X11vnc Vs Tigervnc

  

Mini

TurboVNC vs TigerVNC, what are the differences? Which should I use? Looking into the different iterative forms of VNC servers and currently using tigervnc/x11vnc on my RHEL6.8 boxes to connect to from a debian host and run remote commands and get proper display and graphics back from the system. The second was X11vnc's ability to attach to native X screens or virtual framebuffers. This comparison might help you out; if you can't narrow down by features then they all should pretty much meet your needs.

Last updated: 18 Jun, 2020
Copy
Copied

Virtual Network Computing (VNC) software provides a way to reduce X11 overhead on high-latency networks such as the Internet. In practical terms, once a VNC session is underway, latencies are on the order of seconds rather than minutes. VNC can make remote X11 applications useful instead of being tedious and non-productive.

The principle of operation involves a host server process (for example, Xvnc) that communicates with X11 applications running on Pleiades. The host server process transmits images and image updates using a low-overhead protocol to the remote system's viewer client.

Security and Firewalls

In the NAS environment VNC traffic is carried by a tunnel, similar to the way is used to tunnel X11 traffic. Using an tunnel provides security because encrypts tunnel traffic in both directions. If you are already using , then VNC traffic will travel to/from NAS systems over current connections and through current firewalls. There is no need for any additional communication updates or authorizations.

Where is the VNC Software?

The Pleiades system runs on Linux. All of the necessary VNC software is installed in /usr/bin.

You do not need to run an X11 server on the remote system (your local system) because in the VNC environment, all of the X11 work is done on the Pleiades front-end systems (pfe[20-27]). However, you do need a VNC client viewer. The client might already be installed in many Linux distributions and on recent versions of Mac OS X; if it is not installed on your system, you will need to download the client.

If you have a NAS-supported system, please note that:

  • For NAS-supported Linux workstations, a VNC client viewer (RealVNC version 4.1.2) should be installed in /usr/bin/vncviewer.
  • For NAS-supported Mac workstations, you can download a VNC client called TigerVNC from the TigerVNC website.

If you have a Windows desktop system, you can download free VNC clients from the following websites:

Ask your local system administrator for help to install the VNC client software.

Steps to Establish a VNC Session

In the following steps, pfe24 is used as an example; you can substitute another PFE.

Note: Although there are other ways to establish a VNC session, this method is convenient as it does not require you to manually find an available display number to use.

Before You Begin

VNC is much easier to use if you set up Passthrough on your local system. In your .ssh/config file on your local system, you do not need to enable X11 forwarding, but you must include the line ForwardAgent yes.

Known Issue: Make sure you do not have a MATLAB, Tecplot, or FieldView module loaded when you invoke vncserver. Once the VNC session is established, you can load the module.

Step 1: Connect to the PFE

Once Passthrough is set up properly, you can establish a connection from your local system to pfe24:

Step 2: Run the vncserver Command on pfe24

vncserver is a script that starts/stops/kills the actual VNC server, Xvnc.

The first time you invoke vncserver on a server, you will be prompted to create a password for VNC that is up to 8 characters in length. (If you create a longer password, it will be truncated to 8 characters.) This password is encrypted and saved in the $HOME/.vnc/passwd file on the server. Once this is done, you will not be prompted for a password on the server when you invoke vncserver for subsequent VNC connections.

Run vncserver as follows:

There are a few options to the vncserver command, such as :display (for setting the display number), -geometry (for setting the desktop width and height in pixel), etc. The -localhost option shown in the above example is a local security option that you should use all the time. It must appear as the last option or it won't get processed.

Similar to an X11 session, a VNC session uses a display number. If not supplied, the vncserver searches over the valid range from 0 to 99 and assigns the next free display number for your session. In the above example, a display number of 25 is assigned.

Step 3: Create a Tunnel from Your Local System to the Server

The next step is to create a tunnel from your local system to the server. This is done by first escaping into an sub-shell and specifying a local client's port number and a server's port number to use. The default escape characters are ~C (upper case 'C'). If you do not get the prompt, repeat the ~C.

At the prompt, provide a local client port and a remote server port. VNC by default uses TCP port 5900+xx. Thus, it is common to provide the value 59xx for both the local client port (the number before localhost) and server port (the number after localhost). The value for xx is obtained from the final output from the vncserver startup command. In the example shown in Step 2, a vncserver was started on pfe24:25, so in this scenario xx would have a value of 25. The port number would therefore be 5925.

