VNC服务
VNC是一种协议,它的全称是virtualnetworkcomputing,是一种C/S架构的协议,所以需要客户端和服务端同时执行,在服务端监听5800,5801,5901等多个可能的端口,而客户端只需要想sever端发起连接请求,并输入账号密码(不是linux系统内用户的账号密码,而是VNC自己的密码)即可访问了,但是VNC在网上传输的时候是没有加密的,所以我们的账号密码在网上传输的时候是很容易被捕获到的,这时候我们可以结合sshd来实现加密传送;
1. Linux端安装VNC服务
[root@www ~]# yum install tigervnc-server
[root@www ~]# rpm -qc tigervnc-server
/etc/sysconfig/vncservers
2. 添加root用户和user1用户的VNC密码(最好不要和系统上的密码一样)
[root@www ~]# vim /etc/sysconfig/vncservers
VNCSERVERS="1:root 2:user1"
VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp"
其中:
geometry widthx height:Specify the size of the VNC desktop to be created. Default is 1024x768.
[root@www ~]# vncpasswd
Password:
Verify:
[user1@www ~]$ vncpasswd
Password:
Verify:
3. 启动服务生成相应的文件
[root@www ~]# vncserver
xauth: creating new authority file /root/.Xauthority
New ' (root)' desktop is
Creating default startup script /root/.vnc/xstartup
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/.log
[user1@www ~]$ vncserver
xauth: creating new authority file /home/user1/.Xauthority
New ' (user1)' desktop is
Creating default startup script /home/user1/.vnc/xstartup
Starting applications specified in /home/user1/.vnc/xstartup
Log file is /home/user1/.vnc/.log
4. 查看已经打开的VNC服务
[root@www ~]# vncserver -list
TigerVNC server sessions:
X DISPLAY # PROCESS ID
:2 22033
:1 21785
5. 关闭VNC服务
[root@www ~]# vncserver -kill :2
Killing Xvnc process ID 22033
[root@www ~]# vncserver -list
TigerVNC server sessions:
X DISPLAY # PROCESS ID
:1 21785
6. 先关闭服务再启动服务(防火墙和SElinux已经关闭)
[root@www ~]# /etc/init.d/vncserver start
Starting VNC server: 1:root
New ' (root)' desktop is
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/.log
2:user1 A VNC server is already running as :2
[ OK ]
或者
[root@www ~]# service vncserver start
7. windows客户端远程访问
或者输入IP:5091进行连接
8. 使用安全的SSH进行连接
VNC是明文的不安全的.连接过程可能会被窃听,干扰.可以使用SSH通道加密,然后再由远程主机的回环地址通信,会加大安全性.
vnc默认监听5901端口,而ssh连接是安全的,vnc可以设置监听地址为本地,所以通过ssh隧道去连接vnc可以认为是安全可靠的
SSH连接工具:SecureCRT
8.1 打开SecureCRT--选项--会话选项--端口转发--添加
名称可任意
本地端口5901
远程端口5901
这样,本地的5901端口将与远程服务器的5901通过ssh隧道连接,所以这里的vnc连接时,需要保持这个ssh连接不掉线。
8.2 服务器端
[root@www ~]# vim /etc/sysconfig/vncservers
VNCSERVERS="1:root"
VNCSERVERARGS[1]="-geometry 800x600 -nolisten tcp -localhost"
8.3 启动服务
[root@www ~]# vncserver
New ' (root)' desktop is
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/.log
8.4 windows上测试
地址这里是localhost:1,因为走了ssh隧道,所以不需要填写服务器IP了
补充说明:
$HOME/.vnc/xstartup
A shell script specifying X applications to be run when a VNC desktop is started. If this file does not exist, then vncserver will create a default xstartup script which attempts to launch your chosen window manager.
$HOME/.vnc/passwd
The VNC password file.
$HOME/.vnc/host:display#.log
The log file for Xvnc and applications started in xstartup.
$HOME/.vnc/host:display#.pid
Identifies the Xvnc process ID, used by the -kill option.
Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
Use "-localhost" to prevent remote VNC clients connecting except when doing so through a secure tunnel. See the "-via" option in the `man vncviewer` manual page.
阅读(3550) | 评论(0) | 转发(0) |