You are not logged in.

#1 2017-01-29 22:10:26

WyRe
Member
Registered: 2015-09-26
Posts: 26

Setup VNC through SSH.

I've got a server that I'm managing with ssh, (the machine has not display, keyboard or mouse plugged) Xserver is installed but I've not setup any .xinitrc because all programs what I'm using are loaded by services in startup. I would like to setup VNC to do remote managing of a few graphical applications, (until now I used to do that with -X ssh parameter but that implies when I close this instance the application also closes) I'm trying to setup VNC but I don't know if I can do that by ssh, because I'm having some issues, for instance $DISPLAY variable is empty:

[wyre@PentiumServ ~]$ echo $DISPLAY

[wyre@PentiumServ ~]$ 

This is the vncserver output:

[wyre@PentiumServ ~]$ vncserver -kill :1
Killing Xvnc process ID 15987
[wyre@PentiumServ ~]$ vncserver
xauth: (stdin):1:  bad display name "PentiumServ:1" in "add" command

New 'PentiumServ:1 (wyre)' desktop is PentiumServ:1

Starting applications specified in /home/wyre/.vnc/xstartup
Log file is /home/wyre/.vnc/PentiumServ:1.log

[wyre@PentiumServ ~]$ 

Also I cannot start vncserver service: (at least how is specified in TigerVNC Arch wiki entry)

[wyre@PentiumServ ~]$ sudo systemctl --user start vncserver@:1
[sudo] password for wyre: 
Failed to connect to bus: No such file or directory
[wyre@PentiumServ ~]$ 

This is the service status:

[wyre@PentiumServ ~]$ systemctl status vncserver.service 
* vncserver.service - Remote desktop service (VNC)
   Loaded: loaded (/usr/lib/systemd/system/vncserver.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sun 2017-01-29 22:24:05 CET; 34min ago
  Process: 15959 ExecStop=/usr/bin/vncserver -kill %i (code=exited, status=2)
  Process: 15956 ExecStart=/usr/bin/vncserver -fg %i (code=exited, status=2)
  Process: 15953 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i >/dev/null 2>&1 || true (code=exited, status=0/SUCCESS)
 Main PID: 15956 (code=exited, status=2)

Jan 29 22:24:05 PentiumServ systemd[1]: Starting Remote desktop service (VNC)...
Jan 29 22:24:05 PentiumServ systemd[1]: Started Remote desktop service (VNC).
Jan 29 22:24:05 PentiumServ vncserver[15956]: vncserver: The HOME environment variable is not set.
Jan 29 22:24:05 PentiumServ systemd[1]: vncserver.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Jan 29 22:24:05 PentiumServ vncserver[15959]: vncserver: The HOME environment variable is not set.
Jan 29 22:24:05 PentiumServ systemd[1]: vncserver.service: Control process exited, code=exited status=2
Jan 29 22:24:05 PentiumServ systemd[1]: vncserver.service: Unit entered failed state.
Jan 29 22:24:05 PentiumServ systemd[1]: vncserver.service: Failed with result 'exit-code'.
[wyre@PentiumServ ~]$ 

Anyway, vncserver output seems to launch the vnc, but when I try to connect from the machine where I'm doing remote control I get this output:

┌————— [wyre] ————— [~] 
└▶ $ vncviewer 192.168.1.8

TigerVNC Viewer 64-bit v1.7.1
Built on: 2017-01-23 15:56
Copyright (C) 1999-2016 TigerVNC Team and many others (see README.txt)
See [url]http://www.tigervnc.org[/url] for information on TigerVNC.

Sun Jan 29 23:01:26 2017
 DecodeManager: Detected 4 CPU core(s)
 DecodeManager: Creating 4 decoder thread(s)
 CConn:       unable connect to socket: Connection refused (111)
┌————— [wyre] ————— [~] 
└▶ $ 

My 5901 port is open (when I get to do work VNC I'll tunnel ports via ssh) but since I'm using internal LAN IP shouldn't be necessary. I'll post ~/.vnc/ contents if would be necessary.

Thank you and sorry if this is not the appropriate subforum.

Offline

#2 2017-01-29 22:15:21

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,719
Website

Re: Setup VNC through SSH.

