The tool <code>vncserver</code> allows you to run additional X servers on a single machine. These X servers don't display anywhere, but instead you need to connect to them using <code>vncviewer</code>. The additional servers come up as <code>:1</code>, <code>:2</code>, etc.
On Debian, to install the packages for running VNC, use:
The general method is as follows:
Let's say your server is called <code>your_server</code>. On this server, as your userid, run:
It will prompt you for a password, which will be used when you log in later from the client. Here, we're just setting it up to run at a size of <code>1024x768</code>, with a color depth of 16 bits, and with the color format for pixels passed set to use 5 bits for red and blue, and six bits for green. For a full explanation of all the options, use <code>man vncserver</code>. The first time vncserver is started up, it will also create a configuration file, in your home directory, called <code>$HOME/.vnc/xstartup</code>
Even though we've just learned how to launch a vnc server session, surprisingly the first thing we need to learn is how to kill it again. To do this, use:
The reason for killing the session is that you may need to edit the default configuration file that <code>vncserver</code> creates for you, for example to get the vncserver to run the K desktop environment instead of <code>twm</code>, you may want to edit the <code>$HOME/.vnc/xstartup</code> file to replace the line:
with this line is you use KDE:
and with this line if you use GNOME:
before launching the vncserver again using:
This will prompt you for a password, then bring up a window showing you the current state of the X session running within the VNC server on the machine <code>your_server</code>. Note that even if you connect to the VNC server from a different client machine, the same session will be seen.
Initially, the vncviewer client runs as a window within your regular X sesion. Consulting the manual using "man vncviewer", you quicky discover that pressing the function key F8 brings up a "popup" menu, where you can choose the option:
If your current X server's display size matches the setting for the geometry you chose when starting up the vncserver, this will result in a fairly good illusion that you are actually sitting at a regular X session on the console of the remote machine. There will be a little square dot at the end of the mouse cursor to remind you that you are within a vncviewer session.
Note that when <code>vncviewer</code> is running as a window, you may find that it exits with the following error when you try to move it to other virtual desktops in KDE. A workaround for this, suggested by Philip Lijnzaad, is to "shade" the window (by double-clicking on its title bar along the top of the window) before moving it to another virtual desktop, and then "unshading" it once you have selected the new virtual desktop. Note that depending on your KDE settings, another action than double-clicking may be needed to shade a window. You'll know that the window is shaded because it will minimize to just the titlebar whenever it has no focus.
In the case where the above workaround doesn't work and you still get the error, or if you forget to shade the window before moving it, you can simply restart the <code>vncviewer</code> again, and of course your VNC session is just as you left it a few moments ago.
To shut down the KDE window manager running inside the vncserver session, you can of course simply log out in the usual way. If you select the option:
"login as another user"
a KDM login screen won't appear. Instead, to get a new session you'll need to kill the vncserver sesion and start again as described earlier.
What if you have a server machine tucked away an a datacenter somewhere, and you would like to use it to run the desktop version of VMware? This is fine according to the VMware license, but the normal method of working with X applications where you simply set your <code>DISPLAY</code> back to your local workstation, doesn't work with VMware, unfortunately. Nor do they suggest any workaround.
One option is of course to haul a keyboard, mouse and monitor over to the datacenter and connect it up to your server, configure the graphics card, and with a bit of luck start up an X session. Then launch VMware as usual, while you sit in front of the server wondering if there was a better way.
By now, you are probably realizing that VNC provides a far easier way. The method of running VNC described in the previous section works with VMware. It works especially well in the case where you are only running server software within the VMware virtual machine, and are not particularily interested in the display of the virtual machine itself (except perhaps at boot time). The method is very satisfactory given that large pools of physical memory and multi-processor capabilities tend to be readily available on server machines.
You may need to change the geometry to match your video card, e.g., it might be:
If you use -depth 8, meaning only 8 bits per pixel, it is less pretty. This creates an invisible X desktop with all your gadgets.
Again, maybe the geometry specification for your screen might need to be different. This allows you to see your desktop gadgets in the server.
