-
Notifications
You must be signed in to change notification settings - Fork 3
Remote Desktop
- Connect to the GUI Desktop from another PC
- Simply
- Without compromising security
As SSH is configured by default on Pi, we will use SSH to Tunnel VNC.
VNC is a remote desktop service, but it has no encryption of its own, and it only has a simple password for authentication. The "Secure" part of the name Secure SHell indicates that it can make up for these deficiencies. All traffic will be encrypted, and SSH uses the best array of authentication options you have available for logging onto a device. With SSH you can configure your devices to increase security or make connections available across the internet. Then, in whatever scenario you use SSH, VNC safely uses the tunnel it makes.
A Tunnel is where SSH takes one of the network 'ports' from the remote device. This is not a physical network port, like the socket where you plug in an ethernet cable. It is one of the 65,536 numbered 'sockets' the device uses for communicting with others using TCPIP. SSH says "I'm going to take everything coming into and out of port, say, 5900 at the remote end and divert it down my tunnel". Now it comes out of and goes into a port at your local end instead.
There are pictures comparing communications with and without an SSH tunnel at [https://devzone.zend.com/3344/zend-studio-to-zend-debugger-over-ssh/]
So the overall process to set up Remote Desktop is:
- connect with SSH that you have configured to create a tunnel
- authenticate to get yourself a remote command prompt
- start the vncserver remotely
- now locally run the vnc client to connect to your local end of the tunnel
you can connect to the terminal simply using SSH
If you don't know the IP address then use Samba Lookup...
nmblookup raspberrypi
Prepare the server (your Raspberry Pi)
# credit https://www.raspberrypi.org/documentation/remote-access/vnc/
sudo apt-get install -y tightvncserver
# initial config
tightvncserver
Prepare your linux client
# credit - http://www.penguintutor.com/linux/tightvnc
sudo apt-get install -y xtightvncviewer libnss-mdns
If you want to reset the vnc password,
use vncpasswd
From one terminal on your Linux client, connect SSH
ssh [email protected] -L 5901:localhost:5901
Once SSH is connects the remote session, run the command...
vncserver
Then, from another terminal on your Linux client, run the VNC viewer
xtightvncviewer localhost:1
For ideas on Windows clients, using PUTTY, see http://raspisimon.no-ip.org/tunnelvnc.php
# set up as per https://github.com/artmg/MuGammaPi/wiki/Remote-Desktop
# if you prefer to pass the ssh password on the commandline install sshpass
# start up a terminal session and paste in these commands...
ssh [email protected] -L 5901:localhost:5901
# type in your password
# now you have your ssh connection
vncserver -geometry 800x480
# this was a bit too big to fit
# vncserver -geometry 1024x600
# start a separate terminal window
# and run...
echo raspbe|xtightvncviewer -autopass localhost:1
# when you have finished, close the vnc viewer program
# then close that separate (local) terminal window
exit
# go back to your ssh terminal window
# stop the remote desktop server
vncserver -kill :1
# come out of the ssh session
exit
# and finally close that original terminal session
exit
If you want to connect from a Windows client you should get
- puTTY [https://crl.ucsd.edu/handbook/vnc/]
- you only need the EXE for remote dekstop
- BUT you might find file transfer tools in the MSI handy
- see SFTP and SCP in [https://github.com/artmg/lubuild/blob/master/help/configure/Networked-Services.md#sftp]
- to generate and install a certificate (instead of username and password)
- [https://github.com/artmg/lubuild/blob/master/help/configure/Networked-Services.md#generate-keys-on-windows]
- realvnc [https://www.realvnc.com]
The steps to configure puTTY are clearly explained at [https://crl.ucsd.edu/handbook/vnc/]
Virtual Network Computing (VNC) uses the Remote Frame Buffer (RFB) protocol. These were both developed by Olivetti Research Labs (ORL) in Cambridge UK, and open-sourced at version 3.3 in 1998.
The because it uses the raster (pixel) framebuffer it is very easy to apply to any graphical desktop. Other solutions like the libre X11 or proprietary Remote Desktop Protocol (RDP) might have a better interpretation of the window layers, and therefore be able to compress screen data more efficiently, but they are not as easy to apply to such a wide variety of operating systems.
When AT&T bought ORL and shut them down not long after, the devs formed RealVNC Ltd. The company released v3.7 and v3.8 of the protocol, and this latter was defined as IETF RFC 6143 in 2011. They continue to commercialise their products, and have claimed copyright on VNC and RFB in certain territories, although they do also provide free-to-use software for some non-commercial circumstances.
The RFB protocol is extensible, however, and clients and servers handshake on connection to negotiate and agree which capabilities to use. The IETF now maintains the registries of various encodings used.
The section above offers a user friendly explanation of tightvncserver over ssh to Pi from Linux and Windows. This section looks more at VNC in general, and on Linux in general, not just on Raspberry Pi OS (even though we use that widely here). Should we maybe theme this by use-case...
- remote control of existing desktop
- add desktop to use GUI over SSH
- ???
See also:
-
Lubuild SSH # VNC
- basics about setting up x11vnc over SSH on existing x desktop
- we might consider integrating that into here in future?
sudo apt install -y x11vnc xvfb
x11vnc -storepasswd
x11vnc -forever -http -display :0 -usepw -shared
# easy to use password if your client remembers it
# shared prevents session lock on server loosing connectivity
# tunnel holding session
ssh -L 5900:localhost:5900 myserver
x11vnc -safer -localhost -nopw -once -display :0 -create
# ssh -L 5900:localhost:5900 myserver "x11vnc -safer -localhost -nopw -once -display :0 -create"
vncviewer localhost:5900
# OR open vnc://localhost:5900
if the client fails with these options, try the -forever options above
Status unclear: does this work?
This was getting Raspbian Lite to have a desktop with remote via VNC. See also this alternative instructions for adding Lubuntu Desktop to Ubuntu server https://www.serverself.com/setup-lubuntu-tightvnc-and-novnc-for-a-vps/
As we wanted desktop environment to run GUI utils, we previously tried to install GUI components over Raspbian lite. However this failed to start X properly when we tried to connect over vnc so we re-installed the Desktop OS edition. It might have worked, but we wanted to eliminate it as an issue getting VNC working.
# on remote
sudo apt install -y xinit xserver-xorg xserver-xorg-core xserver-common icewm icewm-themes xterm x11-apps xfonts-base xfonts-100dpi xfonts-75dpi xfonts-scalable
# credit https://raspberrypi.stackexchange.com/a/107743
sudo apt install -y x11vnc xvfb
Raspberry Pi OS desktops are bundled with realvnc-vnc-server, but you can replace that with the simpler open-source x11vnc quite simply. Instead of starting up a new X session, x11vnc will share the existing desktop X session.
- connect through a tunnel session
ssh -L 5900:localhost:5900 myserver
-
sudo raspi-config- Interfacing Options
- VNC - disable
- console says
Removed /etc/systemd/system/multi-user.target.wants/vncserver-x11-serviced.service.
- Use the commands in Quick setup in Lubuntu above
vncviewer localhost:5900
Next time try ProtocolVersion=3.8
Raspberry Pi OS Desktop and Full editions include the package real-vnc-server ready installed. This is given Free for non-commercial usage and does not appear to require any registration, unlike a free 'VNC Connect Lite' plan.