Don't start a user service with sudo... it's your user that is running the service.

Offline

#3 2017-01-29 22:21:06

WyRe
Member
Registered: 2015-09-26
Posts: 26

Re: Setup VNC through SSH.

Ok, right, thank you, the service is now active

[wyre@PentiumServ ~]$ systemctl --user start vncserver@:1
[wyre@PentiumServ ~]$ systemctl --user status vncserver@:1
* vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/usr/lib/systemd/user/vncserver@.service; disabled; vendor preset: enabled)
   Active: active (running) since Sun 2017-01-29 23:18:31 CET; 1min 28s ago
  Process: 17241 ExecStart=/usr/bin/vncserver %i (code=exited, status=0/SUCCESS)
  Process: 17230 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
   CGroup: /user.slice/user-1000.slice/user@1000.service/vncserver.slice/vncserver@:1.service
           |-17250 /usr/bin/Xvnc :1 -alwaysshared -desktop sandbox -geometry 800x600 -localhost -securitytypes vncauth,tlsvnc -auth /hom
           |-17256 /usr/bin/vncconfig -nowin
           |-17258 xterm -geometry 80x66+0+0 -name login
           |-17263 twm
           |-17264 xclock -geometry 50x50-1+1
           |-17265 xterm -geometry 80x50+494+51
           |-17266 xterm -geometry 80x20+494-0
           |-17268 bash
           |-17271 bash
           `-17276 bash

Jan 29 23:18:27 PentiumServ systemd[350]: Starting Remote desktop service (VNC)...
Jan 29 23:18:31 PentiumServ vncserver[17241]: New 'PentiumServ:1 (wyre)' desktop is PentiumServ:1
Jan 29 23:18:31 PentiumServ vncserver[17241]: Starting applications specified in /home/wyre/.vnc/xstartup
Jan 29 23:18:31 PentiumServ vncserver[17241]: Log file is /home/wyre/.vnc/PentiumServ:1.log
Jan 29 23:18:31 PentiumServ systemd[350]: Started Remote desktop service (VNC).

but still I'm getting connection refused fail

Offline

#4 2017-01-29 22:31:19

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,719
Website

Re: Setup VNC through SSH.

https://wiki.archlinux.org/index.php/Ti … the_client

WyRe wrote:

My 5901 port is open (when I get to do work VNC I'll tunnel ports via ssh) but since I'm using internal LAN IP shouldn't be necessary. I'll post ~/.vnc/ contents if would be necessary.

Bad idea.  You've already opened up the world to the box via ssh so why add another vector for attack?  Read the wiki page I wrote and linked.

Last edited by graysky (2017-01-29 22:32:40)

Offline

#5 2017-01-29 22:37:48

WyRe
Member
Registered: 2015-09-26
Posts: 26

Re: Setup VNC through SSH.

graysky wrote:

https://wiki.archlinux.org/index.php/Ti … the_client

WyRe wrote:

My 5901 port is open (when I get to do work VNC I'll tunnel ports via ssh) but since I'm using internal LAN IP shouldn't be necessary. I'll post ~/.vnc/ contents if would be necessary.

Bad idea.  You've already opened up the world to the box via ssh so why add another vector for attack?  Read the wiki page I wrote and linked.


Ok. I've closed the port, but I don't understand, if I'm using internal IPs why I need open ports? Would not be enough using this?

vncviewer 192.168.1.8

Offline

#6 2017-01-29 23:48:33

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,719
Website

Re: Setup VNC through SSH.

Yes, behind the LAN.  Do you have your firewall properly configured?

Offline

#7 2017-01-30 01:23:10

WyRe
Member
Registered: 2015-09-26
Posts: 26

Re: Setup VNC through SSH.

graysky wrote:

Yes, behind the LAN.  Do you have your firewall properly configured?

Yes, it is done, I was trying to connect without do ssh tunnel. But I'm still confused about why I should use ports in local IPs...

Offline

#8 2017-01-30 01:46:22

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,719
Website

Re: Setup VNC through SSH.

You don't have to but they don't hurt and if you plan to use vnc over the WAN, use them for security.

Offline

Board footer

Powered by FluxBB