Mark yourself after torturing yourself in the computer room for a long time. (Test environment rhel5.5)
Independent service configuration of vnc
Step 1 :
(1) Check whether the vnc service is installed on the system (you can also check it in the system-administrator-service and check the startup Self-start)
# rpm -qa | grep vnc
(If there is a return value, similar to the value of vnc-server, it means that vnc-server has been installed and this step can be skipped. )
(2) Install vnc:
(进入挂载目录) # cd /rhdvd/Server (安装 vnc-server) # rpm -ivh vnc-server-4.1.2-14.el5_6.6.x86_64.rpm (安装 vnc-viewer) # rpm -ivh vnc-4.1.2-14.el5_6.6.x86_64.rpm
(3) Verify whether the vnc-server package is installed successfully:
# rpm -qa vnc-server-4(显示 vnc-server-4.1.2-14.el5_6.6)
Step 2:
(1) Run vnc service
# vncservers
(You need to enter the vnc password for the first run. This password is the vnc password of the current user root)
(2) Add user and set password and set vnc password :
# useradd user001 (添加用户) # passwd user001 (设置用户密码) # su - user001 (切换用户) # vncpasswd (设置vnc密码,密码文件在 /用户/.vnc/passwd)
(Note that vncpass here can only be run under the vnc user. For example, if you want to configure the vnc authentication password with the user name user001, you need to switch to user001 user, and then run the vncpasswd command)
(3) Repeatedly create user002, user003....
Step 3:
Before configuring VNC, you must understand the operating mechanism of VNC
VNC under Linux can start multiple vncservers at the same time. They are distinguished by display numbers. Each vncserver service listens to 3 ports, which are:
HTTP protocol default port 5800 + display number: VNC’s http listening port. If the VNC client is IE, Firefox and other non-vncviewer must be opened.
RFB protocol default port 5900+display number: the real port for communication between the VNC server and the client, which must be open unconditionally.
X protocol default port 6000+display number : X listening port, optional.
The display number and open ports are controlled by VNCSERVERS and VNCSERVERARGS in the /etc/sysconfig/vncservers file respectively.
(1) Configure the configuration file of the vnc service
# vi /etc/sysconfig/vncservers
The content is as follows:
# The VNCSERVERS variable is a list of display:user pairs. # # Uncomment the lines below to start a VNC server on display :2# as my 'myusername' (adjust this to your own). You will also # need to set a VNC password; run 'man vncpasswd' to see how # to do that. # # DO NOT RUN THIS SERVICE if your local area network is# untrusted! For a secure way of using VNC, see # <URL:http://www.uk.research.att.com/archive/vnc/sshvnc.html>.# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP. # Use "-nohttpd" to prevent web-based VNC clients connecting. # Use "-localhost" to prevent remote VNC clients connecting except when # doing so through a secure tunnel. See the "-via" option in the # `man vncviewer' manual page.# VNCSERVERS="2:myusername"# VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -nohttpd -localhost"VNCSERVERS="1:user001 2:user002 3:user003 4:user004" (添加) VNCSERVERARGS[1]="-geometry 1366x768 -AlwaysShared" (添加) VNCSERVERARGS[2]="-geometry 1366x768 -AlwaysShared" (添加) VNCSERVERARGS[3]="-geometry 1366x768 -AlwaysShared" (添加) VNCSERVERARGS[4]="-geometry 1366x768 -AlwaysShared" (添加)
Description: [1] VNCSERVERS= can support multiple users, separated by spaces, the number is the port number, that is, the desktop Number.
【2】The data in [] after VNCSERVERARGS must be consistent with the value of the corresponding user after VNCSERVERS. The basic parameters of VNCSERVERARGS are:
-geometry 桌面大小,缺省是1024x768分辨率-nohttpd 不监听HTTP端口,58xx端口(建议不写) -nolisten tcp 不监听X端口,60xx端口(建议不写) -localhost 只允许从本机访问(不写)-SecurityTypes None 登录不需要密码认证VncAuth,默认要密码认证-depth 表示色深,参数有8,16,24,32-AlwaysShared 默认只能有一个vncviewer连接(跟客户端配置也有关),一旦第2个连上去,第1个就被断开了,此参数允许同时连多个vncviewer
Step 4:
(1) Start vncserver
# service vncserver start (即时开启服务并生效) # /etc/init.d/vncserver start # service vncserver stop (即时关闭服务并生效) # /etc/init.d/vncserver stop # chkconfig vncserver on (将vncserver设置为开机启动,重启生效) # chkconfig vncserver off (将vncserver设置为开机不启动,重启生效)
步骤五:
(1)配置VNC图形桌面环境
vnc都配置完毕并且正常运行,但是用VNC-Viewer登录后显示的屏幕却为灰色(也有黑色的),并且无法进行任何操作。
原来VNC xstartup程序中默认的设定值是启动twm,而不是GNOME或KDE。
【1】修改xstart文件:
# vi /home/用户/.vnc/xstartup (root用户为 /root/.vnc/xstartup)
内容如下:
#!/bin/sh # Uncomment the following two lines for normal desktop: unset SESSION_MANAGER (去掉注解) exec /etc/X11/xinit/xinitrc (去掉注解) [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic &# xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" & (注解此行) gnome-session & (添加) # twm & (注解此行)
说明: 也可只注解最后一行 twm & ,并添加一行 gnome-session &。
也可只去掉3、4句注解。
最好方式是都改一下。
【2】修改完需重启vncserver:
# service vncserver restart (重启全部vnc桌面,不建议用此条命令) # vncserver -kill :1 (停止第一个桌面) # vncserver :1 (启动第一个桌面)
步骤六:
(1)配置防火墙
# vi /etc/sysconfig/iptables
内容如下:
# Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended.*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0]-A INPUT -j RH-Firewall-1-INPUT-A FORWARD -j RH-Firewall-1-INPUT-A RH-Firewall-1-INPUT -i lo -j ACCEPT-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT-A RH-Firewall-1-INPUT -p 50 -j ACCEPT-A RH-Firewall-1-INPUT -p 51 -j ACCEPT-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT (添加)-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5902 -j ACCEPT (添加)-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5903 -j ACCEPT (添加)-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5904 -j ACCEPT (添加)-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
也可关闭防火墙(不建议):
# service iptables stop (即时关闭防火墙,重启失效) # chkconfig iptables off (永久关闭防火墙,重启有效)
步骤七:
192.168.10.131:1——这里的:1就是端口号,指的是5900+1,这个1是在/etc/sysconfig/vncservers里面指定的。
这个数字在100以下,不含100的时候可以直接用192.168.10.131:1来表示。
如果在vncservers里面指定的数值大于100 包含100的时候,在连接的时候就需要用到完整的端口数值。
如:在vncservers里面指定的是100,那么在连接的时候就应该是这样的:192.168.10.131:6000。
The above is the detailed content of Linux remote desktop implementation steps. For more information, please follow other related articles on the PHP Chinese website!