uog logo
School of Physics and Astronomy – computing
phas it logo

Contents

VNC configuration

VNC=‘Virtual Network Computing’, and is used by some in, eg, astronomy, to manage persistent sessions on remote machines. It's not a terribly sophisticated protocol, but its simple-mindedness makes it reasonably robust.

Although they do similar jobs, VNC is different from Windows Remote Desktop (which is used for access to some undergrad computing resources), and different from other remote desktop services such as Guacamole, used for some specialised purposes within the school.

We don't really support VNC as a school-level service, but it's used within some groups so it's useful to know a bit about it.

Note: as of mid-2024, VNC is generally blocked from network access, because as a network service it is at least somewhat vulnerable. That is why the instructions below talk exclusively of ssh-tunneled access, and why the instructions here might be slightly different from those you see online.

Concepts §

VNC uses ‘display numbers’ to designate the endpoints of VNC connections. You must start up a server with a particular display number, and then connect from the client (eg, your laptop) to that display number on the server. The examples below use display 9 for concreteness. You should not simply cut-and-paste these. Consult with your colleagues to be allocated such a server number on a particular machine.

This can be a bit confusing, since some software clients (see below) will refer to display ‘9’, for example, as just that; others will refer to it using the TCP port number 5909 (ie, the display number plus 5900).

Setting up (and passwords) §

For the sake of illustration, we'll talk below of connecting to hercules.astro.gla.ac.uk on ‘display number’ 9. As noted above, do not simply cut and paste these examples.

Connect to the target machine using ssh. Then:

hercules% vncserver :9
hercules% vncpasswd

(or whatever port number has been agreed for you). This starts up a server, and sets the connection password for it. This password persists between invocations, so this might have to be done only occasionally. You can then log off.

Notes:

This can later be killed by ssh-ing to the machine and:

hercules% vncserver -kill :9

but it's OK to leave this running for a while. From some people's point of view, keeping a session going for a while is part of the point of VNC, but if you don't need this, then it's tidy to shut your server down when you're finished.

Connecting §

Again with the hercules display 9 example.

Step 1

Connect to the machine in question, forwarding a port from your local machine:

laptop% ssh -L 5900:localhost:5909 hercules.astro.gla.ac.uk

What this invocation does is to connect to hercules.astro, but at the same time to connect port 5900 on your local machine to port 5909 on localhost as viewed from hercules.astro, that is, to the VNC server running on hercules.astro.

Step 2

At this point, you can connect your VNC server to connect to localhost display 0 or port 5900. The net result is that you make a VNC connection apparently to your own laptop, which is then tunnelled so that it actually connects to port 5909 on hercules..

You might also be able to use a URI such as

vnc://localhost:5900

Off-campus

The above should work when in the school, and will generally also work using the campus VPN.

If you can't use the VPN for some reason, then you can also get in via login.astro or login.physics. With the same goal of connecting to display 9 on hercules.astro,

desktop% ssh -L 5900:hercules.astro.gla.ac.uk:5909 login.astro.gla.ac.uk

That connects to login.astro, again connecting your local port 5900 to port 5909 on hercules.astro. As before, you subsequently make the connection by pointing your VNC client to localhost:5900.

Clients §

We'd be interested to hear of recommendations for good clients, based on your experience.