Note that the client port number and the server port number do not need to be the same. Some may suggest using a very high client port number such as 22222 or 33333 since high port numbers are less likely to be reserved for other purposes. For example:

The maximum number allowed for the client port is 65535. Avoid using the local port numbers 0-1024 (root privilege required), 5900 (for Mac systems, reserved for some Apple remote desktop products), and 6000-6063 (reserved for local X window server). Use the netstat -an command to check what local port numbers have been used:

The above example shows local ports 5900 and 22 are in use and should be avoided.

Step 4: Start the VNC Viewer Application on Your Local System

  • If your local system is a Mac and you have 'Chicken of the VNC' installed, launch it. Open the Preferences panel from the 'Chicken of the VNC' menu and select the Performance tab. Make sure the 'Frontmost Connection' slider is not at its highest setting. If it is, move it down one notch. Close the Preferences panel. Now, open a new connection using the 'New Connection' item from the 'Connection' menu.

    In the popup window 'Connect', enter localhost:22222 in the Host field (if your local port number is 22222 from Step 3), and your VNC password in the Password field. Then click on the 'Connect' button.

  • If your local system is a Linux system, run:

    You should get a password prompt. Enter your VNC password that you created on the server.

    The localportnumber is the one you use in step 3. For example, if you choose 22222 as your local port, run:

If everything goes well, the Xvnc server will send a X11 window manager display to your local system that will appear as an xterm in the viewer's window.

The default window manager is TWM, and there are a couple other window managers to choose from in the /usr/bin directory, including FVWM, MWM, IceWM, and GNOME. The GNOME window manager provides a GUI view of a user's files and includes a few useful tools.

To use a non-default manager, modify your $HOME/.vnc/xstartup file on the host where your start vncserver. For example:

You can also change the size and position of the xterm in your viewer's desktop by changing the values in the following line of the $HOME/.vnc/xstartup file on the host where you start vncserver. For example:

This specifies an xterm that is 80 characters wide, 24 characters high, at a position (10 pixels, 10 pixels) from the upper left corner of the VNC viewer's desktop.

TIP: The modifications to the xstartup file only take effect for a new VNC connection. You will need to stop the existing VNC server and start a new one.

The window manager's xterm is running on pfe24 itself. From this xterm, you can do tasks that you normally do on pfe24—for example, start an X application or to other NAS systems. PBS jobs can also connect to a VNC session. Specifically, in the xterm in the viewer's window, submit an interactive PBS job with the -X option (upper case 'X') and do not reset the DISPLAY variable before starting an X application:

TIP: Your VNC session and the interactive PBS job will continue to be active even if you disconnect from the Pleiades front end where you started vncserver. Assuming the PFE where you started vncserver is not down, you can reconnect to the same VNC session: simply into the PFE (pfe24 in this example) and repeat steps 3 and 4 with the same port number that you used before (5925 in this example). If the interactive PBS session has not reached its wall time limit, the PBS job will be there waiting.

Step 5: Shut Down the Server When You are Done with the VNC Session

On each VNC server, there are a limited number of VNC sockets available. At the end of a session, be sure to exit the VNC application on your local system so that others can use the sockets. In the terminal window where you started up VNC, use the following command to clean up a few temporary files vncserver had created.

For example:

WARNING: Don't manually kill vncserver. Doing so will leave lock and socket files (for example, /tmp/.X11-unix/X25, $HOME/.vnc/pfe24:25.pid, etc.) on the server.
TIP: If you get a black screen on your VNC viewer, try the following methods to resolve the issue:
  1. Check /tmp/.X11-unix for any existing VNC sessions, and clean them up by using the vncserver -kill :xx command, as described in Step 5 above.
  2. If you normally load MATLAB, Tecplot, or other GUI application modules, unload them before you start vncserver. The LIBGL_ALWAYS_INDIRECT=y setting in these modules is known to cause the black screen.
  3. If unloading the MATLAB and Tecplot modules does not solve the problem, use the twm window manager instead of icewm or gnome-session in your .vnc/xstartup file. For unknown reasons, it is possible that after you resolve the black screen issue by using twm, you can revert back to using other window managers.

X11vnc - VNC server to allow remote access to an existing X session. Tigervnc-xorg-extension - 'TigerVNC is a high-performance, platform-neutral implementation of VNC' (see also tigervnc-scraping-server and tigervnc-standalone-server) VNC 'Client side' directvnc - VNC client using the framebuffer as display. Gvncviewer - VNC viewer using gtk-vnc.

