一、简介
vncserver由2部分组成
- 客户端的应用程序 vncviewer
- 服务器端的应用程序 vncserver
vncserver和xmanager的区别
- vnc是远程连入操作系统,所有操作在unix、linux主机服务器端进行,即使操作过程中“本地电脑与操作主机网络断开”,也不影响操作的顺利进行;
- xmanager是通过端口将主机服务器的UI界面引导到本地电脑进行展现,如操作过程中出现“本地电脑与操作主机网络断开”,操作将中断失败!
- vnc免费开源,而xmanager是收费的
工作流程
- 服务器端启动vncserver
- vnc客户端通过浏览器或vnc viewer连接至vncserver;
- vnc server传送一对话窗口至客户端,要求输入连接密码,以及存取的vncserver显示装置
- 在客户端输入联机密码后,vncserver验证客户端是否有存取权限
- 若是客户端通过vnc server验证,客户端即要求vnc server显示桌面环境
- vnc server通过x protocol要求x server将画面显示控制权交由vnc server负责
- vnc server将来由x server的桌面环境里面vnc 通信协议送至客户端,并且允许客户端控制vnc server的桌面环境及输入装置。
二、服务器端安装 修改配置centos6
1.检查是否安装
rpm -qa|grep vnc
2.若未安装,安装命令如下
yum install -y tigervnc tigervnc-server
3.若是centos7、linux7之前版本中,通过/etc/sysconfig/vncservers文件来配置,配置如下:
1)复制最后两行并去掉行首注释符,然后修改,如下所示:
配置说明:
- vnc servers配置登录远程桌面的用户名
- vnc的默认监听端口是5900,监听端口规则为590+usernumber【如打开第二个窗口,则对应端口为5902】
- vncserverargs[2]登陆桌面配置: 2为用户序号,1366*768是分辨率,-nolisten tcp为组织tcp包 -nohttpd为组织http包,-localhost代表只监听本地 。 如 vncserverargs[2]=''-geometry 800*600 -nolisten tcp -nohttpd -localhost
2)设置密码,两次输入
vncpasswd
3)启动vncserver服务
/etc/init.d/vncserver start
或
service vncserver start
或重启
service vncserver restart
4) 配置使用gnome桌面
vim /root/.vnc/xstartup
注释掉twm &,结尾添加一行 gnome & ,如图所示:
注意:
如果没有安装 Linux 图形界面,则需要安装:rpm -qa |grep gnome
【检查是否安装了图形界面】yum groupinstall "X Window System" "Chinese Support" "Desktop"
【安装】
5)若是手动开启了防火墙,需要手工开启相应的端口
iptables -I INPUT -p tcp --dport 5902 -j ACCEPT
6)设置vncserver服务开机自启动,重启linux完成
chkconfig vncserver on
三、服务器端安装 修改配置centos7
1.若是centos7、linux7版本,/etc/sysconfig/vncservers只剩下了一行语句,不再有配置意义,其内容只有一行
# THIS FILE HAS BEEN REPLACED BY /lib/systemd/system/vncserver@.service
这与7版本之后服务管理方式的变化有关,接下来将演示如何将vncserver配置为systemd能够管理的服务
tigervnc-server安装后,自动创建一个名为vncserver@.server的模块文件,就是前面/etc/sysconfig/vncservers所指向的路径,仔细阅读该模块文件中的内容,并按照该模块文件的指示来操作
[root@single06 ~]# cat /lib/systemd/system/vncserver@.service
# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/vncserver@.service
# 2. Replace <USER> with the actual user name and edit vncserver
# parameters appropriately
# (ExecStart=/usr/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"
# PIDFile=/home/<USER>/.vnc/%H%i.pid)
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable vncserver@:<display>.service`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted! For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel. See the "-via" option in the
