Start VNC server on OS load

[asmoore82]

HOWTO: Perfect Headless Server Setup with Secure VNC and RDP.

For this guide, we'll assume you are already comfortable with the text editor
of your choice and can edit and save system wide config files that require
root privilege without further instruction.

Also, We'll assume you are running the Desktop Edition of Ubuntu 9.10 Karmic Koala.
It should be easily adaptable to the Server Edition but I think it really needs to be Karmic or later.

Using the Desktop Edition makes it a little more difficult so we should cover all of the "Gotchas."

First of all, any server worth its salt has a static I.P. address and always brings up networking on boot.
In other words, we are about to go beyond the use case of NetworkManager,
so let's just turn it off! Edit "/etc/network/interfaces" to make it look like this:

Code:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
	address 192.168.100.10
	netmask 255.255.255.0
	network 192.168.100.0
	broadcast 192.168.100.255
	gateway 192.168.100.1

^replacing all of the 192.168.*.* with suitable values for you network, of course.

Next edit "/etc/resolv.conf"

Code:

# /etc/resolv.conf
nameserver 192.168.100.1
nameserver 192.168.100.2
search example.com

^replacing with your network info as necessary

Starting with Karmic, certain lucky init scripts now live in "/etc/init/"
and are fully Upstart-able.
NetworkManager is one of these, so disabled it like so:

Code:

sudo mv /etc/init/network-manager.conf{,.disabled}

Now, Restart the machine and make sure networking is OK

Like the static IP, any good server also has SSH, this is important to us
because our VNC server will only accept local or SSH-tunnel connections, so

Code:

sudo apt-get install openssh-server

We need to turn off and disable gdm, so our VNC can be running on Display :0
Log in to the real console(Ctrl+Alt+F1) and do it Upstart style!

Code:

sudo stop gdm
sudo mv /etc/init/gdm.conf{,.disabled}

We need to install a standalone VNC server, tightvnc gave me trouble
by mangling remote keyboard input, so I'm using vnc4server:

Code:

sudo apt-get install vnc4server

We need to pick a user for autologin in VNC, for this, we'll assume it's the user "mark"

We need to set mark's VNC password, run `vnc4passwd` as mark

Now we will see the beauty in Upstart, we are going to write a 100% valid
initscript in less than 15 lines.
Create "/etc/init/vnc-mark.conf" like this:

Code:

# vnc-mark.conf

start on runlevel [2345]
stop on runlevel [016]

pre-start script
	su mark -c 'vnc4server :0 -geometry 1024x768 -localhost'
end script

post-stop script
	su mark -c 'vnc4server -kill :0'
end script

#End of File

^remember to replace "mark" with your username

Now we are ready to start the VNC service, Upstart style!

Code:

sudo start vnc-mark

That's it for the VNC portion, you can't stop here if you don't want RDP support.
RDP is "Remote Desktop Protocol" for [Gasp] Windows machines. Sometimes it's
convenient to be able to control your headless Linux box from a Windows PC without
having to install additional software in Windows, some people are touchy about that!
Life without Walls sure can make you paranoid! Cold and damp too I guess.

We're going to use a very narrow bit of the xrdp software's powers,
all we want it to do for us is be a translator for VNC and RDP.
So, install it and immediately stop it(not Upstart style :'[)

Code:

sudo apt-get install xrdp
sudo service xrdp stop

Edit/Demolish "/etc/xrdp/xrdp.ini" to this:

Code:

[globals]
bitmap_cache=yes
bitmap_compression=yes
port=3389
crypt_level=low
channel_code=1

[xrdp1]
name=mark@VNC
lib=libvnc.so
username=na
password=ask
ip=127.0.0.1
port=5900

[xrdp2]
name=disabled
#lib=libvnc.so
#ip=127.0.0.1
#port=5900
#username=na
#password=ask
#
[xrdp3]
name=disabled
#lib=libvnc.so
#ip=ask
#port=ask5900
#username=na
#password=ask
#
[xrdp4]
name=disabled
#lib=libvnc.so
#ip=ask
#port=-1
#username=ask
#password=ask
#
[xrdp5]
name=disabled
#lib=librdp.so
#ip=ask
#port=ask3389
#
[xrdp6]
name=disabled
#lib=libxup.so
#username=ask
#password=ask
#ip=127.0.0.1
#port=-1

^again change "mark" to suit your needs, I was nice and used comments for Demolition.

Fire up xrdp again:

Code:

sudo service xrdp start

That's all Folks!

Control your headless box from other Linux boxes with this:

Code:

vncviewer -via mark@192.168.100.10 localhost

^replace username@IP as needed
the `-via` option tells `vncviewer` to use the SSH tunnel
the "localhost" bit is tricky because you have to specify the
hostname from the point of view of the SSH tunnel

If you did the last bit you can also control from "Remote Desktop Viewer" on a PC.

[t0lkman]

Why do you use libvnc.so? instead libxup.so ?
I've noticed with libvnc.so it works slower, probbaly because it's kinda VNC over RDP

I tried to use libxup.so works well for me, except the keyboard mapping...
keyboard layout completely wrong with libxup.so

Evgeny.

[HermanAB]

Howdy,

Note that VNC is insecure and pretty much a guaranteed way to get your Ubuntu machine hacked. These forums are full of tales of VNC woe - about one sucker per month.

VNC is supposed to be safe for use on a LAN, but due to some things it does with Plug and Play, it tends to open up an unsuspecting machine to the wild wild world if it is behind a garden variety router or firewall that supports PnP.

So, unless you are a masochist and actually want to get hacked and re-install all the machines on your LAN, please do consider removing VNC and using SSH instead.

This is why all the gray beards use SSH and not VNC...

[asmoore82]

Howdy,

Note that VNC is insecure and pretty much a guaranteed way to get your Ubuntu machine hacked. These forums are full of tales of VNC woe - about one sucker per month.

VNC is supposed to be safe for use on a LAN, but due to some things it does with Plug and Play, it tends to open up an unsuspecting machine to the wild wild world if it is behind a garden variety router or firewall that supports PnP.

So, unless you are a masochist and actually want to get hacked and re-install all the machines on your LAN, please do consider removing VNC and using SSH instead.

This is why all the gray beards use SSH and not VNC...

...Someone obviously didn't read my Howto...

SSH Tunneling!

[e24ohm]

...Someone obviously didn't read my Howto...

SSH Tunneling!

Yeah, I saw a How-To in Linux Pro magazine, and it was really nice on how to tunnel vnc through SSH.

thanks

[lokutus25]

Thanks asmoore82 for the howto.
I followed the instruction but when i connect to my remote server using vncviewer -via XXX, I don't have a login or my user desktop. All I have is a grey window and a mouse pointer. I think I'm near the solution but can you point me in the right direction?