Parent page: Internet and Networking >> VNC

Contents

  1. x11vnc
  2. krfb
  3. tightvncserver
  4. TigerVNC

A VNC server is a program that shares a desktop with other computers over the Internet. You will need a VNC server if you want other people to see your desktop. Every VNC server has different strengths and weaknesses and is appropriate for different uses. This page will discuss each of the VNC servers available in Ubuntu, and ways to configure them for most common uses of VNC.

The most important thing when setting up a VNC server is to only let the right people access your desktop. The safest way to do that is usually to have someone sitting at the desktop deciding who gets to use it, but that's not always practical - for example, if you want to log in to your own computer from somewhere else.

If you want to confirm each connection manually, you should look for these options:

  • Request access each time - pop a window up asking whether to allow each connection as it comes in.

  • view-only access - allow VNC clients to view the destkop, but not to change anything. As well adding a little security, this avoids problems with both of you fighting over control of the mouse.

Using these two options will give you the most security. Requesting access each time will ensure that nobody can connect without you noticing, and view-only access will mean that they can't change anything without asking you to do it for them.

If you want to access your desktop when nobody is sitting at it, these options will be more useful:

  • Only allow local connections - only let people connect if they already have access to your computer.

  • Start your VNC server in 'once' mode - tell your VNC server to allow one connection, then block anything after that.

  • Set a password - require people to send a password before they can connect.

These three options should give you a secure set-up, so long as they're used with port-forwarding. Only allowing local connections means that only people with user accounts on your computer can access your desktop. Starting the server in 'once' mode means that people with user accounts on your computer would have to log in to your desktop between the time you start your VNC server and the time you connect from your VNC client. Setting a password means that, if anyone did try to connect in that brief interval, they probably wouldn't be able to get in before you noticed and stopped the server.

X11vnc

Note: you must set a password if you want to use the in-built VNC client in Mac OS X.

Vino is the default VNC server in Ubuntu to share your existing desktop with other users.

To configure vino from within GNOME, go to System > Preferences > Remote Desktop

  • To set vino to request access each time, tick Allow other users to view your desktop in the Remote Desktop configuration window.

  • There's no way to set vino to only listen for the next connection.
  • To set a password, tick Require the user to enter this password:, and enter a hard-to-guess password.

  • To put vino in view-only mode, untick Allow other users to control your desktop.

  • To only allow local connections, open a terminal and run the command:

  • To allow connections from anywhere, open a terminal and run the command:

x11vnc is a VNC server that is not dependent on any one particular graphical environment. Also, it facilitates using in a minimal environment, as it has a tcl/tk based GUI. It can be started while your computer is still showing a login screen.

It is helpful to ensure you have uninstalled any other VNC programs first so that they don't interfere with x11vnc.

As a quick proof of concept to test your connectivity, as per the man page, one may create a password file via:

It will respond with:

One may execute the following in a terminal:

Here a few settings that would be common to adjust depending on your environment:

  • To set x11vnc to request access each time when set without a password, include the -nopw -accept popup:0 options.

  • To set x11vnc to only listen for the next connection, include the -once option.

  • To set x11vnc to continually listen for connections, include the -forever option.

  • To put x11vnc in view-only mode, include the -viewonly option.

  • To set x11vnc to only allow local connections, include the -localhost option.

Have x11vnc start automatically via upstart in any environment (<=Utopic)

Have x11vnc start automatically via systemd in any environment (Vivid+)

Have x11vnc automatically start in Kubuntu

X11vnc Vs Vnc

One may create a startup script via:

Have x11vnc automatically start in Ubuntu

In Ubuntu (but not Kubuntu or Xubuntu) x11vnc needs superuser access, and needs the -auth /var/lib/gdm/:0.Xauth -display :0 options to be specified on the command-line. The argument value for the -auth option may be found previously with x11vnc -findauth.

You can run x11vnc before you've logged in by typing something like this:

If you find a blank screen, check the x11vnc FAQ entry on headless servers.

Alternatively, you can add the following lines to the bottom of your /etc/gdm/Init/Default to have x11vnc start after your gnome login does (note that /etc/gdm/Init/Default does not exist on some Ubuntu devices):

Krfb is the default VNC server in Kubuntu. Because it's highly integrated with KDE, running it in other environments is difficult.

To configure krfb, go to System Settings > Sharing > Desktop Sharing > Configure....

  • To set krfb to request access each time, tick Confirm uninvited connections before accepting

  • To set a password, type a hard-to-guess password into the Password input box.

  • To put krfb in view-only mode, untick Allow uninvited connections to control the desktop.

  • There's no built-in way to only allow local connections, although see below for a solution.

