You are here

Using VNC

Printer-friendly versionPrinter-friendly version

VNC (Virtual Network Computing) provides a way for staff to access an existing session on their own DICE desktop machine. Note: if you just want to use a DICE desktop from a remote location, use NX, the remote graphical login service.

Essentially VNC is simple - start a VNC server on one machine, and then view that desktop on another machine via a VNC viewer. However it gets more complicated when security and firewalls are taken into account. You need to establish an SSL connection to port 5910 on the DICE machine from your home machine, then use VNC over the SSL connection.

On your DICE machine

DICE has two VNC servers installed:

  • x11vnc displays the actual DICE desktop and supports SSL natively;
  • vncserver creates a new desktop (of a size that you can choose) but does not support SSL natively.

This guide explains how to use x11vnc to connect to a DICE desktop from a home computer which is running Windows.

Set up the x11vnc server password on any DICE machine

The first thing to do is setup a password which will authorise the connection to the VNC server. Note that this password isn't stored as securely as it could be, so don't use your DICE password, or any other valuable one. On any DICE machine (e.g. if working remotely, ssh to gateway staff.ssh.inf.ed.ac.uk, then onto staff.login) run the command:

[jings]jsmith: x11vnc --storepasswd
Enter VNC password:
Verify password:
Write password to /afs/inf.ed.ac.uk/user/j/jsmith/.vnc/passwd?  [y]/n y
Password written to: /afs/inf.ed.ac.uk/user/j/jsmith/.vnc/passwd

This only needs to be done once. Do it again when you want to change the VNC server password.

On your home PC: Windows users

Set up an ssh tunnel

Set up an ssh tunnel through one of the ssh servers to your DICE desktop's port 5910; so you can use a VNC viewer to connect to your end of that tunnel. In this example we'll assume the desktop is called jings.inf.ed.ac.uk.

There are various ways to create that ssh tunnel. For this example we will use PuTTY for Windows.

On the PuTTY configuration screen, on the left hand Categories section drill down to Connection -> SSH -> Tunnels. On the right hand side fill in the details, replacing jings with the hostname of your own DICE desktop machine.

  • Source Port: 5910
  • Destination: jings.inf.ed.ac.uk:5910

Leave the other options and click Add.

Go back to the left hand Categories and select Session. Fill in

  • Hostname: ssh.inf.ed.ac.uk
  • Port: 22
  • Connection type: ssh.

To save going through this again you'll probably want to fill in a name for the Saved Session, for example ssh.inf VNC display:10 and click Save.

Now click Open and log into ssh.inf.ed.ac.uk.

What this has done is setup port 5910 on your Windows machine (localhost) to be equivalent to port 5910 on your own DICE machine.

Start the x11vnc server on your DICE machine

  1. Wake your DICE computer if it's sleeping;
  2. Use ssh to your own DICE machine.

The command to start the server is:

[jings]jsmith: x11vnc -ssl -usepw -rfbport 5910 -xkb --display :0

The -xkb option may or may not be needed to fix some keyboard funnies depending on your window manager. In addition, once connected, you may need to type the shell command xset r on a few times to get autorepeat to work again.

After typing the x11vnc command above various messages will go past, the first time starting the server you will be prompted to set an optional pass phrase for extra security. Towards the end of messages you should see something along the lines of:


12/01/2017 10:42:53 openssl_port: listen on port/sock 5910/11
12/01/2017 10:42:53 openssl_port: listen on port/sock 5910/12 (ipv6)

12/01/2017 10:42:53 screen setup finished.
12/01/2017 10:42:53 

The SSL VNC desktop is:  jings.inf.ed.ac.uk:10
PORT=5910
SSLPORT=5910

Note that in this case x11vnc has explicitly been told to listen on port 5910. If the -rbfport 5910 argument is missed out then x11vnc will automatically pick a free port from 5900 upwards.

After following the above instructions, a VNC server will be running on your DICE machine, listening on port 5910 for a (secure) SSL connection.

Running the VNC viewer over the SSL connection

What's needed next is a VNC viewer that talks SSL. For this on Windows you can use ssvnc (an SSL/SSH VNC viewer). When you run it,

  • enter localhost:10 for the VNC Host:Display
  • and tick the Use SSL option,
  • but untick the Verify All Certs option (otherwise it will complain about the self-signed certificate that x11vnc uses by default).
  • Then click Connect.

A window should appear asking you for a password. This will be the password you gave when setting up the server.

Once you've successfully connected, you should find your DICE desktop contained within a Window on your Windows PC. Depending on the relative sizes of your DICE desktop screen and your remote screen, you may find that you have to scroll around to see all of the DICE desktop, or use the scaling options to reduce the size. If your screen sizes match, you may want to try the "Full screen" mode. If you do this, pay attention to the keystrokes required to return you to Windowed mode.

On your home Mac

A Mac user reports success with TigerVNC, "a high-performance, platform-neutral implementation of VNC".

On your home PC: Linux users

TBA.

The SSH tunnel can be set up in the usual manner using the OpenSSH -L option.

If you have a working configuration on another platform please get in touch and tell us about it so we can include it on this page.

Last reviewed: 
12/01/2017

System Status

Home dirs (AFS)
Network
Mail
Other services
Scheduled downtime

Choose a topic