-
help - https://www.raspberrypi.org/documentation/remote-access/vnc/
-
sudo raspi-config -
System / Boot / Desktop Autologin
- was Boot - to Desktop autologin
-
Display / VNC Resolution
- was Advanced - Resolution
- This was a common fix when searching for "cannot currently show the desktop"
- see also
broken atomic modeseterrors below
- see also
-
Interfacing Options
-
VNC - enable
-
console says
Created symlink /etc/systemd/system/multi-user.target.wants/vncserver-x11-serviced.service → /usr/lib/systemd/system/vncserver-x11-serviced.service. -
sudo nano /root/.vnc/config.d/vncserver-x11
Authentication=VncAuth
#Encryption=PreferOn
- write Out and eXit
-
sudo vncpasswd -service- enter the password
- create the virtual desktop (as there is no desktop on hdmi)
vncserver
- Reboot
macOS computers have VNC built-in under the 'screen sharing' feature. The server may be turned on and controlled via Settings / General / Sharing / Screen Sharing. The 'client', as seen when you which vncviewer is called when you open the vnc:// protocol. The server is provided by the Apple Remote Desktop agent, /System/Library/CoreServices/RemoteManagement/ARDAgent.app and the client by /System/Library/CoreServices/Applications/Screen Sharing.app/Contents/MacOS/Screen Sharing.
To diagnose using logs try:
log show --style compact --predicate 'senderImagePath contains "ScreenSharing"' --info --last 5m
If you get a lot of frequent entries in your logs
broken atomic modeset userspace detected, disabling atomic
- first try the raspi-config / advanced / resolution fix mentioned above
- else check /var/log/messages
- if you get LightDM
The name org.freedesktop.Accounts was not provided by any .service files- check whether accountsservice package in installed
sudo apt install -y accountsservice
- if you get LightDM
- Connecting from macOS default vncviewer
- "The software on the remote computer appears to be incompatible with this version of Screen Sharing."
- many articles suggest encryption modes are getting in the way and should be turned off or preferred off
sudo cat /var/log/vncserver-x11.log
### Server logs
SConnection: Client needs protocol version 3.3
Connections: disconnected: [ConnFailed] No configured security type is supported by 3.3 VNC Viewer
### Client logs
server major version 5 minor version 0
server decided it is not compatible
Could not connect: status = -202
connection result 4
- NB: According to RFC 6143 RFB v3.3 does not negotiate security types, but imposes what it wants on the client in a take-it-or-leave-it kind of way.
- https://help.realvnc.com/hc/en-us/articles/360002251297-VNC-Server-Parameter-Reference-#Encryption
sudo nano /root/.vnc/config.d/vncserver-x11
ProtocolVersion=3.3
Authentication=VncAuth
#Authentication=None
Encryption=AlwaysOff
SecurityTypes=None
Log=*:file:100
- restart and retry
Trying multiple iterations of the server settings above:
- when picking VncAuth the client does not appear to ask for a password
- when Auth is None, the server accepts the connection but the client then waits for a password to be typed
Not sure whether the 'fault' is with the client or the server, but these do not appear to work together.
remote desktops.120428
Absorb into above or remove
- Client & Server
- Linux Client
- Windows Client (incl Vista & W7)
- Gratis if not Libre? FLOSS
- Encryption
- WM client?
- EchoVNC - libre, multiprotocol, firewall friendly, based on UltraVNC, v2.35 080804
- iTALC - libre, multios, school oriented, v1.0.9 080723
- TightVNC - libre, multios, extends RFB, 1.3.10 090305
- TightVNC has PortableApps client in dev http://portableapps.com/node/11285
- TightVNC (didn't work as a system service under Vista until v2)
- TightVNC settings are under
- HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3
- HKEY_CURRENT_USER\Software\ORL\WinVNC3
- UltraVNC - no linux version
- RealVNC - free version NOT on vista!
- X2 server not free
- TeamViewer Gratis (NC) but no Linux
Use base VNC protocol on personal network
- Windows Server: UltraVNC
- Windows Client: UltraVNC
- Ubuntu client: Vinagre
- Xubuntu client: x11vnx
- Ubuntu server: Vino
- Xubuntu server: x11vnc
(or sudo wine vncviewer.exe for full UltraVNC)
SSH port forwarding for encryption (https://help.ubuntu.com/community/VNC#SSH%20port-forwarding)