x11vnc (Version 0.9.13)
ssl-encrypted accelerated vnc server
x11vnc is a vnc server which exports the real X display
to a VNC viewer. This module has been built with turboVNC and Virutal GL
support and it offers openssl-encryption. To use it on the cluster you
need to start a job and once it is running log in on that node.
when you are logged in on the node set up the display variable:
ip_addr=$(gethostip -d $HOST)
the FD_SESS variable sets the type of session (xfce, kde, gnome, twm, failsafe)
and FD_GEOM defines the screen resolution used internally.
In the calls below you can also use a different value if you want to scale
the display sent to the client.
when you use vnc for the first time you will be asked to set a vnc password
which should be different from your normal login password.
The vnc server can be started with the following command:
x11vnc -usepw -ssl -display :0 -create -geometry $FD_GEOM -norepeat -ncache 10
the first time you start the server with -ssl it will create certificates
and the first time you connect with ssvnc client it will ask you to import the
certificates to ~/.vnc/certs
if you want to use port 5901 and display 1 the above commands read:
x11vnc -usepw -ssl -display :1 -rfbport 5901 -create -geometry $FD_GEOM -ncache 10
However, this mechanism is only a protection against an attacker which
listens to the traffic when typing in the password. However anyone can
try to connect to the vnc server, which you have started, and brute force
attack the password prompt. To ensure that only your own client can connect,
you have to follow these steps, where you will be promptet each time for
information going to the subject of the x509 certificates which will be
x11vnc -sslGenCert client yourclient
x11vnc -sslGenCert server
copy over the ca certificate and the client certificate
(usually $HOME/.vnc/certs/CA/cacert.pem and $HOME/.vnc/certs/clients/* )
to your client and chose the cacert.pem as server certificate in ssvnc
in the Certs... dialog and the client certificate as client of course.
Then start up the server with the following command:
x11vnc -usepw -ssl SAVE -sslverify CA -display :0 -create -geometry 1024x768 -ncache 10
When the vnc server is running, you can connect with the ssvnc
client, but you have to tunnel the vnc connection through ssh,
i.e. on your local computer you connect to one of the frontends
ssh -fNL 5900:$ip_addr:5900 bwunicluster.scc.kit.edu
and then you point your vnc viewer to localhost:5900
$ip_addr is the one on the cluster internal network which was shown above
the ssvnc client should be running on your local computer as well.
Many linux distributions already offer it, but you can also download
it from the URL given below.
To use an external viewer with ssvnc go to options, advanced,
Change VNC Viewer and select your favorite viewer. To avoid trouble
with ipv6 avaid lines containing localhost and ipv6 addresses in
your local /etc/hosts file.
It is also a good idea to turn off the screen saver for your account,
since the virtual desktop should be accessible only to you anyway.
After ending your sesseion, make sure to kill all vnc processes. Use
to check for remaining processes associated with the terminal where the
vnc server was running. Usually, a couple of processes remain there and
you have to kill them manually.
for more detailed info about ssl see http://www.karlrunge.com/x11vnc/ssl.html
To use the VirtualGL support (which you may need when running OpenGL
applications inside the VNC session) you have to start them with the commands
module load vis/x11vnc
vglrun -d $DISPLAY glxgears
where you replace glxgears with your favorite OpenGL application
links for further reading and sorces for clients:
x11vnc FAQ page:
how to use an external viewer with ssvnc client:
(search for 'Change VNC Viewer')
see also http://www.karlrunge.com/x11vnc/
It is not guaranteed that this module is available at other bwGRiD sites.
In case of problems, please contact 'firstname.lastname@example.org'.