前言
有些场景下,需要进行桌面演示,在 windows 里有很多软件可以满足此类需求,那在 Linux 里该如何实现呢
这时 TigerVNC 就派上用场了
VNC 在云端管理中其实有着广泛的用途,很多云平台的 console 底层其实就是用的 VNC,不过这里不就如何利用 VNC 软件进行系统管理来展开,而只侧重于使用 VNC 的特性来进行桌面共享
此文章借鉴了 VNC服务全攻略 中的部分内容和 X0VNCSERVER 中的部分解释,源码可以参考 TigerVNC github
概要
系统环境
代码语言:javascript复制[root@56-201 ~]# hostnamectl
Static hostname: 56-201
Icon name: computer-vm
Chassis: vm
Machine ID: 33dc28f7e76c4903ad9b603b77e29a7c
Boot ID: 80f01d1e82ab4c2d802e1f89b7c8a58c
Virtualization: kvm
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-514.21.1.el7.x86_64
Architecture: x86-64
[root@56-201 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:0e:38:94 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3
valid_lft 54758sec preferred_lft 54758sec
inet6 fe80::2bb7:5b3:9584:d8eb/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:bb:5d:54 brd ff:ff:ff:ff:ff:ff
inet 192.168.56.201/24 brd 192.168.56.255 scope global enp0s8
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:febb:5d54/64 scope link
valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:16:5e:11 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
link/ether 52:54:00:16:5e:11 brd ff:ff:ff:ff:ff:ff
[root@56-201 ~]# uname -a
Linux 56-201 3.10.0-514.21.1.el7.x86_64 #1 SMP Thu May 25 17:04:51 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@56-201 ~]#目标
- 构建 vncserver ,共享本地桌面
- 使用客户端 vncviewer 进行访问
安装 tigervnc-server
代码语言:javascript复制[root@56-201 ~]# rpm -qa | grep vnc
[root@56-201 ~]# yum list all | grep -i vnc
gtk-vnc.i686 0.5.2-7.el7 base
gtk-vnc.x86_64 0.5.2-7.el7 base
gtk-vnc-devel.i686 0.5.2-7.el7 base
gtk-vnc-devel.x86_64 0.5.2-7.el7 base
gtk-vnc-python.x86_64 0.5.2-7.el7 base
gtk-vnc2.i686 0.5.2-7.el7 base
gtk-vnc2.x86_64 0.5.2-7.el7 base
gtk-vnc2-devel.i686 0.5.2-7.el7 base
gtk-vnc2-devel.x86_64 0.5.2-7.el7 base
gvnc.i686 0.5.2-7.el7 base
gvnc.x86_64 0.5.2-7.el7 base
gvnc-devel.i686 0.5.2-7.el7 base
gvnc-devel.x86_64 0.5.2-7.el7 base
gvnc-tools.x86_64 0.5.2-7.el7 base
gvncpulse.i686 0.5.2-7.el7 base
gvncpulse.x86_64 0.5.2-7.el7 base
gvncpulse-devel.i686 0.5.2-7.el7 base
gvncpulse-devel.x86_64 0.5.2-7.el7 base
libguac-client-vnc.x86_64 1:0.9.12-1.el7 epel
libvncserver.i686 0.9.9-9.el7_0.1 base
libvncserver.x86_64 0.9.9-9.el7_0.1 base
libvncserver-devel.i686 0.9.9-9.el7_0.1 base
libvncserver-devel.x86_64 0.9.9-9.el7_0.1 base
novnc.noarch 0.5.1-2.el7 epel
tigervnc.x86_64 1.3.1-9.el7 base
tigervnc-icons.noarch 1.3.1-9.el7 base
tigervnc-license.noarch 1.3.1-9.el7 base
tigervnc-server.x86_64 1.3.1-9.el7 base
tigervnc-server-applet.noarch 1.3.1-9.el7 base
tigervnc-server-minimal.x86_64 1.3.1-9.el7 base
tigervnc-server-module.x86_64 1.3.1-9.el7 base
x11vnc.x86_64 0.9.13-11.el7 epel
x11vnc-javaviewers.noarch 0.9.13-11.el7 epel
[root@56-201 ~]# yum install tigervnc-server.x86_64
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.sohu.com
* c7-media:
* epel: mirrors.ustc.edu.cn
* extras: mirrors.btte.net
* updates: mirrors.btte.net
Resolving Dependencies