# `man vncviewer' manual page.
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"
PIDFile=/home/<USER>/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
[Install]
WantedBy=multi-user.target
2 操作步骤:
1)基于模板复制文件到目标路径下:
2)编辑新复制出来的vncserver@:1.server文件,根据实际情况来将变量替换为适当的值。主要是两项内容:服务运行的所属user,以及服务的display number,默认为:1
cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service
关于displaynumber
单台服务器允许同时启动多个vncserver服务,不同的vncserver运行于不同的进程,提供不同的端口服务,同时每个vncserver在启动时要指定一个display number,指定的display number大于0且不重复,若启动的vncserver时没有指定,则默认的display number会从1开始递增。若同一台服务器中多个vncserver启动时制定了相同的display number,则只会有一个能够启动成功
接下来编辑vncserver@:1.server文件,修改配置项:
只要做2处修改即可,display number和user
修改前
[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"
PIDFile=/home/<USER>/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
修改后
[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill :1 > /dev/null 2>&1 || :'
ExecStart=/usr/sbin/runuser -l oracle -c "/usr/bin/vncserver :1"
PIDFile=/home/oracle/.vnc/%H:1.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill :1 > /dev/null 2>&1 || :'
3)重新加载systemd配置
systemctl daemon-reload
4)启用服务,将vncserver服务设置为开机自启动
systemctl enable vncserver@:1.service
至此,vncserver配置部分结束,但是不要先启动start vncserver,因为vncserver的访问密钥文件还未创建,我们要为vncserver创建密钥后再启动服务
需要到前面指定的用户下进行密钥的配置
su - username
vncpasswd
然后返回root用户下,通过systemd来控制vncserver服务的启停了,具体语句如下:
systemctl start vncserver@:1.service 启动服务
systemctl status vncserver@:1.service 查看服务状态
四、客户端链接
1.确定ip和端口
当vnc服务启动后,可以通过vncviewer之类的工具链接服务器。在指定服务器地址时,需要填入目标服务器的ip地址和服务的端口号。一般而言,服务器地址是可以确定的,那端口号应该填什么呢?
vnc服务所使用的端口号从5900开始,第一个运行vnc服务启动后就是运行在5901端口上,其他依次递增。若在linux系统中查询,可使用netstat或ps之类查询
ps -ef|grep vnc
此时可看见,这个vnc服务运行在5901端口上。若该服务器上同时启动了多个vnc服务,则通过查看进程的方式,可以区分哪个服务运行于哪个用户及哪个端口
2.通过vncviewer连接 linux平台
1)安装包
yum install -y tigervnc tigervnc-server
2)root用户下
[root@single07 ~]# vncviewer
TigerVNC Viewer 64-bit v1.8.0
Built on: 2018-04-11 06:05
Copyright (C) 1999-2017 TigerVNC Team and many others (see README.txt)
See http://www.tigervnc.org for information on TigerVNC.
弹出如下界面
输入ip:port,点击connect
输入前面vncpasswd设置的密码,点击ok
进入远程系统的登陆界面,输入密码,进入界面,打开终端,查看用户是否正确
尝试使用dbca
安装界面可以正常弹出
五、vncserver服务常用管理操作
1.启用服务开机自启动
systemctl enable vncserver@1:service 启用服务开机自启动
systemctl disable vncserver@1:service 禁用服务开机自启动
systemctl start vncserver@1:service 服务启动
systemctl stop vncserver@1:service 服务停止
systemctl status vncserver@1:service 查看服务状态
2.vnc进程的启动与关闭
查看vnc进程 ps -ef|grep vnc
有的话,需要通过su - username,再执行 vncserver -list
[root@single06 .X11-unix]# su - oracle
Last login: Wed Nov 17 13:41:54 CST 2021 on pts/0
[oracle@single06 ~]$ vncserver -list
TigerVNC server sessions:
X DISPLAY # PROCESS ID
:1 55164
[oracle@single06 ~]$ su - zhouyue
Last login: Wed Nov 17 14:49:35 CST 2021 on pts/0
[zhouyue@single06 ~]$ vncserver -list
TigerVNC server sessions:
X DISPLAY # PROCESS ID
:2 79398
删除vnc进程有2种,利用vncserver -kill和直接手动kill -9 id
1)vncserver -kill :2
[zhouyue@single06 ~]$ vncserver -kill :2
Killing Xvnc process ID 79398
当需要再重新启动时,可直接systemctl start vncserver@:2.service
systemctl start vncserver@:2.service
2) kill -9 id
id可通过ps -ef|grep vnc来确定
[root@single06 .X11-unix]# ps -ef|grep vnc
oracle 55164 1 0 13:45 ? 00:00:04 /usr/bin/Xvnc :1 -auth /home/oracle/.Xauthority -desktop single06:1 (oracle) -fp catalogue:/etc/X11/fontpath.d -geometry 1024x768 -pn -rfbauth /home/oracle/.vnc/passwd -rfbport 5901 -rfbwait 30000
