How can I
find out if I already have
vncserver jobs running under my account?
First, check your $HOME/.vnc directory for files with the .pid
extension. Every vncserver job creates two files in you $HOME/.vnc
directory. For example, if you had a job running on antares called
antares:32, then your .vnc directory would contain a log file,
antares:32.log, and a process id file, antares:32.pid. The .pid file
will remain as long as the vncserver job is running, and will be
deleted when vncserver terminates. As well, while your vncserver job is
running, there will be a file in /tmp/.X11-unix which represents the
socket for the port used by vnc. For example, antares:32 would have a
socket file called /tmp/.X11-unix/X32=.
Note: If you are on a system that remotely mounts $HOME
directories to several login hosts, every login host has its own /tmp
directory. If you were running a vncserver job on antares, but were
logged into merak in another window, you wouldn't see X32= in the
/tmp/.X11-unix directory on merak.
The presence .pid and socket files does not absolutely guarantee
that you have an active vncserver job. If vncserver crashes, these
files might not be deleted. If you have an active vncserver job on a
given login host, then top or ps will show the presence of jobs called
Xvnc (the program that creates your vnc session) and vncserver (the
script runs Xvnc). If you are running a GNOME desktop, you should also
have a job called 'gconfd-2'.
How can I run a
secure VNC session?
VNC has no built-in security methods. The one exception is that your
password is encrypted when you start up vncviewer. To run a secure vnc
session, you need to do port forwarding using ssh. vncviewer connects
to a vncserver job at any one of 100 ports, numbered 5900 through 5999.
Suppose you had a vncserver job running on antares called antares:32.
That job is actually using port 5932. To connect to this job from your
desktop machine, you want to forward this remote port to a port on the
local machine. That way, you can connect your vncviewer to the local
port, which will forward encrypted packets to and from the remote port.
For example, to open an ssh session to antares:32,
ssh -l userid
-L 5932:antares:5932 antares
The left most '5932' tells the port on your local machine that is going
to be used. 'antares:5932' is the remote port that is to be connected
to your local port. 'antares' is the name of the remote host on which
the session is running. Note that the numbers of the remote and local
ports do not have to be the same. If port 32 was already in use on your
local machine, then you could forward to another local port.
Once port forwarding is established, just open up vncivewer to the
When you are finished. Kill vncviewer. Remember, antares:32 is still
running on antares, so you should also kill this job on antares. It is
never a good idea to leave idle vncserver jobs running.
What if I
forget my VNC password?
You can always change your VNC password by typing
How can I get
a larger or smaller
The size of the VNC screen seen in the vncviewer window can be set
using the -geometry option when you launch vncserver.
x height (pixels)
|1024 x 768 (default)
|1024 x 768
|1152 x 900
|1200 x 950
can't get vncserver to
launch a session.
If the log file in your .vnc directory shows messages saying something
like 'Failed to establish all listening sockets', chances are that the
/tmp/.X11-unix directory on your system is not world-writeable. The
best solution is to ask your system administrator to make
/tmp/.X11-unix world-writeable. However,. a workaround is to use the
-nolisten local option:
This option bypasses the /tmp/.X11-unix directory. However, the down
side is that you will not be able to do port forwarding to run a secure
vnc session via ssh.