--> Running transaction check
---> Package tigervnc-server.x86_64 0:1.3.1-9.el7 will be installed
--> Processing Dependency: tigervnc-server-minimal for package: tigervnc-server-1.3.1-9.el7.x86_64
--> Running transaction check
---> Package tigervnc-server-minimal.x86_64 0:1.3.1-9.el7 will be installed
--> Processing Dependency: tigervnc-license for package: tigervnc-server-minimal-1.3.1-9.el7.x86_64
--> Running transaction check
---> Package tigervnc-license.noarch 0:1.3.1-9.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
tigervnc-server x86_64 1.3.1-9.el7 base 203 k
Installing for dependencies:
tigervnc-license noarch 1.3.1-9.el7 base 26 k
tigervnc-server-minimal x86_64 1.3.1-9.el7 base 1.0 M
Transaction Summary
================================================================================
Install 1 Package ( 2 Dependent packages)
Total download size: 1.2 M
Installed size: 3.0 M
Is this ok [y/d/N]: y
Downloading packages:
(1/3): tigervnc-license-1.3.1-9.el7.noarch.rpm | 26 kB 00:00
(2/3): tigervnc-server-1.3.1-9.el7.x86_64.rpm | 203 kB 00:00
(3/3): tigervnc-server-minimal-1.3.1-9.el7.x86_64.rpm | 1.0 MB 00:00
--------------------------------------------------------------------------------
Total 1.9 MB/s | 1.2 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : tigervnc-license-1.3.1-9.el7.noarch 1/3
Installing : tigervnc-server-minimal-1.3.1-9.el7.x86_64 2/3
Installing : tigervnc-server-1.3.1-9.el7.x86_64 3/3
Verifying : tigervnc-license-1.3.1-9.el7.noarch 1/3
Verifying : tigervnc-server-1.3.1-9.el7.x86_64 2/3
Verifying : tigervnc-server-minimal-1.3.1-9.el7.x86_64 3/3
Installed:
tigervnc-server.x86_64 0:1.3.1-9.el7
Dependency Installed:
tigervnc-license.noarch 0:1.3.1-9.el7
tigervnc-server-minimal.x86_64 0:1.3.1-9.el7
Complete!
[root@56-201 ~]# rpm -qa | grep -i vnc
tigervnc-server-minimal-1.3.1-9.el7.x86_64
tigervnc-license-1.3.1-9.el7.noarch
tigervnc-server-1.3.1-9.el7.x86_64
[root@56-201 ~]# tigervnc 的内容
我们可以查看一下 tigervnc-server 提供了哪些内容
代码语言:javascript复制[root@56-201 ~]# rpm -qa | grep -i vnc
tigervnc-server-minimal-1.3.1-9.el7.x86_64
tigervnc-license-1.3.1-9.el7.noarch
tigervnc-server-1.3.1-9.el7.x86_64
[root@56-201 ~]# rpm -ql tigervnc-server-minimal-1.3.1-9.el7.x86_64
/usr/bin/Xvnc
/usr/bin/vncconfig
/usr/bin/vncpasswd
/usr/share/man/man1/Xvnc.1.gz
/usr/share/man/man1/vncconfig.1.gz
/usr/share/man/man1/vncpasswd.1.gz
[root@56-201 ~]# rpm -ql tigervnc-license-1.3.1-9.el7.noarch
/usr/share/doc/tigervnc-1.3.1/LICENCE.TXT
[root@56-201 ~]# rpm -ql tigervnc-server-1.3.1-9.el7.x86_64
/etc/sysconfig/vncservers
/usr/bin/vncserver
/usr/bin/x0vncserver
/usr/lib/systemd/system/vncserver@.service
/usr/share/man/man1/vncserver.1.gz
/usr/share/man/man1/x0vncserver.1.gz
[root@56-201 ~]#
[root@56-201 ~]#
[root@56-201 ~]# file /usr/bin/vncserver
/usr/bin/vncserver: Perl script, ASCII text executable
[root@56-201 ~]# file /usr/bin/x0vncserver
