Setup VNC through SSH.

WyRe · 2017-01-29 22:10:26

I've got a server that I'm managing with ssh, (the machine has not display, keyboard or mouse plugged) Xserver is installed but I've not setup any .xinitrc because all programs what I'm using are loaded by services in startup. I would like to setup VNC to do remote managing of a few graphical applications, (until now I used to do that with -X ssh parameter but that implies when I close this instance the application also closes) I'm trying to setup VNC but I don't know if I can do that by ssh, because I'm having some issues, for instance $DISPLAY variable is empty:

[wyre@PentiumServ ~]$ echo $DISPLAY

[wyre@PentiumServ ~]$

This is the vncserver output:

[wyre@PentiumServ ~]$ vncserver -kill :1
Killing Xvnc process ID 15987
[wyre@PentiumServ ~]$ vncserver
xauth: (stdin):1:  bad display name "PentiumServ:1" in "add" command

New 'PentiumServ:1 (wyre)' desktop is PentiumServ:1

Starting applications specified in /home/wyre/.vnc/xstartup
Log file is /home/wyre/.vnc/PentiumServ:1.log

[wyre@PentiumServ ~]$

Also I cannot start vncserver service: (at least how is specified in TigerVNC Arch wiki entry)

[wyre@PentiumServ ~]$ sudo systemctl --user start vncserver@:1
[sudo] password for wyre: 
Failed to connect to bus: No such file or directory
[wyre@PentiumServ ~]$

This is the service status:

[wyre@PentiumServ ~]$ systemctl status vncserver.service 
* vncserver.service - Remote desktop service (VNC)
   Loaded: loaded (/usr/lib/systemd/system/vncserver.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sun 2017-01-29 22:24:05 CET; 34min ago
  Process: 15959 ExecStop=/usr/bin/vncserver -kill %i (code=exited, status=2)
  Process: 15956 ExecStart=/usr/bin/vncserver -fg %i (code=exited, status=2)
  Process: 15953 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i >/dev/null 2>&1 || true (code=exited, status=0/SUCCESS)
 Main PID: 15956 (code=exited, status=2)

Jan 29 22:24:05 PentiumServ systemd[1]: Starting Remote desktop service (VNC)...
Jan 29 22:24:05 PentiumServ systemd[1]: Started Remote desktop service (VNC).
Jan 29 22:24:05 PentiumServ vncserver[15956]: vncserver: The HOME environment variable is not set.
Jan 29 22:24:05 PentiumServ systemd[1]: vncserver.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Jan 29 22:24:05 PentiumServ vncserver[15959]: vncserver: The HOME environment variable is not set.
Jan 29 22:24:05 PentiumServ systemd[1]: vncserver.service: Control process exited, code=exited status=2
Jan 29 22:24:05 PentiumServ systemd[1]: vncserver.service: Unit entered failed state.
Jan 29 22:24:05 PentiumServ systemd[1]: vncserver.service: Failed with result 'exit-code'.
[wyre@PentiumServ ~]$

Anyway, vncserver output seems to launch the vnc, but when I try to connect from the machine where I'm doing remote control I get this output:

┌————— [wyre] ————— [~] 
└▶ $ vncviewer 192.168.1.8

TigerVNC Viewer 64-bit v1.7.1
Built on: 2017-01-23 15:56
Copyright (C) 1999-2016 TigerVNC Team and many others (see README.txt)
See [url]http://www.tigervnc.org[/url] for information on TigerVNC.

Sun Jan 29 23:01:26 2017
 DecodeManager: Detected 4 CPU core(s)
 DecodeManager: Creating 4 decoder thread(s)
 CConn:       unable connect to socket: Connection refused (111)
┌————— [wyre] ————— [~] 
└▶ $

My 5901 port is open (when I get to do work VNC I'll tunnel ports via ssh) but since I'm using internal LAN IP shouldn't be necessary. I'll post ~/.vnc/ contents if would be necessary.

Thank you and sorry if this is not the appropriate subforum.

graysky · 2017-01-29 22:15:21

Don't start a user service with sudo... it's your user that is running the service.

