Thank to: http://wiki.centos.org/HowTos/VNC-Server#head-86a610f73b0fa6b5ecf2fe40f0bb301ea0038a26 for the incredible tutorial and reference material!
1. Installing the software packages
The server package is called ‘vnc-server’. Starting for a clean slate, install it with the command: yum install vnc-server.
Make sure to install a window manager in order to get a full-featured GUI desktop. Gnome, Mate, KDE or XFCE.
2. Create the VNC user accounts
If you want to have it just for your user, meaning the regular desktop user that you use for the desktop, you can skip this.
As a root user:
$ su root # useradd userOne # passwd PssswdOn
3. Edit the server configuration
Edit /etc/sysconfig/vncservers, and add the following to the end of the file.
[root@localhost]# cat /etc/sysconfig/vncservers # The VNCSERVERS variable is a list of display:user pairs. # # Uncomment the lines below to start a VNC server on display :2 # as my 'myusername' (adjust this to your own). You will also # need to set a VNC password; run 'man vncpasswd' to see how # to do that. # # DO NOT RUN THIS SERVICE if your local area network is # untrusted! For a secure way of using VNC, see this URL: # http://kbase.redhat.com/faq/docs/DOC-7028 # Use "-nolisten tcp" to prevent X connections to your VNC server via TCP. # Use "-localhost" to prevent remote VNC clients connecting except when # doing so through a secure tunnel. See the "-via" option in the # `man vncviewer' manual page. # VNCSERVERS="2:userOne" # VNCSERVERARGS="-geometry 800x600 -nolisten tcp -nohttpd -localhost"
4. Set your users’ VNC passwords
Switch user into the account for each user, and as noted below, run: vncpasswd This will create the .vnc directory for that userid:
[~]# su - userOne [~]$ vncpasswd [~]$ cd .vnc [.vnc]$ ls passwd [.vnc]$ exit
5. Confirm that the vncserver will start and stop cleanly
We will create the xstartup scripts by starting and stopping the vncserver as root. We also enable the vncserver service to be automatically started. You can always do this through the services gui application in system ->administration.
# /sbin/service vncserver start # /sbin/service vncserver stop # /sbin/chkconfig vncserver on
6. The iptables
The iptables rules in /etc/sysconfig/ need to be modified to open the VNC ports; as needed, if a local ipv6 setup is being used, those need to be amended as well. first check with NIC you use to go to the internet with the server/pc.
You need to add something similar to this: -A INPUT -i eth1 -j ACCEPT where eth0 is your NIC. Don’t skip this step or you’ll never be able to access your server!
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth1 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp -m multiport --dports 5901:5903,6001:6003 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT [root@xen-221 sysconfig]#
… and then restart the iptables:
# /sbin/service iptables restart
7. Start the VNC server
Start the vncserver as root. if you get an error with “display configuration” then you don’t have the .vnc directory for the user executing the start command!
# /sbin/service vncserver start
Now You need to test and everything should work as planned!