Install Tightvnc from the command line. Remote control of Linux from Windows. TightVNC infection method

Working with the VNC client. The material is aimed at inexperienced users.

1. Installing a VNC client
2. Connecting a VNC client to a remote computer
3. Disconnecting the VNC client from the remote computer
4. Tuning the VNC client
5. Common problems

To work with a remote computer via VNC, you need to run a client program (VNC viewer, VNC client) on the user’s computer. This program transmits data about keystrokes and mouse movements made by the user to a remote computer and displays information intended to be displayed on the screen.

1. Installing a VNC client

For Windows OS you can download and install the VNC client UltraVNC and TightVNC for free.

Mac OS X since version 10.5 has support for a VNC client in RemoteDesktop. For previous versions You can use VNC clients JollysFastVNC and .

For the Linux branch of Debian (Ubuntu), the VNC client is installed from the repository with the command:

Apt-get install vncviewer

For the RedHat branch (CentOS, Fedora) - with the command:

Yum install vnc

For FreeBSD, the VNC client (TightVNC) is installed from packages with the command:

Pkg_add -r tightvnc

2. Connecting a VNC client to a remote computer

To connect a VNC client to a remote computer, you need to specify its IP address or DNS name, and the display number (default, :0) or TCP port number (default, 5900). If the VNC server requires authorization, then when connecting to it, the VNC client will ask for a password. Please note that the VNC server access password is not associated with any account (user account) on the remote computer, but only serves to restrict access to the VNC server display.

After establishing a connection and opening the screen, depending on the settings of the VNC server, user authorization may be required to virtual server or an already running work session of a user may be opened.

Since several VNC servers can be running on a computer at the same time, the parameter is used to separate them display number. For example, one VNC server may be running on display:0, another on display:1. Each display number corresponds to the TCP port number on which the VNC server accepts connections. The port number for the display is obtained by adding the display number to the base port number - 5900. Display:0 corresponds to TCP port 5900, display:1 - port 5901.

3. Disconnecting the VNC client from the remote computer

When closing the VNC client window or after leaving the environment using desktop tools, depending on the settings of the VNC server, the user's working session can close with all programs in use stopped, or continue working and be available again when connecting to the VNC server again.

4. Tuning the VNC client

A large amount of information transmitted to the screen entails increased requirements for channel speed - its throughput and packet transmission time. The lack of bandwidth leads to uncomfortable delays when there are large changes in the information shown on the screen - opening new windows, scrolling, etc. Latencies will be especially long when displaying photographs and other images or interface elements that have a large number of colors and complex shapes.

The main parameter that affects the amount of transmitted data is the encoding algorithm of the transmitted graphics. To reduce the volume and, accordingly, speed up the work, it is recommended to use the Tight, ZLib, ZRLE algorithms - in comparison with uncompressed data (Raw), they provide tens of times compression, significantly loading the processor. These encoding algorithms provide comfortable operation even on channels with a speed of 256-512 Kbps.

To reduce the amount of information transmitted over the network, you can also set a high compression level (Compression Level, Compression Value), a low JPEG Quality level (JPEG Quality) and enable the color reduction mode (-bgr233, Restricted colors). The greatest effect of them, with a noticeable decrease in image quality, is provided by the mode of reducing the number of colors - volume transmitted information decreases by 1.5-3 times, respectively, the display on the screen is accelerated by 1.5-3 times.

JPEG is used by the Tight encoding algorithm to compress areas of the screen that contain photographs and other complex images with a large number of colors. Using Tight+JPEG reduces the amount of data transmitted by 2-5 times. Other JPEG encoding algorithms are not supported.

1. Drop-down menu “System -> Options”

The volume of transmitted data and the display speed on the channel is 1 Mbit/sec when opening the drop-down menu “System -> Parameters” (the menu is highlighted with a green dotted line in the figure):

5. Common problems

Can't connect to VNC server

Need to check:

is there access to the Internet;
whether the virtual server responds to pings;
whether the VNC server is running on the virtual server;
is there a firewall along the way that blocks access to the TCP port of the VNC server;
Is the display number or TCP port of the VNC server specified correctly (port number = 5900 + display number).

Slow operation through a fairly fast channel

If the VNC client cannot agree with the VNC server on the use of a graphics encoding algorithm with data compression, the default algorithm is selected - Raw, which transfers data without compression. Also, encoding without compression or with a low compression level can be automatically selected by the VNC client when working through fast local network. This problem can be fixed by forcing the encoding algorithm with a high compression level - ZLib, ZRLE, Tight - in the VNC client settings.

