Vnc & Gdm
FedoraForum.org - Fedora Support Forums and Community
Page 1 of 11 1 2 3 ... LastLast
Results 1 to 15 of 153
  1. #1
    gin Guest

    Vnc & Gdm

    so, you have no graphics card, but you still want GUI management / X Windows......

    Perhaps you do have a graphics card but want the convenience of using VNC to reach your Fedora machine?

    There are some great turotials on getting the basics of VNC set up, but it always logs you right into the machine as a specific user...I want to choose my user....VNC + GDM is the answer

    VNC + GDM will allow you to fir a vnc viewr at you linux box and have the GDM appear. This information contained below is a collection of personal knowledge and information collected from other postings on some other boards (note: go back and reference some of the contributors).

    This mini-tutorial will not cover off security...so if you are doing this..make sure it is on your own network, behind a firewall etc. etc. etc....I hope to come back and add the security pieces in later...just don't have too much time today.

    On with the show......

    How it will work
    ===========
    GDM will be running in the background (with no X-Server in this config). When we start a VNC session, VNC will contact the GDM to display the "Greeter"...then we log in as we normally do with GDM locally.

    Configure GDM
    ==========
    Sorry to you KDM/XDM folks out there...I will add in KDM ata a later date...it isn't too much different.

    GDM presents the graphical greeter. To allow VNC to contact the GDM we must turn on XDMCP (Security concious peeps should set their firewall to only allow LOCAL connections for XDMCP - i.e. from the localhost - because VNC is running on the same linux device) - there is another option here to change the XServer that GDM can run to be VNC but I have not explored this option...perhaps later, but for now we'll do it with XDMCP:
    1. Turn on XDMCP
    Code:
          edit /etc/X11/gdm/gdm.conf
          find the [xdmcp] section
          Change
               Enable=false
          to
               Enable=true
    2. (optional) Turn off XWindows (VNC runs it's own XWindows)
    Code:
          edit /etc/X11/gdm/gdm.conf
          find the [servers] section
          Change
               0=Standard
          to
               #0=Standard
    Configure VNC
    ==========
    We will have VNC run from xinetd. We will create 2 "services". One for 800x600 and the other for 1024x768...if you want others, you can extrapolate yourself....800x600 will be available via :0 and 1024x768 as :1 (don't worry yet if you do not understand what I mean by :0 and :1)

    1. Create /etc/services
    Code:
          edit /etc/services
          add the following 2 liines:
               vnc800  5900/tcp                        # VNC & GDM
               vnc1024 5901/tcp                        # VNC & GDM
    2. create xinetd services
    Code:
          create etc/xinetd.d/vnc800
          service vnc800
          {
            disable     = no
            socket_type = stream
            protocol    = tcp
            wait        = no
            user        = nobody
            server      = /usr/bin/Xvnc
            server_args = -inetd -broadcast -geometry 800x600 -depth 16 -once -fp unix/:7100 -securitytypes=none
          }
    3. -securitytypes=none means VNC will not ask you to authenticate...we want GDM to do that part...

    4. create xinetd services
    Code:
          create etc/xinetd.d/vnc1024
          service vnc1024      {
            disable     = no
            socket_type = stream
            protocol    = tcp
            wait        = no
            user        = nobody
            server      = /usr/bin/Xvnc
            server_args = -inetd -broadcast -geometry 800x600 -depth 16 -once -fp unix/:7100 -securitytypes=none
          }
    TEST IT
    =====
    Code:
    1.  stop any X Windows
               init 3
    
    2.  Log into console (text mode)
    3.  Turn off "vncserver"...we don't want VNC to run except for xinetd
               chkconfig --level 2345 vncserver off  
    4.  start GDM  
               init 5
    5.  start vncviewer
            I tested my connection from Win XP...
            for 800x600 -> vncviewer localhost:0
            for 1024x768 -> vncviewer localhost:1

    SUMMARY
    =======
    You should now be able to run a headless (no kbd/mouse/video) linux box with a GUI and GDM greeter....

    I know this mini-tutorial is a little thin at the moment, but I only had a few mins to type it up..I will clean it up I promise...if anyone likes it...I could try and write a mini-howto.....anyway...good luck..

    -GIN-
    Last edited by gin; 30th April 2004 at 04:42 PM.