Once mode

Krfb doesn't have a built-in way to accept the next connection then stop listening for connection attempts. However, the following Python script will listen for a single connection then exit krfb:

X11vnc Vs Tigervnc

To use this script, open your favorite text editor and paste the contents in. Make sure that the initial '#' character is the very first character in the file, save the file as krfb.py, and set the file's permissions to make it executable. Although this simple program won't open a window of any kind, it will quietly wait for the next VNC client to connect to your computer, then pass the connection through to krfb.

This script will only listen for local connections. To allow connections from anywhere, change 127.0.0.1 to 0.0.0.0 in the script.

Invitations

Krfb lets you create 'invitations', or individual passwords that are deactivated after an hour or after one use. These are a handy way of giving people one-time access to a computer, but only provide limited security. For example, if you send someone an invitation by e-mail or instant messaging, an attacker could read your invitation message as it went over the Internet and use it to log in.

X11vnc Vs Tigervnc

Invitations can be useful when you want to let other people view your desktop, but you still need to follow the normal precautions when letting other people view your desktop.

Whereas most VNC servers share your desktop, tightvnc creates a completely new desktop, not attached to any actual screen. This makes it much less useful for some things (like remote help), but much more useful for others (like creating a public area for collaboration). If tightvncserver won't start, you might need to uncomment the $fontpath lines in /etc/vnc.conf.

X11vnc Vs Tigervnc Free

Like x11vnc, tightvnc is designed to be run from the command-line. To start it, type:

This will tell tightvnc to listen for VNC connections on port 5901 from anywhere on the Internet. Without the -nolisten tcp option, tightvnc will also listen for a different type of connection (X11 instead of VNC), which isn't usually very useful. Tightvnc's unusual design means that it can't create a remote desktop on the standard VNC port (5900) if you have an ordinary desktop running on your computer.

  • There's no way to set tightvncserver to request access each time.
  • There's no way to set tightvncserver only to accept the next connection, although see below for a similar solution.
  • Tightvncserver always requires a password, and will ask you to specify one the first time it's run.
  • To set tightvncserver to only allow local connections, include the -localhost option.

Once mode

Tightvncserver can't be set to accept the next connection then stop listening for connection attempts. But it can be set to automatically disconnect each client when the next client connects, and can be stopped after your connection is disconnected. To only allow local connections and automatically disconnect clients, start tightvnc by typing:

Then when your client is disconnected by the next client connecting, type:

Customising your session

By default, tightvncserver provides a session with a simple window manager and a terminal. The first time tightvncserver runs, it creates a ~/.vnc/xstartup file that you can use to customise your session. Here is an example file that would give you a GNOME desktop:

Your changes will take effect the next time you start tightvncserver.

X11vnc Vs Tightvnc

TigerVNC was originally based on the (never-released) VNC 4 branch of TightVNC. It is stable and actively maintained, being around since 2009 and included in most popular distributions. In particular, it supports compositing window managers without requiring a fallback mode, such as with Gnome Shell. When using with the TigerVNC viewer it also uses TLS encryption by default.

TigerVNC is available in Ubuntu 17.04 and newer:

X11vnc vs tigervnc x

On older Ubuntus, go to https://github.com/TigerVNC/tigervnc/releases to find the latest release, since it is not yet in an apt repository. Download and install:

Best Free Vnc

Its syntax is very similar to tightvncserver, start it as your user with:

And stop it with:

See man vncserver for options. Avaiable options are similar but not identical to tightvnc.

TigerVNC can also replace x11vnc to attach to the local display using the provided x0vncserver binary:

More detailed usage information is available here.

Start TigerVNC vncserver at boot

The ubuntu install package also registers a system service, making it easy to define listening vnc servers on startup. Edit the file /etc/default/vncserver and add the display number and user to start as:

Then enable the service at boot with:

Tigervnc Server

  • GNU Screen and tmux allow you to open, share, disconnect, and later return to text-based terminals.

  • directvnc is a VNC server that shares a Linux framebuffer instead of a desktop.

  • linuxvnc is a VNC server that shares a text-based console instead of a desktop.

  • xrdp is a server for Microsoft's Remote Desktop protocol, a client for which comes with all modern versions of Windows.

  • xserver-xephyr allows you to create a desktop within a desktop on a single computer.

  • Apple Remote Desktop is a desktop sharing application for Mac OS that includes a VNC server.

  • Apple Screen Sharing is a default application in Mac OS X that allows incoming VNC connections.

Tightvnc

Having Compiz enabled may interrupt screen updates with some servers and clients. Using -noxdamage with x11vnc can prevent this.

X11vnc Vs Tigervnc 3

* http://www.karlrunge.com/x11vnc/