However, for some combinations of client and server, this solution may not be useful due to errors in the negotiation of the encoding algorithm. For example, a TightVNC client with a RealVNC server can often only work with Raw encoding. The solution in this case is to change the VNC client or VNC server.

November 25, 2009 at 01:21 pm

Connecting to a remote computer via VNC

Linux setup

Working with the VNC client. The material is aimed at inexperienced users.

1. Installing a VNC client

For Windows OS you can download and install the VNC client UltraVNC and TightVNC for free.

Mac OS X since version 10.5 has support for a VNC client in RemoteDesktop. For previous versions, you can use the VNC clients JollysFastVNC and .

For the Linux branch of Debian (Ubuntu), the VNC client is installed from the repository with the command:

Apt-get install vncviewer

For the RedHat branch (CentOS, Fedora) - with the command:

Yum install vnc

For FreeBSD, the VNC client (TightVNC) is installed from packages with the command:

Pkg_add -r tightvnc

2. Connecting a VNC client to a remote computer

After establishing a connection and opening the screen, depending on the settings of the VNC server, user authorization on the virtual server may be required, or an already running work session of a user may be opened.

3. Disconnecting the VNC client from the remote computer

4. Tuning the VNC client

To reduce the amount of information transmitted over the network, you can also set a high compression level (Compression Level, Compression Value), a low JPEG Quality level (JPEG Quality) and enable the color reduction mode (-bgr233, Restricted colors). The greatest effect of them, with a noticeable decrease in image quality, is provided by the mode of reducing the number of colors - the volume of transmitted information is reduced by 1.5-3 times, respectively, the display on the screen is accelerated by 1.5-3 times.

1. Drop-down menu “System -> Options”

5. Common problems

Can't connect to VNC server

Need to check:

is there access to the Internet;
whether the virtual server responds to pings;
whether the VNC server is running on the virtual server;
is there a firewall along the way that blocks access to the TCP port of the VNC server;
Is the display number or TCP port of the VNC server specified correctly (port number = 5900 + display number).

Slow operation through a fairly fast channel

If the VNC client cannot agree with the VNC server on the use of a graphics encoding algorithm with data compression, the default algorithm is selected - Raw, which transfers data without compression. Also, uncompressed or low-compression encoding can be automatically selected by the VNC client when working over a fast local network. This problem can be fixed by forcing the encoding algorithm with a high compression level - ZLib, ZRLE, Tight - in the VNC client settings.

Sometimes we need remote access to the Linux visual shell, this task it is required extremely rarely, but if it is required, nothing is impossible :) For this purpose I recommend using tightvnc, why tightVNC? This software is capable of both linux, and from windows remotely connect to the desktop, its installation is extremely simple and does not require any special dances with a tambourine :) Perhaps there is even more best software, well, share it with us :)
On top of everything else tightVNC capable of working on low communication channels, this is a good plus for optimization.
Let's move on to installation!

Installing the tightvnc server on the machine you want to connect to:
sudo apt-get install tightvncserver
IN latest updates ubuntu, namely from version 14.04 there was a small bug with gnome, when when connecting instead of a slave. the table displayed a gray screen, so to connect you need to use another shell module:
sudo apt-get install xfce4 xfce4-goodies
Setting a password for access:
vncpasswd ~/.vnc/passwd The passwd file will be created in hidden folder in your home directory... You can create this folder yourself.vnc...

Run with the settings you need:
sudo tightvncserver -geometry 1024x768 -depth 16 Running tightVNC with a resolution of 1024x768 and 16-bit color depth

Standard launch:
sudo vncserver:1
Kill a process after completion:
sudo vncserver -kill:1

Note:

How to change the default tightVNC port?

To access the remote machine, the port must be forwarded 5901, this is the standard tightVNC port, you can change it when connecting, when connecting in the standard case you use: 1 - this is port 5901, if you want to use port 5911, therefore when connecting it will be: 11 and so on: for example, you need port 7829, launch vncserver with this rule:
sudo vncserver:7829 subtract 5900 = 1929, then when connecting to a remote machine write: IP:1929 or like this: IP:7829, use as you like, do not forget to forward the port you need.

tightVNC gray screen when connecting

If you had a bug with a gray screen when connecting and you installed the package xfce4, then you need to change the file xstartup:
sudo nano root/.vnc/xstartup Comment out everything in this file and add the following:
#!bin/sh xrdb $HOME/.Xresources startxfce4 &

tightVNC does not work when changing keyboard layout

If your keyboard layout does not switch, add:
#!bin/sh xrdb $HOME/.Xresources startxfce4 & export XKL_XMODMAP_DISABLE=1 But this is unnecessary, this bug happens extremely rarely...
Below I will attach the installation packages tightVNC viewer And server For Windows 32 And 64 bit. Jack Wallen explains how to use TightVNC remotely and vice versa for cross-platform administration.

From an administrator's point of view, one of the most important functions of the system is the ability to remotely maintain it. Tools to perform this task are available in almost any OS, but what to do if remote administration required in a cross-platform environment? Remote Desktop Protocol is not an option in this case. To connect to Windows from a Linux computer, your best bet is to use VNC (Virtual Network Computing), or more specifically, TightVNC.

TightVNC is free solution for working with VNC, which includes a viewer and server for Windows, as well as a server for Linux. Let's see how to set up servers on both platforms to enable remote connection.

Connecting from Linux to Windows

Installing TightVNC on Windows is very easy. Just download the appropriate version of the installer from the TightVNC website, double-click the file and follow the wizard’s instructions. But then everything is a little more complicated.

To be able to connect to your computer, you first need to configure and run the TightVNC server on it. To do this, find in the Start | All programs" (Start | All Programs) folder "TightVNC | TightVNC Server (Application Mode)”, and in it run the “TightVNC Server - Offline Configuration” tool. In the window that appears, open the “Server” tab (Figure A) and configure the TightVNC server according to your needs.

Figure A: A password must be set for incoming connections and cannot be empty.

At a minimum, you need to set a password for incoming connections. After this you can start the server. To do this, use the “Run TightVNC Server” shortcut in the same folder. No windows will open in this case - instead, background The TightVNC daemon will be launched.

Now on your Linux computer run standard remedy Remote Desktop Connection, enter the IP address of the Windows VNC server and connect. You will be prompted to enter a password, after which a remote connection will be established.

If you don't know which VNC client to choose, I recommend Vinagre - simple and convenient application for the GNOME desktop environment.

Connecting from Windows to Linux

Connecting from Windows to Linux is a little easier ( cm.). I will explain how to set up a connection on a computer running Ubuntu management 10.10. First you need to install tightvncserver.

1. Launch the Ubuntu Software Center.
2. Enter “tightvncserver” (without quotes) in the search bar.
3. Highlight tightvncserver and click the Install button.
4. Enter your password account root.

After installation, you need to configure the server. For this:

1. Open a terminal.
2. Run the tightvncserver command.
3. Enter your password.
4. If necessary, set a viewing password.

Now you can connect to this computer using the TightVNC Viewer application from Windows. Call it from the Start | All programs | TightVNC | TightVNC Viewer" and enter in the window that appears the IP address of the Linux computer indicating port 5901 in the format "192.168.100.21:5901". If you do not specify a port number, TightVNC Viewer will try to connect to port 5900 and the connection will fail.

When connecting, you will need to provide the password that you set when starting the server on a computer running Linux. After successful authorization, a connection will be established (Figure B).

Figure B. Connecting to tightvncserver using TightVNC Viewer allows you to remotely administer a Linux computer from Windows.

Finally

There are many ways to connect to a remote computer, but having a universal cross-platform solution like TightVNC makes this task much easier. What means of remote connection do you use? Are you using VNC, RDP or third party software like Logmain? Share your experience in the comments!

Tutorial

This guide is about how to set up noVNC for remote access to Windows computers.

Why noVNC?

- Windows has a “native” tool for remote access - Remote Desktop Connection. But it is not available in all versions of Windows - for example, it is not in the Home edition.
- There are also many VNC servers and clients for any Windows versions. But to use them you need to install a VNC client. And there are cases when you can’t install anything (restricted rights), or it’s undesirable so as not to leave traces on someone else’s computer.
- There is also Chrome Remote Desktop, which only needs a browser extension on the client side. But I had a case when the Chrome protocol was blocked by an organization (everything was blocked there), and noVNC uses regular HTTP and therefore worked.

As far as I know, noVNC is the only tool that allows you to connect to a remote computer without installing any client - only a browser is used.
There is also SPICE, but I haven’t found a server for it on Windows.

As a result of this guide, we can simply open the link in the browser, enter the password and use the remote system.

A prerequisite is port forwarding, or the white IP of the remote computer. You can also use VNC repeater. But this is beyond the scope of this article.

General scheme

First we will install a regular VNC server on port 5900.

Then we will install noVNC and WebSockify on port 5901.