  2. #2
    Join Date
    Feb 2004
    Location
    China
    Posts
    124

    Re: Vnc & Gdm

    Originally posted by gin
    You should now be able to run a headless (no kbd/mouse/video) linux box with a GUI and GDM greeter....
    i do get a gdm greeter but it looks different, any idea?

  3. #3
    gin Guest
    This is probably caused by the RemoteGreeter setting of GDM...try adding:
    Code:
    RemoteGreeter=/usr/bin/gdmgreeter
    to /etc/X11/gdm/gdm.conf

    Alternatively (GUI METHOD)
    run gdmsetup

    change the remote greeter in the GENERAL tab to your liking !!


    Note..for the xinetd config...you can also use:
    Code:
      server_args = -inetd -query localhost -geometry 800x600 -depth 16 -once -fp unix/:7100 -securitytypes=none
    
    instead of
    
    server_args = -inetd -broadcast -geometry 800x600 -depth 16 -once -fp unix/:7100 -securitytypes=none
    -Gin-
    Last edited by gin; 3rd May 2004 at 06:28 AM.

  4. #4
    Join Date
    Feb 2004
    Location
    China
    Posts
    124
    Originally posted by gin
    This is probably caused by the RemoteGreeter setting of GDM...try adding:
    Code:
    RemoteGreeter=/usr/bin/gdmgreeter
    to /etc/X11/gdm/gdm.conf

    Alternatively (GUI METHOD)
    run gdmsetup

    change the remote greeter in the GENERAL tab to your liking !!
    that's it, thanks

    Originally posted by gin

    Note..for the xinetd config...you can also use:
    Code:
      server_args = -inetd -query localhost -geometry 800x600 -depth 16 -once -fp unix/:7100 -securitytypes=none
    
    instead of
    
    server_args = -inetd -broadcast -geometry 800x600 -depth 16 -once -fp unix/:7100 -securitytypes=none
    -Gin-
    and the difference would be?
    i saw "-query localhost" as an example in the man page of Xvnc, but didn't find an explanation of it

  5. #5
    gin Guest
    The difference would be that:
    --broadcast
    does an xdmcp broadcast ( to the broadcast address ) and may receive "responses" from other machines, whereas
    --query 127.0.0.1
    is a unicast message directly to the localhost. This is more appropriate since we do not want "remote" connections to GDM. The user connects remotely to VNC but VNC connects LOCALLY (sp) to [GKX]DM.

    This will allow users running firewalls to keep this more secure.

    -Gin-

  6. #6
    Join Date
    Feb 2004
    Location
    China
    Posts
    124
    ok, thanks a lot!

  7. #7
    g3brown Guest
    This works great. However if I turn on IPTABLES, you just get an X type desktop after connecting. Seems the X and GDM are communicating. Could you offer any advice there? Thanks!

    # Firewall configuration written by system-config-securitylevel
    # Manual customization of this file is not recommended.
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :RH-Firewall-1-INPUT - [0:0]
    -A INPUT -j RH-Firewall-1-INPUT
    -A FORWARD -j RH-Firewall-1-INPUT
    -A RH-Firewall-1-INPUT -i lo -j ACCEPT
    -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
    -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
    -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5900 -j ACCEPT
    -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
    COMMIT

  8. #8
    gin Guest
    Unfortunatly I was unable to replicate your results. First thing would be to turn on logging in the firewall so that we can actually see what is being rejected. Here is a sample that I used for testing. This in no way implies a secure firewall configuration (infact...it's not):

    Code:
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :RH-Firewall-1-INPUT - [0:0]
    :LOGANDREJECT - [0:0]
    -A INPUT -j RH-Firewall-1-INPUT
    -A FORWARD -j RH-Firewall-1-INPUT
    -A RH-Firewall-1-INPUT -i lo -j ACCEPT
    -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
    -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
    -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5900 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT
    -A RH-Firewall-1-INPUT -j LOGANDREJECT
    #-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
    -A LOGANDREJECT -j LOG                                                  
    -A LOGANDREJECT -j REJECT
    Basically this code will log to /var/log/messages the packets that do not get accepted.

    look for (sorry if this is all news to you, I just do not know your familiarity with firewalls:
    Code:
    Jun  1 X:X:X ABCDEFG kernel: IN=eth0 OUT= MAC= 
    SRC=X.X.X.X DST=X.X.X.XLEN=XX TOS=0x00 PREC=0x00 TTL=XXX 
    ID=30755 DF PROTO=UDP SPT=XXX DPT=XXX LEN=XX
    Pay attention to the SPT= and DPT= fields. Post your info and we'll see what happens.....

