Virtual Network Computing(VNC) is a graphical remote access system for remote desktop control. VNC consists of two components: A server which generates a display, and a viewer which draws the display on your screen. VNC uses a random challenge-response system to provide basic authentication that allow you to connect to a VNC server. The VNC password sent over the network is encrypted. Once the system is connected, however, traffic of the entire VNC session is unencrypted and could be snooped by someone with access to the intervening network. If security is importance to you, you may choose VNC viewer with encryption support(probably commercial product), or tunnel VNC through a SSH connection(see below).

What you’ll need?

  • A VNC viewer. There are many VNC viewers to choose from. RealVNC supports many platforms(Windows, MacOS, etc). TightVNC is another popular VNC software. Free version is available.
  • An SSH client (e.g. PuTTY)
  • An account to log in any HPC cluster system which support vncserver.
    HPC system Host for VNC connection Support connection mode
    HPC2021 hpc2021-io1.hku.hk
    hpc2021-io2.hku.hk
    VNC via SSH Tunnel

  1. How to run VNC in a secure way(via SSH tunnel)?
  2. How to reset your VNC password?
  3. How to start VNC session with Gnome/KDE Desktop?

How to run VNC in a secure way(via SSH Tunnel)?

  1. Start a VNC server
    1. Log into the machine that you would like to connect to (hpc2021-io1.hku.hk in this example) by SSH connection. Refer to https://www.its.hku.hk/documentation/guide/infosys/web/ssh/putty.
    2. Start the vncserver on the remote machine by command “vncserver“. On the first time you have run the VNC server, you will be asked to set a VNC password. It is recommended to select a strong password with 8-character.
      [username]$ vncserver
      You will require a password to access your desktops.
      Pasword: ********
      Verify: ********
      

      The vncserver will choose the first available display number and the number will vary from session to session.

      New 'hpc2021-io1.hku.hk:3 (username)' desktop is hpc2021-io1.hku.hk:3

      Take note of the number following the colon(:). This will be the port number you will need in the SSH tunnel setup and eventually terminate the server. In the above example, it means your session will run on display 3 of server hpc2021-io1.hku.hk.

  2. Configure SSH Tunnel by PuTTY
    1. Open PuTTY program, which can be download from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.
    2. In category “Session” and in the field “Host Name (or IP address)”, type in the remote system your intend to connect to. Replace gridpoint.hku.hk with hpc2021-io1.hku.hk if you use HPC2021
    3. system. Select SSH for the connection type. Enter a name in the Saved Sessions field and click “Save
      SSHVNC-PuTTY 01
    4. Click on “SSH” subcategory, enable compression and select SSH protocol version 2.
      SSHVNC-PuTTY 02
    5. Click “Tunnels” in the left pane and enter Source port and Destination. Source port and Destination port is the number you were given in the vncserver command above and add it to 5900. In the example, our vncserver is running on :3,
      • Source port: 5903
      • Destination: hostname:5903

      where hostname is the hostname of server to be remoted.
      SSHVNC-PuTTY 03
      Click the “Add” button. Your tunnel will now appear in the list, similar to figure at follow:
      SSHVNC-PuTTY 04

    6. Select catalogue “Session” and click “Save“. Then you can click “Open” to start the SSH terminal.SSHVNC-PuTTY 05
      Log in with your account name and password. The tunnel will now be active as long as the terminal windows stays running.
      SSHVNC-PuTTY 06
  3. Run a VNC viewer in the client PC
      1. Make sure your client PC is connected to HKU campus network. If connecting from outside the HKU campus network, staff and students are required to login HKUVPN. Refer to https://www.its.hku.hk/documentation/guide/network/remote/hkuvpn2fa.
      2. Run the VNC Viewer program (e.g. Real VNC/Tight VNC). Enter “localhost:3” as the VNC server to connect to.VNC Viewer local 01
        There may be a prompt which acknowledge that sensitive information may not necessarily be secure. As we have set up SSH tunnelling, unencrypted traffic will be transferred via the encrypted SSH channel.
        VNC viewer local 02
      3. Enter the VNC password you create at Step A. You will see the Linux X-window at your client PC. VNC Viewer local 03
  4. Terminate the VNC session
    You should terminate your VNC session after you have finishes your work. To terminate the VNC session running on the Linux server, type the command: vncserver -kill :[display #].

    [username]$ vncserver -kill :3
    Killing Xvnc process ID 12345

How to reset your VNC password?

To reset your VNC password, you should log into the VNC server and then type the command “vncpasswd“.

[username]$ vncpasswd

How to start VNC session with Gnome/KDE Desktop?

VNC will detect your default window manager, and load this when you connect to your Xvnc session. If this is not the case, or you want to use a different window manager, you can modify the VNC startup script ~/.vnc/xstartup. This will not affect existing VNC desktops, but only new ones.

  1. Log into the VNC server
  2. Edit VNC startup script $HOME/.vnc/xstartup
  3. Uncomment the two lines:
    unset SESSION_MANAGER
    exec /etc/X11/xinit/xinitrc
  4. Comment the line:
    twm &
  5. For Gnome desktop, append “gnome-session &” at the end of file.
    For KDE desktop, append “startkde &” at the end of file.