Difference between revisions of "How to connect to a d2n VNC Session"

From Hall A Wiki
Jump to: navigation, search
(Update to use jlabl2, not jlabl3)
(Linux/MacOS SSH tunnel process)
 
(16 intermediate revisions by 3 users not shown)
Line 1: Line 1:
1) Build a tunnel from your machine through to jlabl3 (where the vncserver is running)
+
=== Start a vncserver for yourself on a JLab machine (may already be done for you). ===
  Open a terminal window on your local computer and run:
+
  % ssh <your-jlab-username>@login.jlab.org -L 2222:jlabl2.jlab.org:22
+
  
2) Now tunnel the vnc port through the tunnel from (1):
+
'''NOTE''': Run the vncserver on the '''jlablX''' hosts only for now.  The ifarm nodes don't seem to have a complete software install anymore.
   Open another terminal window on your local computer and run:
+
 
 +
==== Terminology / Miscellaneous Notes ====
 +
* I'll assume that we want the vncserver to be running on jlabl4.jlab.org below.  Change ''jlabl4'' to ''ifarm1802'' or another machine if desired (ie. hcdesk1, ...).
 +
* The VNC server has an index referred to as the ''Session'' or ''Display''.  Only one server can run on a given display.  If the ''vncserver ...'' setup line below complains that the display/session is in use, pick a different number.
 +
** In the example below I use ''7''
 +
** Session ''7'' corresponds to port ''5907''.  If you change the session number to X then replace port 5907 with port ''5900+X'' below.
 +
* You will need a 2-factor token to access machines inside the Accelerator fence through ''hallgw.jlab.org''
 +
** https://hallcweb.jlab.org/wiki/index.php/Logging_into_the_Hall_C_cluster
 +
 
 +
==== Connect from offsite ====
 +
This is a two-step process from within the same terminal:
 +
  % ssh <your-jlab-username>@login.jlab.org    # if you want to connect to the ifarm1802 or jlablX
 +
    -- OR --
 +
  % ssh <your-jlab-username>@hallgw.jlab.org    # if you want to connect to a machine inside the Accelerator fence
 +
  ...
 +
  <your-jlab-username>@login.jlab.org's password:
 +
  jlab14% ssh jlabL4
 +
  JLAB RedHat Enterprise Linux 6.4 installed on (...)
 +
  jlabl4%
 +
==== Configure the VNC Server ====
 +
Run these two commands (this is only done '''once'''):
 +
  % vncpasswd
 +
    Use a password that is *different* than your JLab password.  Make it secure!
 +
  % vncserver -geometry 1200x1000 :7
 +
  - You should see something like "New 'jlabl4:7 (<your-jlab-username>)' desktop is jlabl4:7"
 +
  - The '-geometry 1200x1000' sets the screen size of the virtual session.  If
 +
    you want to try a different size, you need to kill the vncserver
 +
    first as described below.  Pick a size that is a little smaller than the
 +
    display size on the computer you will usually work from.
 +
 
 +
'''NOTE: If you are able to connect, but you can't move windows around, etc. Then try the following:'''
 +
 
 +
Use a text editor to create or modify the file <code>$HOME/.vnc/xstartup</code> so it looks like this:
 +
 
 +
#!/bin/bash
 +
export VNCSESSION="$DISPLAY"
 +
## Only _one_ of the start* lines below should be active, the other(s)
 +
## must be commented out.
 +
startxfce4    # will start xfce4
 +
#startkde      # will start kde
 +
 
 +
Then make it executable:
 +
% chmod a+x $HOME/.vnc/xstartup
 +
 
 +
And kill and restart your vncserver and you should have a working desktop/window manager.
 +
 
 +
==== Notes ====
 +
The VNC session (and everything in it) will stay running even if you logout/disconnect unless jlabl4 is rebooted (rare), or you manually kill the vncserver with the command:
 +
  % vncserver -kill :7
 +
* '''You only need to do the above step 'once' (unless the vncserver gets killed for some reason).'''
 +
 
 +
* '''Please avoid opening more vnc servers than you need. To see what might be still running, do: '''
 +
  % ls $HOME/.vnc/*.pid
 +
which may return something like:
 +
  .vnc/jlabl4:14.pid
 +
  .vnc/jlabl4:44.pid
 +
If you know those aren't working sessions, you can clean them up by
 +
  % vncserver -kill :14
 +
  % vncserver -kill :44
 +
 
 +
* '''You ''will'' need to set up the tunnel below every time you want to connect to the VNC session.'''
 +
 
 +
=== Build a tunnel from your machine through to jlabl4.jlab.org (where the vncserver is running) ===
 +
In order to access the VNC server from offsite you need to build a tunnel so the VNC client on your machine can talk to the VNC server you set up above.  (Normally that traffic is blocked by the firewall.)
 +
 