Your screen looks pretty much the same as before, except the mouse pointer has a little square in it and everything is a bit slower. To view your desktop from another machine on the network, use:
Now you have a second view of the same desktop. You can quit (or crash) out of both viewers, and the desktop is still there waiting to be connected to. By the way, since the first viewer is running on an X server with no window manager, you'll have to kill the viewer, to get out of it.
Some linux distributions have integrated VNC into their X server under KDE. For example, in Mandrake linux, if you want remote users to be able to share your mandrake linux desktop, then select the menu option:
In the dialog box, select the
You will need to enter a password for remote users. Press the button <code>launch server</code>, and a new window will appear on your desktop with the letters <code>RFB</code> in it. Remote users will then be able to access your desktop over VNC using the password you provided, until you close the <code>RFB</code> window.
On Microsoft Windows, the WinVNC server provides a similar service, but there, of course, the display numbering starts with :0, because Microsoft Windows doesn't have an X server of its own.
To install these packages for Debian, use:
The applications <code>x11vnc</code> and the older <code>x0rfbserver</code> appear to be the only complete remote control solutions for the X windowing system, but maybe there are others. By remote control, I mean being able to use the mouse, keyboard and display of a separate machine to interact with the X display of another system.
If you just want gain remote mouse and keyboard control of a separate machine (whose display you can see locally because it is actually sitting on your desk), then <code>synergy</code> is a very handy application to be aware of. It lets your mouse seamlessly "travel" over to the other display. It's a little tricky to describe, but it's almost like being able to throw away the keyboard and mouse of the other machine.
To use VNC over OpenSSH, first you need to run an <code>ssh</code> session on the machine where you will be running the vncviewer, to request that <code>ssh</code> listen on a particular port on your local machine, and forward communication on that port down the secure connection to a port on the machine running the vncserver.
For example:
means "Start an SSH connection to the <code>vncserver_machine</code>, and also listen on port <code>x</code> on my machine, and forward any connections there to port <code>y</code> on the <code>vncserver_machine</code>."
Now, the VNC protocol normally uses port <code>59xx</code>, where <code>xx</code> is the display number of the server. So a VNC server on a Windows machine, which normally uses display number <code>0</code>, will listen on port <code>5900</code>. The first VNC server on linux will probably use display number <code>1</code>, and subsequent servers would use <code>2</code>, <code>3</code>, etc. and so the vncservers on linux will be listening on ports <code>5901</code>, <code>5902</code> and so forth.
By forwarding these ports to a remote machine running <code>vncserver</code>, you can make the remote VNC server appear to be a server running on your local machine.
So, imagine you had a VNC server running as display <code>:1</code> on <code>vncserver_machine</code>, and you wanted a secure connection to it from your local machine. You could start the <code>ssh</code> session using:
After that, starting up the <code>vncviewer</code> as follows on your local machine:
would actually connect to display <code>:1</code> on the <code>vncserver_machine</code>.
Note that the above OpenSSH command-line is deliberately meant to accept incoming connections only from the local machine. This means that to use the <code>ssh</code> connection that we have just set up, we must connect to it from the same machine, using the special name <code>localhost</code>, rather than using the local machine's own unique name.
When you use the linux VNC viewer to connect to a local machine, for best performance VNC selects whatever is available from the following list of compression methods to encode screen updates, in this order:
As you can see, for local connections, VNC's <code>raw</code> pixel encoding is first in this list, and although it generally gives better performance for local access, when the vncserver is actually remote (i.e. when you are really accessing it over an ssh tunnel), then if the <code>raw</code> encoding is used, a lot more data will be sent over the network than is necessary. The order of the list of compression methods that VNC chooses from when the connection is to a remote vncserver, is as follows:
So, when using vnc over ssh, let's use the compression methods <code>copyrect</code> and <code>hextile</code>, and of course leave out <code>raw</code>, as follows:
OpenSSH can compress the data it transfers. This is particularly useful if the link between the vncviewer and the vncserver is a slow one, such as a modem, but even on a faster network it can help make up for the fact that the encryption takes a certain amount of time and so can slow the link down a little. To add simple compression, use the <code>-C</code> option to <code>ssh</code> (or the <code>+C</code> option for ssh v2). To see how much your data is actually being compressed, you can use the <code>-v</code> option to <code>ssh</code>.
John McCaughey suggested that for Apple Macintosh machines, it might be simplest to use <code>vnc</code> within a Web browser. The VNC server also serves a Java applet that should run within any Java-enabled browser. Let's say you have a VNC server set up as session <code>:1</code> on <code>vncserver_machine</code>, and you fire up your web browser, and go to:
the browser will then prompt you for the VNC server password as usual, and the VNC viewer session will start up within the browser in a Java applet.
To use the Java applet method over an OpenSSH tunnel, two tunnels need to be set up, one on port <code>5801</code> and another on <code>5901</code>. Note that the local side of the <code>5901</code> port must be forwarded with the same number, as unfortunately the vncserver software sends back the Java applet server's port number incremented by <code>100</code> to the Java applet running in the client browser, to establish the communication channel. So forwarding the ports over <code>ssh</code> would look like this:
Piotr Zbiegiel suggests that instead of listing so many port forwardings, it might be more convenient to put the settings into your local <code>$HOME/.ssh/config</code> file as follows:
To launch the VNC client Java applet, put the following url in the client browser:
Note: when using port forwarding, remember that if you ssh or scp over to the same machine name again, ssh will try to establish the same port forwardings again a second time, and fail with a "port busy" message. To avoid this, use an alias for the remote machine (add the alias to your <code>/etc/hosts</code> file), and ssh or scp to the alias instead. This works because ssh is very literal-minded about reading its config file. Lucky for us.
If you are trying to run VNC over an SSH tunnel into a machine (on a private network) located behind a port-forwarding firewall, then this section may be just what the doctor ordered. Thanks to Bill Crooke for this guide.
Let's say the VNC server machine that you are trying to connect to is located behind a firewall that uses port forwarding. This VNC server machine has an IP address that is a member of one of the private networks located behind the firewall. To connect to this machine using VNC over OpenSSH, you may need to use a modified invocation of the ssh command, specifying the machine's IP address rather than simply using <code>localhost</code>.
For example, if the IP address of the firewall is <code>24.4.252.118</code>, the firewall is forwarding port <code>22</code> to the VNC server machine, and the VNC server machine has a private address of <code>192.168.0.200</code>, then you would need to use the following ssh command to set up the OpenSSH tunnel for VNC. In plain English, this command means "Start an SSH connection to the firewall machine at <code>24.4.252.118</code>, and at the same time listen on port <code>5903</code> of my local machine and forward any connections you see there to port <code>5905</code> on the remote VNC server machine at =192.168.0.200=".
The above command would be used in place of:
This patch to the <code>vncviewer</code> source code enables it to crack its way into a <code>vncserver</code> instead of simply requesting the password from the local user.
The WinVNC software contains two vulnerabilities:
The fixed password length (up to 8 characters) that VNC uses is vulnerable. This vulnerability also applies to the linux vncserver. When the WinVNC server is installed on a Microsoft operating system, the encrypted password can be found under the following registry keys (look for the word "password"):
The fixed encryption key that VNC uses is insecure. When the WinVNC server encrypts a password it always uses the same fixed key, so the DES encrypted output is always the same for any given password. Since the software is open-source, the fixed key is publicly available, making the encryption pointless. The WinVNC server always uses the same fixed key in the current version:
This mean that an attacker with read access to the Microsoft operating system's registry can simply decode the password and obtain the plain-text version of it.
This will bring up a VNC client which is recording everything from your VNC server into the outfile.swf and once you quit by pressing F8 Q it will also build outfile.html which you can open in Firefox to review your captured animation, or should I say your next blockbuster.
Update: The Python version of vnc2swf includes a nifty sliding search bar at the bottom of your masterpiece, so that you can seek (and your audience can skip over any less-than stellar segments of your creation). For Debian stable, we can get it installed something like this:
This brings up a nice friendly dialog box, with a "Start" button, which initiates the recording of the VNC server session, so you just control the VNC session you're recording using your regular VNC viewer.
本文转自 h2appy 51CTO博客,原文链接:http://blog.51cto.com/h2appy/182578,如需转载请自行联系原作者
![Bugku-WEB-web33[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)