    -GIN-

  9. #9
    g3brown Guest
    Do you have the COMMIT at the end of your file? I think it is necessary for the filter to take effect. I logged the rejects and caught only one line.

    Jun 2 22:37:37 fedora2 kernel: IN=eth0 OUT= MAC= SRC=192.168.0.107 DST=192.168.0.255 LEN=35 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32769 DPT=177 LEN=15

    I opened upd port 177 with

    -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 177 -j ACCEPT

    and now vnc connects wonderfully again. Thanks for your help.

  10. #10
    ofergal Guest

    Wink

    Didn't you mean:
    create etc/xinetd.d/vnc1024
    service vnc1024 {
    disable = no
    socket_type = stream
    protocol = tcp
    wait = no
    user = nobody
    server = /usr/bin/Xvnc
    server_args = -inetd -broadcast -geometry 1024x768 -depth 16 -once -fp unix/:7100 -securitytypes=none }

    2 more
    1. Is this going to force 1 password for VNC then user/password for the login?
    2. Can I have more then 2 VNC services (say for 3 more resolutions optins)

    Thanks

  11. #11
    gin Guest
    1024x76s...oops...bad copy paste :-)

    1. Is this going to force 1 password for VNC then user/password for the login?
    No, the "-securitytypes=none" argument makes VNC not ask you for a password but because we are using XDMCP (think GDM) then then GDM will respond (or xdm or kdm depending on what you are running).

    Can I have more then 2 VNC services (say for 3 more resolutions optins)
    Yes you can..just keep adding them:
    Add to /etc/services
    Add to /etc/xinetd.d/<whatever>

    -GIN-

  12. #12
    zathrusuk Guest

    VNC connection drops out after logoin screen

    Hi, Thanks for the how to it was very very usefull, i have followed it and got the login screen to appear, i fill in my details and then it suddenly closes the vnc viewer on my windows xp service pack 2 machine is there something i am doing wrong?

    ANy help would be great. Thanks

    Mike

  13. #13
    felmasper Guest
    I am using this tutorial for Debian and:

    1) Xvnc does not have the securitytype option yet, I've just disabled it
    2) what if I want my machine to have a gdm working on :0 while I use another via VNC?

    Well I suppose I could use vncserver which chooses an empty DISPLAY or write a script myself... kind of:

    Xvnc.new:
    #!/bin/sh
    d=0
    while [ -f /tmp/.X11-unix/X$d ] ; do let d++ ; done
    Xvnc "$@" :$d
    #eof

    Supposed... I tried but it did not work. VNC gives me "invalid protocol". I did straces (with "strace -o /tmp/foo -fp `pidof inetd`"), solved some problems (mainly with font paths, Debian uses additional paths besides xfs and I X was not getting a cursor theme) but I am still getting "Invalid protocol".

    I do not understand how is gdm going to be started after I connect to a VNC... hmm let me see... -query localhost will look for XDMCP connections in localhost and gdm is one of them, is that it?

    Should I change gdm.conf, XDMCP part, enabling servers on :1, :2 and so on?

    I am using it over ssh. It's ok, I've already used VNC over ssh with a fixed server (vncserver called from command line).

    []s
    Felipe

  14. #14
    jtkohl Guest
    If I understand the basic setup here, won't the Xvnc server stop when
    you disconnect the vnc client? That's rotten, because half of the
    benefit of VNC is being able to disconnect a session and reconnect
    later. How do xinetd and Xvnc interact?

    If I can reconnect later, then you really need to set up the Xvnc line
    in the xinetd config file to require some authentication, otherwise when
    you disconnect someone else can reconnect without authenticating.

  15. #15
    baoilleach Guest

    Question How does it all work?

    I'm trying to set up a vnc server so that users will see gdm when they start a vncviewer. I'm trying to set this up using SSH tunneling.

    I'm having some problems.

    Can someone talk me through what is exactly happening in this case - e.g. computer A connects to port X on computer B; this causes xinetd to do something, etc. I find it a bit hard to get it all straight in my head, so I don't know how to look for the problem.

    Regards,
    baoilleach

Page 1 of 11 1 2 3 ... LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •