VNC is a set of programs available under a number of operating systems that allows for the network sharing of a single desktop by a number of users. Any application that can be run on the desktop can be manipulated by any of the parties, or changes can be restricted to be controlled by a single user. The programs implement what is often referred to as "application sharing".
The session password for a VNC connection does not go out over the Internet, but the traffic generated by the session itself is not encrypted and, therefore, is susceptible to sniffing, hijacking and having commands inserted into the stream. It is therefore recommended that an ssh tunnel be used to encrypt the session traffic. The documents on VNC through an ssh tunnel (Making VNC secure using SSH) indicate that by using the compression feature of ssh, the response of the session may be faster using ssh than when not using it. This statement is probably true as long as the CPU overhead for encryption-compression/decompression-decryption is reasonable for the machines being used, but the ssh documentation appears to indicate that compression is only available with protocol 1.
The software is available from RealVNC and is available for:
In addition, versions for other operating systems are available from a UK site (on the above link, click on "Click here for other platforms" on the right side of the window).
The VNC Server under Linux is called Xvnc, but it is usually started
with the vncserver script. The first time the server
script is run, you will be asked for a number of items, including a
"session password". This password is used to authenticate users to
the sessions handled by the server and needs to be communicated to
the participants prior to their accessing the VNC session.
Use the -alwaysshared option to allow multiple
simultaneous clients to connect to the server.
To start the server using display 1, use the following:
vncserver -alwaysshared :1
Since a VNC server running on a Windows machine makes the entire Windows desktop available to the session participants, some people may not want to run the server on a Windows machine. In contrast, the Linux server starts a fresh desktop with only the application desired in it.
When the VNC server is installed under Windows, you are given the option of making it a system service. If it is made a service, then it will start when Windows starts. If it is not made a service, then the server must be started manually.
During installation, you will be prompted for a session password.
The Windows VNC client is not intended to run on the same Windows machine as the VNC server. Since the entire desktop is shared under windows, running the client on the server machine will open a window with the entire desktop in it, which, in turn will have a window in it containing the entire desktop, ad infinitum. This is similar to aiming a video camera at the monitor displaying the video camera's image.
To run a VNC client through an ssh tunnel makes it look like the client is on the same machine as the server, but, of course, the display is not. One then has to change the VNC server configuration to allow clients on the local machine. Unfortunately, one has to edit the Windows Registry to enable the server's "loop-back" feature. The procedure follows:
HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3
When you next start the VNC server, it will allow tunneled connections from the local machine.
VNC uses port 5900 + display number for its connection, so to use the recommended ssh tunnel for the VNC client to connect to the server one does the following (assuming that the server is running with display number 1):
ssh -L 5901:localhost:5901 <user>@<server.name>
vncviewer localhost:1
-alwaysshared
option, then you should add the -shared option to
the above
vncviewer -shared localhost:1
VNC uses port 5900 + display number for its connection, so to use the recommended ssh tunnel for the VNC client to connect to the server one does the following (assuming that the server is running with display number 1):
The Java client associated with the VNC Server is started by connecting
to port 5800 + display number on the Server machine. Again, one wants
to make the connection through an ssh tunnel, so one adds the tunnel to
your ssh connection tunneling the 59xx port. On a linux machine you
would use multiple -L options as (again assuming display 1)
ssh -L 5901:localhost:5901 -L 5801:localhost:5801
<user>@<server.name>
and then pointing your Java enabled browser at "http://localhost:5801"
On a Windows machine, you would add the second tunnel on the "Tunnels" page of the PuTTY setup, for example. When the connection was established, you would start the java client by pointing your browser at "http://localhost:5801"
ssh tunnels can be chained together to get past gateway machines, for
example. One sets up a tunnel on the intermediate machine to some random
port number > 1024 and then sets up a tunnel from the intermediate
machine forwarding the chosen port to the destination machine and the
appropriate port there. For example the the first tunnel would be:
ssh -L 5901:localhost:4321 <user>@<gateway.machine>
and then on the gateway machine
ssh -L 4321:localhost:5901 <user>@<server.machine>
After setting up the tunnels, you can start the VNC client as usual
vncviewer -shared localhost:1