WyRe · 2017-01-29 22:21:06

Ok, right, thank you, the service is now active

[wyre@PentiumServ ~]$ systemctl --user start vncserver@:1
[wyre@PentiumServ ~]$ systemctl --user status vncserver@:1
* vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/usr/lib/systemd/user/vncserver@.service; disabled; vendor preset: enabled)
   Active: active (running) since Sun 2017-01-29 23:18:31 CET; 1min 28s ago
  Process: 17241 ExecStart=/usr/bin/vncserver %i (code=exited, status=0/SUCCESS)
  Process: 17230 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
   CGroup: /user.slice/user-1000.slice/user@1000.service/vncserver.slice/vncserver@:1.service
           |-17250 /usr/bin/Xvnc :1 -alwaysshared -desktop sandbox -geometry 800x600 -localhost -securitytypes vncauth,tlsvnc -auth /hom
           |-17256 /usr/bin/vncconfig -nowin
           |-17258 xterm -geometry 80x66+0+0 -name login
           |-17263 twm
           |-17264 xclock -geometry 50x50-1+1
           |-17265 xterm -geometry 80x50+494+51
           |-17266 xterm -geometry 80x20+494-0
           |-17268 bash
           |-17271 bash
           `-17276 bash

Jan 29 23:18:27 PentiumServ systemd[350]: Starting Remote desktop service (VNC)...
Jan 29 23:18:31 PentiumServ vncserver[17241]: New 'PentiumServ:1 (wyre)' desktop is PentiumServ:1
Jan 29 23:18:31 PentiumServ vncserver[17241]: Starting applications specified in /home/wyre/.vnc/xstartup
Jan 29 23:18:31 PentiumServ vncserver[17241]: Log file is /home/wyre/.vnc/PentiumServ:1.log
Jan 29 23:18:31 PentiumServ systemd[350]: Started Remote desktop service (VNC).

but still I'm getting connection refused fail

graysky · 2017-01-29 22:31:19

https://wiki.archlinux.org/index.php/Ti … the_client

WyRe wrote:

My 5901 port is open (when I get to do work VNC I'll tunnel ports via ssh) but since I'm using internal LAN IP shouldn't be necessary. I'll post ~/.vnc/ contents if would be necessary.

Bad idea. You've already opened up the world to the box via ssh so why add another vector for attack? Read the wiki page I wrote and linked.

Last edited by graysky (2017-01-29 22:32:40)

WyRe · 2017-01-29 22:37:48

graysky wrote:

https://wiki.archlinux.org/index.php/Ti … the_client
WyRe wrote:
My 5901 port is open (when I get to do work VNC I'll tunnel ports via ssh) but since I'm using internal LAN IP shouldn't be necessary. I'll post ~/.vnc/ contents if would be necessary.
Bad idea. You've already opened up the world to the box via ssh so why add another vector for attack? Read the wiki page I wrote and linked.

Ok. I've closed the port, but I don't understand, if I'm using internal IPs why I need open ports? Would not be enough using this?

vncviewer 192.168.1.8

graysky · 2017-01-29 23:48:33

Yes, behind the LAN. Do you have your firewall properly configured?

WyRe · 2017-01-30 01:23:10

graysky wrote:

Yes, behind the LAN. Do you have your firewall properly configured?

Yes, it is done, I was trying to connect without do ssh tunnel. But I'm still confused about why I should use ports in local IPs...

graysky · 2017-01-30 01:46:22

You don't have to but they don't hurt and if you plan to use vnc over the WAN, use them for security.

Arch Linux

#1 2017-01-29 22:10:26

Setup VNC through SSH.

#2 2017-01-29 22:15:21

Re: Setup VNC through SSH.

#3 2017-01-29 22:21:06

Re: Setup VNC through SSH.

#4 2017-01-29 22:31:19

Re: Setup VNC through SSH.

#5 2017-01-29 22:37:48

Re: Setup VNC through SSH.

#6 2017-01-29 23:48:33

Re: Setup VNC through SSH.

#7 2017-01-30 01:23:10

Re: Setup VNC through SSH.

#8 2017-01-30 01:46:22

Re: Setup VNC through SSH.

Board footer