/usr/bin/x0vncserver: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=1668faf8de781ac64e259fa779bfec33821039a3, stripped
[root@56-201 ~]# file /usr/bin/Xvnc
/usr/bin/Xvnc: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=4adaafb7f26ad7ff6bc0c2a551dd654272e44450, stripped
[root@56-201 ~]# file /usr/bin/vncconfig
/usr/bin/vncconfig: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=9033d47e8d678e73327c03e9fecd5d9e2dc08693, stripped
[root@56-201 ~]# file /usr/bin/vncpasswd
/usr/bin/vncpasswd: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=47572afa0576654d59a26f3e5b58e99ca5ee2cba, stripped
[root@56-201 ~]# tigervnc 的关键命令
要共享本地桌面,这里我们主要关心以下几个文件
/usr/bin/vncpasswd
这个命令主要用来设置 VNC 的访问密码
代码语言:javascript复制vncpasswd allows you to set the password used to access VNC desktops. Its default behavior is to prompt for a VNC password and then store an obfuscated version of this password to passwd-file (or to $HOME/.vnc/passwd if no password file is specified.) The vncserver script runs vncpasswd the first time you start a VNC desktop, and it invokes Xvnc with the appropriate -rfbauth option. vncviewer can also be given a password file to use via the -passwd option.
[root@56-201 ~]# vncpasswd vnc.pass.file
Password:
Verify:
[root@56-201 ~]#
[root@56-201 ~]# ll vnc.pass.file
-rw-------. 1 root root 8 8月 21 19:57 vnc.pass.file
[root@56-201 ~]# /usr/bin/x0vncserver
这个命令用来将本地的桌面共享给远程
代码语言:javascript复制x0vncserver is a TigerVNC Server which makes any X display remotely accessible via VNC, TigerVNC or compatible viewers. Unlike Xvnc(1), it does not create a virtual display. Instead, it just shares an existing X server (typically, that one connected to the physical screen).
Note: Xvnc 是新创建一个虚拟桌面,而 x0vncserver 可以共享本地的桌面
[root@56-201 ~]# x0vncserver --help
TigerVNC Server version 1.3.1, built Nov 16 2016 13:37:43
Usage: x0vncserver [<parameters>]
x0vncserver --version
Parameters can be turned on with -<param> or off with -<param>=0
Parameters which take a value can be specified as -<param> <value>
Other valid forms are <param>=<value> -<param>=<value> --<param>=<value>
Parameter names are case-insensitive. The parameters are:
Global Parameters:
UseIPv6 - Use IPv6 for incoming and outgoing connections. (default=1)
UseIPv4 - Use IPv4 for incoming and outgoing connections. (default=1)
MaxCutText - Maximum permitted length of an incoming clipboard update
(default=262144)
pam_service - service name for pam password validation (default=vnc)
ZlibLevel - Zlib compression level (default=-1)
PlainUsers - Users permitted to access via Plain security type (including
TLSPlain, X509Plain etc.) (default=)
QueryConnect - Prompt the local user to accept or reject incoming
connections. (default=0)
SendCutText - Send clipboard changes to clients. (default=1)
AcceptCutText - Accept clipboard updates from clients. (default=1)
AcceptPointerEvents - Accept pointer press and release events from clients.
(default=1)
AcceptKeyEvents - Accept key press and release events from clients.
