VNC
Frequently Asked Questions

How can I find out if I already have vncserver jobs running under my account?
How can I run a secure VNC session?
What if I forget my VNC password?
How can I get a larger or smaller screen?
I can't get vncserver to launch a session.



How can I find out if I already have vncserver jobs running under my account?

First, check your $HOME/.vnc directory for files with the .pid extension. Every vncserver job creates two files in you $HOME/.vnc directory. For example, if you had a job running on antares called antares:32, then your .vnc directory would contain a log file, antares:32.log, and a process id file, antares:32.pid. The .pid file will remain as long as the vncserver job is running, and will be deleted when vncserver terminates. As well, while your vncserver job is running, there will be a file in /tmp/.X11-unix which represents the socket for the port used by vnc. For example, antares:32 would have a socket file called /tmp/.X11-unix/X32=.

Note: If  you are on a system that remotely mounts $HOME directories to several login hosts, every login host has its own /tmp directory. If you were running a vncserver job on antares, but were logged into merak in another window, you wouldn't see X32= in the /tmp/.X11-unix directory on merak.

The presence  .pid and socket files does not absolutely guarantee that you have an active vncserver job. If vncserver crashes, these files might not be deleted. If you have an active vncserver job on a given login host, then top or ps will show the presence of jobs called Xvnc (the program that creates your vnc session) and vncserver (the script runs Xvnc). If you are running a GNOME desktop, you should also have a job called 'gconfd-2'.

How can I run a secure VNC session?

VNC has no built-in security methods. The one exception is that your password is encrypted when you start up vncviewer. To run a secure vnc session, you need to do port forwarding using ssh. vncviewer connects to a vncserver job at any one of 100 ports, numbered 5900 through 5999.

Suppose you had a vncserver job running on antares called antares:32. That job is actually using port 5932. To connect to this job from your desktop machine, you want to forward this remote port to a port on the local machine. That way, you can connect your vncviewer to the local port, which will forward encrypted packets to and from the remote port. For example, to open an ssh session to antares:32,

ssh -l userid -L 5932:antares:5932 antares

The left most '5932' tells the port on your local machine that is going to be used. 'antares:5932' is the remote port that is to be connected to your local port. 'antares' is the name of the remote host on which the session is running. Note that the numbers of the remote and local ports do not have to be the same. If port 32 was already in use on your local machine, then you could forward to another local port.

Once port forwarding is established, just open up vncivewer to the local port

vncviewer :32

When you are finished. Kill vncviewer. Remember, antares:32 is still running on antares, so you should also kill this job on antares. It is never a good idea to leave idle vncserver jobs running.

What if I forget my VNC password?

You can always change your VNC password by typing

vncpasswd

How can I get a larger or smaller screen?

The size of the VNC screen seen in the vncviewer window can be set using the -geometry option when you launch vncserver.

command
 width x height (pixels)
vncserver
1024 x 768 (default)
vncserver -geometry 1024x768
1024 x 768
vncserver -geometry 1152x900
1152 x 900
vncserver -geometry 1200x950
1200 x 950

I can't get vncserver to launch a session.

If the log file in your .vnc directory shows messages saying something like 'Failed to establish all listening sockets', chances are that the /tmp/.X11-unix directory on your system is not world-writeable. The best solution is to ask your system administrator to make /tmp/.X11-unix world-writeable. However,. a workaround is to use the -nolisten local option:

vncserver -nolisten local

This option bypasses the /tmp/.X11-unix directory. However, the down side is that you will not be able to do port forwarding to run a secure vnc session via ssh.




Return to BIRCH home page