 +
==== Windows SSH tunnel process ====
 +
A procedure for setting up the tunnels under Windows is outlined here:
 +
[[Monitoring_with_VNCViewer_for_Techs]]
 +
 
 +
* Replace '''hacweb2''' with '''login.jlab.org''' (or '''hallgw.jlab.org''')
 +
* Replace the username '''hacuser''' with your JLab user name
 +
* Replace the port '''5901''' and Session ''':1''' with the VNC display/session number you are using.
 +
 
 +
==== Linux/MacOS SSH tunnel process ====
 +
Open a terminal window on your local computer and run:
 +
   % ssh <your-jlab-username>@login.jlab.org -L 2222:jlabl4.jlab.org:22
 +
 
 +
* '''Note''': If your vncserver is running on a different machine, then replace 'jlabl4' with that computer’s name (ie. 'ifarm1802 (if working), hcdesk1, ...')
 +
* '''Note''': vncserver may not run correctly on ifarm180x (the window may appear like a black hole), instead use jlablx, open a terminal and ssh to ifarm instead.
 +
* '''Note''': If ssh complains that port 2222 is in use, try again with a different 4 digit number.  Replace 2222 with your new number below as well.
 +
 
 +
=== Now tunnel the VNC port through the above SSH tunnel ===
 +
Open another terminal window on your local computer and run:
 
   % ssh <your-jlab-username>@localhost -p 2222 -L 5907:localhost:5907
 
   % ssh <your-jlab-username>@localhost -p 2222 -L 5907:localhost:5907
  
3) Now run your vncviewer and connect to the vnc session
+
=== Now run your vncviewer and connect to the VNC session ===
 
   Open another terminal window on your local computer and run:
 
   Open another terminal window on your local computer and run:
 
   % vncviewer -Shared :7
 
   % vncviewer -Shared :7
  -!-> Make sure you include the '-Shared' option or you kick everyone else off.
+
* Make sure you include the '-Shared' option or you kick everyone else off.
  ---> The session password is 'cebaF111'
+
* Get the session password from the person running the meeting.
  
 +
= VNC Clients =
 +
== Linux ==
 +
If ''vncviewer'' and/or ''vncserver'' do not exist on your machine you will need to install them.  There are a number of software programs available:
 +
* xvnc4server / xvnc4client
 +
* tigervnc-server / tigervnc-client
 +
* vinagre
  
Mac OS X VNC client:
+
== Mac OS X VNC client ==
  'Chicken of the VNC' works well. It can be found here:
+
* 'Chicken of the VNC' works well. It can be found here:
 
     http://sourceforge.net/projects/cotvnc/
 
     http://sourceforge.net/projects/cotvnc/
  ---> First set up the tunnel chain as above in some terminal windows.
+
 
 +
* RealVNC for OSX (https://www.realvnc.com/download/)
 +
 
 +
* First set up the tunnel chain as above in some terminal windows.
 
   In the VNC login window:
 
   In the VNC login window:
 
     Host          = localhost
 
     Host          = localhost
Line 23: Line 112:
 
     -!-> Be sure to check the 'Shared Display' box
 
     -!-> Be sure to check the 'Shared Display' box
  
 +
== Windows ==
 +
* RealVNC for Windows (https://www.realvnc.com/download/)
 +
  Connect to:
 +
    localhost:7, or    # a single ":" needs the only the display number
 +
    127.0.0.1:7, or
 +
    localhost::5907, or # needs "::" to specify the exact port
 +
    127.0.0.1::5907
  
Windows:
+
* UltraVNC (https://www.uvnc.com/downloads/ultravnc.html)
  This can be done by using a couple of instances of PuTTY to handle the ssh
+
  Connect to:
  tunnels and then using UltraVNC to connect to the VNC session.
+
    localhost:7, or
  - I can write a walkthrough for this if there is demand but I'd prefer everyone
+
    127.0.0.1:7
    just switch to using a fully functional OS like linux. (I kid, I kid... ;-)
+

Latest revision as of 21:31, 13 May 2020

Start a vncserver for yourself on a JLab machine (may already be done for you).

NOTE: Run the vncserver on the jlablX hosts only for now.  The ifarm nodes don't seem to have a complete software install anymore.

Terminology / Miscellaneous Notes

  • I'll assume that we want the vncserver to be running on jlabl4.jlab.org below. Change jlabl4 to ifarm1802 or another machine if desired (ie. hcdesk1, ...).
  • The VNC server has an index referred to as the Session or Display. Only one server can run on a given display. If the vncserver ... setup line below complains that the display/session is in use, pick a different number.
    • In the example below I use 7
    • Session 7 corresponds to port 5907. If you change the session number to X then replace port 5907 with port 5900+X below.
  • You will need a 2-factor token to access machines inside the Accelerator fence through hallgw.jlab.org

Connect from offsite

This is a two-step process from within the same terminal: 

 % ssh <your-jlab-username>@login.jlab.org     # if you want to connect to the ifarm1802 or jlablX
   -- OR --
 % ssh <your-jlab-username>@hallgw.jlab.org    # if you want to connect to a machine inside the Accelerator fence
 ...
 <your-jlab-username>@login.jlab.org's password:
 jlab14% ssh jlabL4
 JLAB RedHat Enterprise Linux 6.4 installed on (...)
 jlabl4%

Configure the VNC Server

Run these two commands (this is only done once): 

 % vncpasswd
   Use a password that is *different* than your JLab password.  Make it secure!
 % vncserver -geometry 1200x1000 :7
 - You should see something like "New 'jlabl4:7 (<your-jlab-username>)' desktop is jlabl4:7"
 - The '-geometry 1200x1000' sets the screen size of the virtual session.  If
   you want to try a different size, you need to kill the vncserver
   first as described below.  Pick a size that is a little smaller than the
   display size on the computer you will usually work from.

NOTE: If you are able to connect, but you can't move windows around, etc. Then try the following:

Use a text editor to create or modify the file $HOME/.vnc/xstartup so it looks like this: 

#!/bin/bash
export VNCSESSION="$DISPLAY"
## Only _one_ of the start* lines below should be active, the other(s)
## must be commented out.
startxfce4     # will start xfce4
#startkde      # will start kde

Then make it executable: 

% chmod a+x $HOME/.vnc/xstartup

And kill and restart your vncserver and you should have a working desktop/window manager.

Notes

The VNC session (and everything in it) will stay running even if you logout/disconnect unless jlabl4 is rebooted (rare), or you manually kill the vncserver with the command: 

 % vncserver -kill :7
  • You only need to do the above step 'once' (unless the vncserver gets killed for some reason).
  • Please avoid opening more vnc servers than you need. To see what might be still running, do: 
 % ls $HOME/.vnc/*.pid

which may return something like: 

 .vnc/jlabl4:14.pid
 .vnc/jlabl4:44.pid

If you know those aren't working sessions, you can clean them up by 

 % vncserver -kill :14
 % vncserver -kill :44
  • You will need to set up the tunnel below every time you want to connect to the VNC session.

Build a tunnel from your machine through to jlabl4.jlab.org (where the vncserver is running)

In order to access the VNC server from offsite you need to build a tunnel so the VNC client on your machine can talk to the VNC server you set up above. (Normally that traffic is blocked by the firewall.)

Windows SSH tunnel process

A procedure for setting up the tunnels under Windows is outlined here: Monitoring_with_VNCViewer_for_Techs

  • Replace hacweb2 with login.jlab.org (or hallgw.jlab.org)
  • Replace the username hacuser with your JLab user name
  • Replace the port 5901 and Session :1 with the VNC display/session number you are using.

Linux/MacOS SSH tunnel process

Open a terminal window on your local computer and run: 

 % ssh <your-jlab-username>@login.jlab.org -L 2222:jlabl4.jlab.org:22
  • Note: If your vncserver is running on a different machine, then replace 'jlabl4' with that computer’s name (ie. 'ifarm1802 (if working), hcdesk1, ...')
  • Note: vncserver may not run correctly on ifarm180x (the window may appear like a black hole), instead use jlablx, open a terminal and ssh to ifarm instead.
  • Note: If ssh complains that port 2222 is in use, try again with a different 4 digit number. Replace 2222 with your new number below as well.

Now tunnel the VNC port through the above SSH tunnel

Open another terminal window on your local computer and run: 

 % ssh <your-jlab-username>@localhost -p 2222 -L 5907:localhost:5907

Now run your vncviewer and connect to the VNC session

 Open another terminal window on your local computer and run:
 % vncviewer -Shared :7
  • Make sure you include the '-Shared' option or you kick everyone else off.
  • Get the session password from the person running the meeting.

VNC Clients

Linux

If vncviewer and/or vncserver do not exist on your machine you will need to install them. There are a number of software programs available:

  • xvnc4server / xvnc4client
  • tigervnc-server / tigervnc-client
  • vinagre

Mac OS X VNC client

  • 'Chicken of the VNC' works well. It can be found here:
   http://sourceforge.net/projects/cotvnc/
  • First set up the tunnel chain as above in some terminal windows.
 In the VNC login window:
   Host           = localhost
   Display/Port   = 7
   -!-> Be sure to check the 'Shared Display' box

Windows

 Connect to:
   localhost:7, or    # a single ":" needs the only the display number
   127.0.0.1:7, or
   localhost::5907, or # needs "::" to specify the exact port
   127.0.0.1::5907

  Connect to:
    localhost:7, or
    127.0.0.1:7
Retrieved from "https://hallaweb.jlab.org/wiki/index.php?title=How_to_connect_to_a_d2n_VNC_Session&oldid=38761"