(default=1)
DisconnectClients - Disconnect existing clients if an incoming connection is
non-shared. If combined with NeverShared then new
connections will be refused while there is a client active
(default=1)
NeverShared - Never treat incoming connections as shared, regardless of
the client-specified setting (default=0)
AlwaysShared - Always treat incoming connections as shared, regardless of
the client-specified setting (default=0)
Protocol3.3 - Always use protocol version 3.3 for backwards compatibility
with badly-behaved clients (default=0)
CompareFB - Perform pixel comparison on framebuffer to reduce
unnecessary updates (0: never, 1: always, 2: auto)
(default=2)
ClientWaitTimeMillis - The number of milliseconds to wait for a client which
is no longer responding (default=20000)
MaxIdleTime - Terminate after s seconds of user inactivity (default=0)
MaxConnectionTime - Terminate when a client has been connected for s seconds
(default=0)
MaxDisconnectionTime - Terminate when no client has been connected for s
seconds (default=0)
IdleTimeout - The number of seconds after which an idle VNC connection
will be dropped (zero means no timeout) (default=0)
RemapKeys - Comma-separated list of incoming keysyms to remap. Mappings
are expressed as two hex values, prefixed by 0x, and
separated by -> (default=)
ImprovedHextile - Use improved compression algorithm for Hextile encoding
which achieves better compression ratios by the cost of
using more CPU time (default=1)
BlacklistTimeout - The initial timeout applied when a host is first
black-listed. The host cannot re-attempt a connection until
the timeout expires. (default=10)
BlacklistThreshold - The number of unauthenticated connection attempts
allowed from any individual host before that host is
black-listed (default=5)
AlwaysSetDeferUpdateTimer - Always reset the defer update timer on every
change (default=0)
DeferUpdate - Time in milliseconds to defer updates (default=1)
Log - Specifies which log output should be directed to which
target logger, and the level of output to log. Format is
<log>:<target>:<level>[, ...]. (default=)
HostsFile - File with IP access control rules (default=)
QueryConnectTimeout - Number of seconds to show the Accept Connection dialog
before rejecting the connection (default=10)
rfbport - TCP port to listen for RFB protocol (default=5900)
display - The X display (default=)
OverlayMode - Use overlay mode under IRIX or Solaris (default=1)
UseSHM - Use MIT-SHM extension if available (default=1)
MaxProcessorUsage - Maximum percentage of CPU time to be consumed
(default=35)
PollingCycle - Milliseconds per one polling cycle; actual interval may be
dynamically adjusted to satisfy MaxProcessorUsage setting
(default=30)
VideoArea - Screen area to be handled as video. Format is
<width>x<height> <offset_x> <offset_y>. (default=)
Geometry - Screen area shown to VNC clients. Format is
<width>x<height> <offset_x> <offset_y>, more information in
man X, section GEOMETRY SPECIFICATIONS. If the argument is
empty, full screen is shown to VNC clients. (default=)
Server Parameters:
x509key - specifies path to the key of the x509 certificate in PEM
format (default=)
x509cert - specifies path to the x509 certificate in PEM format
(default=)
Password - Obfuscated binary encoding of the password which clients
must supply to access the server (default=)
rfbauth - Alias for PasswordFile
PasswordFile - Password file for VNC authentication (default=)
SecurityTypes - Specify which security scheme to use (None, VncAuth)
(default=VncAuth,TLSVnc)
[root@56-201 ~]#通过 x0vncserver 共享本地桌面
这个操作必须在图形界面下,本地执行
代码语言:javascript复制[root@56-201 ~]# x0vncserver -PasswordFile=./vnc.pass.file -AlwaysShared=on -AcceptPointerEvents=off -AcceptKeyEvents=off
Mon Aug 21 20:28:09 2017
Geometry: Desktop geometry is set to 1090x814 0 0
Main: XTest extension present - version 2.2
Main: Listening on port 5900
...
...
