Most X applications (such as totalview) generate a large amount of X traffic. This can be very slow when tunneled through ssh to machines off of CLASSE's network. While our recommendation for optimal security and performance is to use X2Go, another option is to start a VNC server on the remote system (where your program will be running) and connect to it using a VNC client on the computer you're sitting in front of. For the client, CLASSE recommends TigerVNC, a free cross-platform VNC viewer. It is available for Windows, OS X, and Linux. http://www.tigervnc.org/

Remote access to personal linux workstation

If you have a linux workstation on your desk, you can use VNC to remotely access your physical display.
  1. From the physical display (either when sitting in front of it or after connecting via X2Go)
    • type vncpasswd to set a password for full access. This will also ask if you want to set a different password for view-only access.
    • Start sharing by typing:
      x0vncserver -PasswordFile=.vnc/passwd -AlwaysShared=1
  2. Start an ssh tunnel from the computer you are sitting in front of. In the following commands, replace "computername.classe.cornell.edu" with the hostname or IP address of the computer you want to control.
    • if you can ssh directly into the computer you want to control, open a terminal and type
      ssh -L 5900:localhost:5900 computername.classe.cornell.edu
    • if you can't ssh directly into the computer you want to control (for example, if it's on a private subnet), open a terminal and use lnx201 to create teh tunnel by typing
      ssh -L 5900:computername.classe.cornell.edu:5900 lnx201.classe.cornell.edu
  3. Start TigerVNC on your computer, and connect to localhost:5900

Starting a new desktop - Quick instructions

Please continue reading the detailed instructions to understand the full process of connecting using ssh and VNC. Once you are comfortable with the process, it essentially boils down to the following three steps. Note that the port numbers in the example below depend on which screen you are assigned.
  1. From your local machine, use ssh to create the tunnel to the system you want to login to.
    • ssh -L 5901:localhost:5901 lnx201.classe.cornell.edu
  2. From the ssh session you just started, start a vnc server.
    • vncserver -geometry 1440x900
  3. From your local machine, start a VNC viewer and connect to localhost and the appropriate port. For example, with the tunnel opened above one would use TigerVNC and connect to localhost:5901.

Starting a new desktop - Detailed instructions.

Start VNC Server

  1. Ssh into the remote linux machine as normal
  2. Start a vncserver using vncserver. The first time you start a vnc server, you will be prompted to pick a password to restrict access to this server. For additional options, (such as -geometry), see man vncserver.
    • Note the screen number used by vncserver. In general, this will be the first available (unused) screen. In the following output, vncserver has used screen "1":
[dab66@lnx201 dab66]% vncserver
New 'lnx201.classe.cornell.edu:1 (dab66)' desktop is lnx201.classe.cornell.edu:1

Starting applications specified in /home/dab66/.vnc/xstartup
Log file is /home/dab66/.vnc/lnx201.classe.cornell.edu:1.log
  1. With most VNC Client applications, you will need to specify the port number to use, not the screen number. This should be easy to identify, as "screen 1" = Port 5901, screen2 = port 5902, etc. In the above example, the VNC Server I've started is listening on "lnx201.classe.cornell.edu:5901".

Connect to VNC Server from Client on CLASSE' network

  1. Start your local VNC Client, and connect the vnc server you just started. Following our example, I would start my VNC Client and connect to "lnx201.lns.cornell.edu:5901".
  2. Authenticate using the password specified when starting the first vnc server.

Connect to VNC Server from Client outside of CLASSE's Network

We do not allow VNC traffic through our firewall, so you will need to tunnel VNC through ssh.
  1. use ssh to setup port forwarding to the port your vnc server is listening on
    • ssh -L 5901:localhost:5901 lnx201.classe.cornell.edu
  2. open a vnc viewer and connect to
  3. Authenticate using the password specified when starting the first vnc server.

Kill the VNC Server

  1. Ssh into the remote linux machine as normal
  2. use vncserver -kill :1 (replacing "1" with the screen number of your vncserver process.

Change Window Manager to xfce

  1. Kill any VNC servers
  2. edit ~/.vnc/xstartup
    • change the final line to exec startxfce4 (or icewm &, gnome-session &, etc.). Be sure to comment out any other window manager lines (twm, icewm, xfce, gnome, etc.)
    • Or, replace everything with the follwiong tested xstartup file.
      # Uncomment the following two lines for normal desktop:
      # unset SESSION_MANAGER
      # exec /etc/X11/xinit/xinitrc
      [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
      [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
      xsetroot -solid grey
      vncconfig -iconic &
      xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
      exec startxfce4
  3. Make sure ~/.vnc/xstartup is executable using: chmod +x .vnc/xstartup
  4. view MultipleSessions for instructions on configuring and using xfce or icewm

Topic revision: r5 - 11 Jun 2020, DevinBougie
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding CLASSE Wiki? Send feedback