Like x11vnc, tightvnc is designed to be run from the command-line. To start it, type:
tightvncserver -nolisten tcp :1
This will tell tightvnc to listen for VNC connections on port 5,901 from anywhere on the Internet. Without the -nolisten tcp option, tightvnc will also listen for a different type of connection (X11 instead of VNC), which isn't usually very useful. Tightvnc's unusual design means that it can't create a remote desktop on the standard VNC port (5,900) if you have an ordinary desktop running on your computer.
- There's no way to set tightvncserver to request access each time
- There's no way to set tightvncserver only to accept the next connection, although see below for a similar solution
- Tightvncserver always requires a password, and will ask you to specify one the first time it's run
- There's no way to put tightvncserver in view-only mode
- To set tightvncserver to only allow local connections, include the -localhost option
Once mode
Tightvncserver can't be set to accept the next connection then stop listening for connection attempts. But it can be set to automatically disconnect each client when the next client connects, and can be stopped after your connection is disconnected. To only allow local connections and automatically disconnect clients, start tightvnc by typing:
tightvncserver -nolisten tcp -localhost -nevershared :1
Then when your client is disconnected by the next client connecting, type:
tightvncserver -kill :1
Similar applications
- GNU Screen allows you to open, share, disconnect, and later return to a text-based terminal.
- directvnc is a VNC server that shares a Linux framebuffer instead of a desktop
- linuxvnc is a VNC server that shares a text-based console instead of a desktop
- xrdp is a server for Microsoft's Remote Desktop protocol, a client for which comes with all modern versions of Windows
- xserver-xephyr allows you to create a desktop within a desktop on a single computer
- Apple Remote Desktop is a desktop sharing application for Mac OS that includes a VNC server
Guide to example scenarios
This section discusses some situations where you would want to use VNC, and how to set a server up for that situation. The first scenario ("Accessing your PC") describes how to set VNC up for a computer that logs in automatically as soon as it starts up. Because accessing a shared login screen requires more security privileges than accessing your personal desktop, the second scenario ("Accessing a family PC") describes the extra steps you need to take in order to access your computer before you've logged in. <<Anchor(accessing-your-pc)>>
Accessing your PC over the Internet
This section describes how to connect to your own desktop computer from somewhere else on the Internet. See below for instructions about logging in to a shared computer. To set your VNC server up, follow these steps. You should only need to do this once:
- Install the x11vnc and openssh-server packages on your PC.
- If you have previously reconfigured the firewall on your PC, make sure the firewall allows incoming connections on port 22 from anywhere, and on port 5900 from localhost (also known as 127.0.0.1).
- If your PC is behind a home router, or any other device that uses NAT, configure|your router to send connection attempts on port 22 (but not port 5900) to your computer.
- Choose an SSH client for the computer you'll log in from, and create a public key for that computer.
- In a text editor on your PC, open the file <home>/.ssh/authorized_keys, then add the public key you just created to the bottom of the file.
Each time you want to connect to your PC, follow these steps:
- Find your PC's public name or IP address. Unless your computer has been assigned a memorable name, the easiest way to do this is to go to www.whatismyip.com from your PC. You can assign your computer a name by getting one from a dynamic DNS provider.
- Start an SSH session on your PC with your SSH client, use local port-forwarding to connect port 5,900 on your desktop to port 5,900 on localhost, and run the command `x11vnc -safer -localhost -nopw -once -display :0`
- Start your VNC client, and connect to localhost port 5,900
If you have a dial-up Internet connection, your IP address will change every time you connect to the Internet. If you have a broadband Internet connection, your address will probably only change once every few months - usually right around the day you forget to check your address. If you were connecting from an Ubuntu computer with a command-line VNC client, you could do the following on a command-line:
ssh -f -L 5900:localhost:5900 <your-name>@<your-computer> \ x11vnc -safer -localhost -nopw -once -display :0 \ && sleep 5 \ && vncviewer localhost:0
If the above VNC connection is terribly slow, then you may need to enable a compression mechanism, e.g., vncviewer -encodings "tight" localhost:0. Alternatively, if your VNC viewer supports the "-via" option (e.g., xtightvncviewer does so) then you need neither manual port-forwarding nor manual settings for compression. Instead, you SSH into the remote computer, start the VNC server with x11vnc -safer -localhost -nopw -once -display :0 and, again on your client machine, start the client with the following command line:
vncviewer -via <your-name>@<your-computer> localhost:0
In Ubuntu, the vncviewer command will run whichever VNC client you have installed.
Accessing a family PC over the Internet
Accessing a family PC is a similar problem to accessing your own PC, except that the VNC server needs more security privileges in order to show your login screen. First, make sure that you can [[UbuntuHelp:[accessing-your-pc|access your own desktop after logging in]]] - once you've logged in, accessing a shared PC is no different to accessing your own PC. Second, follow the instructions to [[UbuntuHelp:[x11vnc-before-login|get x11vnc working before you log in]]]. After this step, you should start the VNC server on the family PC with superuser privileges:
ssh -L 5900:localhost:5900 <your-name>@<your-computer> sudo x11vnc -safer -localhost -nopw -once -auth /var/lib/gdm/:0.Xauth -display :0
Then connect your VNC client in the same way you did before.
Further information
Remote desktop solutions are a broad and complex topic. The following links provide more detail about the technologies involved:
- Wikipedia's VNC page
- Wikipedia's remote administration page
- The Remote Desktop Protocol is a similar protocol, popular in Windows
- The NX Protocol is another similar protocol
- The XDMCP protocol also enables remote login
- The XDMCP How-to and two Ubuntu forum posts give explanations about how to use XDMCP
- UbuntuHelp:DynamicDNS is a way to obtain a stable DNS name even if your IP changes dynamically
- KVM switches are hardware devices that switch a keyboard, monitor and mouse between two or more computers
- UbuntuHelp:Xen is a way of running a virtual machine in Linux
- |Wake-on-LAN is a way of powering a computer on over a network or the Internet.