...打开防火墙 5900 端口
x0vncserver 会启用本地的 5900 端口进行监听
[root@56-201 ~]# ps faux | grep vnc
root 11568 0.0 0.0 112648 1004 pts/1 S 20:37 0:00 _ grep --color=auto vnc
root 11139 0.0 0.2 101252 4308 pts/0 S 20:28 0:00 | _ x0vncserver -PasswordFile=./vnc.pass.file -AlwaysShared=on -AcceptPointerEvents=off -AcceptKeyEvents=off
[root@56-201 ~]# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 192.168.56.201:22 192.168.56.1:47434 ESTABLISHED
tcp6 0 0 :::5900 :::* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
[root@56-201 ~]#要在防火墙上开放,其它人才能连接
代码语言:javascript复制[root@56-201 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3 enp0s8
sources:
services: dhcpv6-client ssh
ports: 8080/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
[root@56-201 ~]# firewall-cmd --add-port=5900/tcp
success
[root@56-201 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3 enp0s8
sources:
services: dhcpv6-client ssh
ports: 8080/tcp 5900/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
[root@56-201 ~]#客户端通过 vncviewer 连接
代码语言:javascript复制wilmos@Nothing:~$ vncviewer 192.168.56.201
Connected to RFB server, using protocol version 3.8
Performing standard VNC authentication
Password:
Authentication successful
Desktop name "x0vncserver"
VNC server default format:
32 bits per pixel.
Least significant byte first in each pixel.
True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
Warning: Cannot convert string "-*-helvetica-bold-r-*-*-16-*-*-*-*-*-*-*" to type FontStruct
Using default colormap which is TrueColor. Pixel format:
32 bits per pixel.
Least significant byte first in each pixel.
True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
...
...
...与此同时服务端也会有新的日志产生
代码语言:javascript复制[root@56-201 ~]# x0vncserver -PasswordFile=./vnc.pass.file -AlwaysShared=on -AcceptPointerEvents=off -AcceptKeyEvents=off
Mon Aug 21 20:28:09 2017
Geometry: Desktop geometry is set to 1090x814 0 0
Main: XTest extension present - version 2.2
Main: Listening on port 5900
Mon Aug 21 20:40:37 2017
Connections: accepted: 192.168.56.1::49866
SConnection: Client needs protocol version 3.8
SConnection: Client requests security type VncAuth(2)
Mon Aug 21 20:40:39 2017
Main: Enabling 8 buttons of X pointer device
Main: Allocated basic Xlib image
VNCSConnST: Server default pixel format depth 24 (32bpp) little-endian rgb888
VNCSConnST: Client pixel format depth 24 (32bpp) little-endian rgb888
...
...
...这时在服务端进行任何操作,画面都会同步到客户端
命令参数注释
x0vncserver -PasswordFile=./vnc.pass.file -AlwaysShared=on -AcceptPointerEvents=off -AcceptKeyEvents=off
PasswordFile
用来显式地指定密码文件,客户端需要依此来认证
Password file for VNC authentication. There is no default, you should specify the password file explicitly. Password file should be created with the vncpasswd(1) utility
AlwaysShared
将所有的接入都看当作画面共享,而不管客户端的连接设置
Always treat incoming connections as shared, regardless of the client-specified setting. Default is off
AcceptPointerEvents
接受客户端的鼠标操作
Accept pointer events from clients. Default is on.
AcceptKeyEvents
接受客户端的键盘操作
Accept key press and release events from clients. Default is on.
命令汇总
rpm -qa | grep vncyum list all | grep -i vncyum install tigervnc-server.x86_64rpm -qa | grep -i vncrpm -ql tigervnc-server-minimal-1.3.1-9.el7.x86_64rpm -ql tigervnc-license-1.3.1-9.el7.noarchrpm -ql tigervnc-server-1.3.1-9.el7.x86_64file /usr/bin/vncserverfile /usr/bin/x0vncserverfile /usr/bin/Xvncfile /usr/bin/vncconfigfile /usr/bin/vncpasswdvncpasswd vnc.pass.filell vnc.pass.filex0vncserver --helpx0vncserver -PasswordFile=./vnc.pass.file -AlwaysShared=on -AcceptPointerEvents=off -AcceptKeyEvents=offps faux | grep vncnetstat -antfirewall-cmd --add-port=5900/tcpfirewall-cmd --list-allx0vncserver -PasswordFile=./vnc.pass.file -AlwaysShared=on -AcceptPointerEvents=off -AcceptKeyEvents=off
