VNC

From DaqWiki
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

How to use VNC

How to install VNC on Mac

Previously, the MacOS applications "Chicken Of VNC" and "Chicken" could be used. They no longer seem to work with the SL6 Linux vnc server (reject password authentication).

Please use the vnc client distributed through mac ports (https://www.macports.org/): "sudo port install vnc"

This VNC client works the same as VNC on Linux, please follow the Linux instructions in the following text.

How to install VNC on Ubuntu

Ubuntu LTS 22.04:

  • apt install tigervnc-standalone-server

How to establish a VNC connection from SHAW to TRIUMF

  • on local machine, run "vncviewer -listen 5500" --- use whatever port number, leave this window open
  • on local machine, run "ssh -v -R daqubuntu.triumf.ca:5500:localhost:5500 olchansk@daqubuntu.triumf.ca", leave this window open
  • ssh olchansk@daqubuntu.triumf.ca --- in same window:
  • maybe reset the vnc password: "/bin/rm .vnc/passwd"
  • run "vncserver -geometry 1600x1000", from the output, remember the display number (":1" in this example), * run "vncconfig -display :1 -connect localhost:5500"
  • vncviewer should see the connection request and open a new graphics window with the VNC screen.
  • to close the connection, kill the local vnc client.
  • reconnect to the vnc server still running at CERN by restarting the vnc client (locally) and reissuing the "vncconfig -connect" command (on the remote machine at CERN).
  • to completely kill vnc, kill the local vnc client and kill Xvnc on the remote machine at TRIUMF

How to establish a VNC connection through the CERN firewall

Normally VNC requires direct TCP connectivity from server to client (or from client to server). In the presence of firewalls (i.e. on the CERN end) and NAT (i.e. on the residential ISP end) direct connection in either direction is impossible. One solution is to use an ssh reverse tunnel as described below.

X11 applications (i.e. ROOT) are very slow when running at CERN behind the CERN firewall using multiple ssh tunnels (one ssh tunnel to lxplus, second ssh tunnel to the experiment computer running your ROOT application). VNC is one solution to this problem. Performance of X11 applications (i.e. ROOT) is greatly improved because they render graphics locally to the local "screen" of the local VNC server, all running at CERN. To see this "screen", you connect to it remotely using a vnc client. Because the CERN firewall prevents normal use of VNC where the vnc client connects to the server using a password, you use a "reverse" connection, where you start the vnc client on your desktop computer and ask the vnc server running at CERN to connect to it, as described below.

In this example, we connect from a home PC ("local machine") to a VNC server running on alphadaq.cern.ch through an ssh reverse tunnel on ladd00.triumf.ca.

NOTE: the ssh "-R" switch only works if the sshd option "GatewayPorts yes" is set in /etc/ssh/sshd_config. It is usually disabled by default. To enable it, login as root, edit the file, restart sshd.

  • on local machine, run "vncviewer -listen 5500" --- use whatever port number, leave this window open
  • on local machine, run "ssh -v -R ladd00.triumf.ca:5500:localhost:5500 olchansk@ladd00.triumf.ca", leave this window, leave this window open
  • ssh lxplus.cern.ch, on lxplus, ssh alphadaq
  • on alphadaq, reset the vnc password: "/bin/rm .vnc/passwd"
  • on alphadaq, run "vncserver -geometry 1600x1000", from the output, remember the display number (":1" in this example), then run "vncconfig -display localhost:1 -connect ladd00.triumf.ca:5500" --- ladd00 and 5500 are the host name and port number where we run the reverse tunnel (the arguments to the ssh "-R" switch)
  • vncviewer should see the connection request and open a new graphics window with the VNC screen.
  • to close the connection, kill the local vnc client.
  • reconnect to the vnc server still running at CERN by restarting the vnc client (locally) and reissuing the "vncconfig -connect" command (on the remote machine at CERN).
  • to completely kill vnc, kill the local vnc client and kill Xvnc on the remote machine at CERN

If the local machine is not behind a NAT (from alphadaq "telnet localmachine 5500" gets a successful connection), the reverse ssh tunnel is not needed. Skip the "ssh -R" step and do "vncconfig -display localhost:1 -connect localmachine.triumf.ca:5500"

(THIS SECTION IS OBSOLETE) Start VNC client on MacOS

  • on local Mac, start the "chicken of vnc" application (UPDATE: use "chicken" app from http://sourceforge.net/projects/chicken/files)
  • under "Connection" menu, select "Listen for server", say "Start", note the port number (5500), you will use this instead of 9999 in the vncconfig example above.
  • find the Mac IP address (i.e. if on the Shaw network): start "preferences -> network", remember the IP address, you will use it instead of the client hostname in the vncconfig example above.
  • login to the target machine, start the vncserver as described above
  • tell vncserver to connect to the Mac using vncconfig as described above, in the "-connect hostname:port" incantation, use the IP address and port number you remembered above.

To connect from home using an ssh tunnel, do this:

NOTE: this will only work for local vnc connections. For remote vnc connections (Xvnc not running on the ssh gateway host), the sshd option "GatewayPorts yes" has to be set. This is disabled by default.

  • on home computer start the vnc viewer in the "listen for server" mode, as above. Take note of the port number (5500 in my case)
  • on home computer, run "ssh -R localhost:5500:localhost:5500 ladd00.triumf.ca", where 5500 is the vnc viewer port, ladd00 is the computer where we will run the vnc server. This establishes a reverse ssh tunnel (from ladd00 to home computer). Stay in this ssh window.
  • in the ssh connection to ladd00, run "vncserver", take note of the VNC display number (ladd00:5, in my case), then run "vncconfig -display localhost:5 -connect localhost:5500", where ":5" is the VNC display number, and "5500" is the vnc viewer port number.
  • a VNC viewer window should open connected to the vnc server on ladd00.

 

K.O.