zhouyue 85425 1 0 15:02 ? 00:00:00 /usr/bin/Xvnc :2 -auth /home/zhouyue/.Xauthority -desktop single06:2 (zhouyue) -fp catalogue:/etc/X11/fontpath.d -geometry 1024x768 -pn -rfbauth /home/zhouyue/.vnc/passwd -rfbport 5902 -rfbwait 30000
root 86920 5531 0 15:03 pts/0 00:00:00 grep --color=auto vnc
[root@single06 .X11-unix]# kill -9 85425
[root@single06 .X11-unix]# ps -ef|grep vnc
oracle 55164 1 0 13:45 ? 00:00:04 /usr/bin/Xvnc :1 -auth /home/oracle/.Xauthority -desktop single06:1 (oracle) -fp catalogue:/etc/X11/fontpath.d -geometry 1024x768 -pn -rfbauth /home/oracle/.vnc/passwd -rfbport 5901 -rfbwait 30000
root 87666 5531 0 15:05 pts/0 00:00:00 grep --color=auto vnc
如需重新启用,操作比较复杂,流程如下:
a. 修改配置文件 /etc/systemd/system/vncserver@:2.service
[Service]
#Type=forking
Type=simple
b. systemctl daemon-reload
c.systemctl disable vncserver@:2.service
d.systemctl enable vncserver@:2.service
e.systemctl start vncserver@:2.service
最后检查结果如下:
[root@single06 .X11-unix]# systemctl status vncserver@:2.service
● vncserver@:2.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver@:2.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Wed 2021-11-17 15:11:56 CST; 5s ago
Process: 93515 ExecStop=/bin/sh -c /usr/bin/vncserver -kill :2 > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
Process: 93436 ExecStart=/usr/sbin/runuser -l zhouyue -c /usr/bin/vncserver :2 (code=exited, status=0/SUCCESS)
Process: 93429 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill :2 > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
Main PID: 93436 (code=exited, status=0/SUCCESS)
Nov 17 15:11:53 single06 systemd[1]: Starting Remote desktop service (VNC)...
Nov 17 15:11:53 single06 systemd[1]: Started Remote desktop service (VNC).
否则报错如下:
[root@single06 .X11-unix]# systemctl start vncserver@:2.service
Job for vncserver@:2.service failed because a configured resource limit was exceeded. See "systemctl status vncserver@:2.service" and "journalctl -xe" for details.
[root@single06 .X11-unix]# systemctl start vncserver@:2.service
Job for vncserver@:2.service failed because a configured resource limit was exceeded. See "systemctl status vncserver@:2.service" and "journalctl -xe" for details.
[root@single06 .X11-unix]# systemctl status vncserver@:2.service
● vncserver@:2.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver@:2.service; enabled; vendor preset: disabled)
Active: failed (Result: resources) since Wed 2021-11-17 15:07:10 CST; 10s ago
Process: 89337 ExecStart=/usr/sbin/runuser -l zhouyue -c /usr/bin/vncserver :2 (code=exited, status=0/SUCCESS)
Process: 89330 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill :2 > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
Main PID: 85425 (code=killed, signal=KILL)
Nov 17 15:07:07 single06 systemd[1]: Starting Remote desktop service (VNC)...
Nov 17 15:07:10 single06 systemd[1]: PID file /home/zhouyue/.vnc/single06:2.pid not readable (y...art.
Nov 17 15:07:10 single06 systemd[1]: Failed to start Remote desktop service (VNC).
Nov 17 15:07:10 single06 systemd[1]: Unit vncserver@:2.service entered failed state.
Nov 17 15:07:10 single06 systemd[1]: vncserver@:2.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
六、常见错误解决
1. vnc连上后蓝屏,无桌面
考虑为缺少桌面包所致,重新安装,即可成功连接
yum groupinstall -y "GNOME Desktop" "Graphical Administration Tools"