The goal is for it to look something like this:

Now run command prompt with administrator rights:

Launch WebSockify:

C:\> cd c:\noVNC\websockify c:\noVNC\websockify> websockify.exe 5901 127.0.0.1:5900 --web c:\noVNC\noVNC-master WARNING: no "resource" module, daemonizing support disabled WebSocket server settings: - Listen on:5901 - Flash security policy server - Web server. Web root: c:\noVNC\noVNC-master - No SSL/TLS support (no cert file) - proxying from:5901 to 127.0.0.1:5900
The first parameter above is the port on which noVNC will listen: 5901 . This port must be made available to clients.

The second parameter is the IP and port where the VNC server is located: 127.0.0.1:5900

Third parameter --web instructs noVNC to give the contents of the directory c:\noVNC\noVNC-master via HTTP(s). By default, noVNC provides only a VNC websocket, but this option allows you to have an HTTP server on the same port.

In the directory c:\noVNC\noVNC-master rename the file vnc.html V index.html so that it is given by default.

Now the noVNC client should be available on port 5901:

Also try opening the noVNC page from another computer/smartphone to make sure it is accessible from outside. If not, then check:

What do you have Windows Firewall doesn't block external connections to this port,
- that your router correctly forwards requests to this port to the right computer; If necessary, google “port forwarding”.

We connect (Connect), enter the VNC password and see the desktop of the remote computer!

If something went wrong, then errors should appear in our console.

You can stop the noVNC server by pressing Ctrl-C in the console. The configuration described above works over HTTP (and over WS).

Adding SSL with a self-signed certificate

Adding SSL is optional. You can create a self-signed certificate like this:

Openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem
For Windows openssl you can take .

As a result, we get the file self.pem, which must be pointed to when starting noVNC:

C:\noVNC\websockify> websockify.exe 5901 127.0.0.1:5900 --web c:\noVNC\noVNC-master --cert=c:\noVNC\self.pem
Now we have HTTPS and WSS (WebSocket Secure) working. For WSS, you need to specify Encrypt in the Settings. Interestingly, noVNC uses the same port for HTTP and HTTPS - it “knows how” to distinguish between requests and respond correctly.

Since the certificate is self-signed, the browser will need to accept this certificate.

Let's Encrypt

I don't have instructions on how to configure the system so that Let's Encrypt automatically generates a certificate specifically for our system. This would require noVNC to be running on port 80, which is of course possible, but may be inconvenient, and find a way to integrate certbot so that these files are published in the desired directory. I think this is possible, but I didn’t do it. If you finish it, share it in the comments.

In my case, I already have a home server with NGINX and a DDNS name, which is configured to automatically receive a certificate from Lets Encrypt.

You can run something similar for yourself. There are instructions on setting up Let's Encrypt for Linux and Windows.

Therefore for noVNC I just use existing ones pem-files generated for nginx.

Let's Encrypt creates the following files:

Cert.pem: Your domain"s certificate chain.pem: The Let"s Encrypt chain certificate fullchain.pem: cert.pem and chain.pem combined privkey.pem: Your certificate"s private key
On Ubuntu they can be found at this path: /etc/letsencrypt/live/your_domain_name

Need to copy (merge) fullchain.pem And privkey.pem into one file, for example let's call it encrypt.pem, and this is the file we will use for noVNC.

Of course, this will only work if nginx server and noVNC- on one domain. Ports may be different.

And we must not forget that certificates are only valid for a few months, and then you need to copy updated files.

Add noVNC as a Windows service

Download the zip archive and unpack the files from there so that they are in the same folder as the file websockify.exe, that is, in our case in c:\noVNC\websockify.

When launched, the service will use the parameters from the file noVNCConfig.ini. Here is an example of my config:

5901 127.0.0.1:5900 --web C:\noVNC\noVNC-master --cert=c:\noVNC\encrypt.pem
In the console launched with administrator privileges, create a new service:

Sc create "noVNC Websocket Server" binPath= "c:\noVNC\websockify\noVNC Websocket Service.exe" DisplayName= "noVNC Websocket Server"
If you need to delete a service, do it like this:

Sc delete "noVNC Websocket Server"
Open services (Control Panel → Administrative Tools → Services) and launch noVNC Websocket Server. You can also configure the service to start every time with Windows:

Known issues

Keyboard layout

I discovered that the Russian keyboard layout works in a rather unusual way:
If the client has Russian language selected, then remote computer keystrokes are not transmitted at all.remote desktop Add labels