How to connect to a d2n VNC Session

From Hall A Wiki
Revision as of 13:08, 11 October 2019 by Brads (Talk | contribs) (Windows)

Jump to: navigation, search

Start a vncserver for yourself on a JLab machine (may already be done for you).

Terminology / Miscellaneous Notes

  • I'll assume that we want the vncserver to be running on jlabl4.jlab.org below. Change jlabl4 to ifarm1802 or another machine if desired (ie. hcdesk1, ...).
  • The VNC server has an index referred to as the Session or Display. Only one server can run on a given display. If the vncserver ... setup line below complains that the display/session is in use, pick a different number.
    • In the example below I use 7
    • Session 7 corresponds to port 5907. If you change the session number to X then replace port 5907 with port 5900+X below.
  • You will need a 2-factor token to access machines inside the Accelerator fence through hallgw.jlab.org

Connect from offsite

This is a two-step process from within the same terminal: 

 % ssh <your-jlab-username>@login.jlab.org     # if you want to connect to the ifarm1802 or jlablX
   -- OR --
 % ssh <your-jlab-username>@hallgw.jlab.org    # if you want to connect to a machine inside the Accelerator fence
 ...
 <your-jlab-username>@login.jlab.org's password:
 jlab14% ssh jlabL4
 JLAB RedHat Enterprise Linux 6.4 installed on (...)
 jlabl4%

Configure the VNC Server

Run these two commands: 

 % vncpasswd
   Use a password that is *different* than your JLab password.  Make it secure!
 % vncserver -geometry 1200x1000 :7
 - You should see something like "New 'jlabl4:7 (<your-jlab-username>)' desktop is jlabl4:7"
 - The '-geometry 1200x1000' sets the screen size of the virtual session.  If
   you want to try a different size, you need to kill the vncserver
   first as described below.  Pick a size that is a little smaller than the
   display size on the computer you will usually work from.

Notes

The VNC session (and everything in it) will stay running even if you logout/disconnect unless jlabl4 is rebooted (rare), or you manually kill the vncserver with the command: 

 % vncserver -kill :7
  • You only need to do the above step 'once' (unless the vncserver gets killed for some reason).
  • You will need to set up the tunnel below every time you want to connect to the VNC session.

Build a tunnel from your machine through to jlabl4.jlab.org (where the vncserver is running)

In order to access the VNC server from offsite you need to build a tunnel so the VNC client on your machine can talk to the VNC server you set up above. (Normally that traffic is blocked by the firewall.)

This is done in two steps: first make a tunnel to pass ssh traffic between your machine and the destination machine, then use a second ssh session through the first tunnel to pass the VNC traffic.

Open a terminal window on your local computer and run: 

 % ssh <your-jlab-username>@login.jlab.org -L 2222:jlabl4.jlab.org:22
  • Note: If your vncserver is running on a different machine, then replace 'jlabl4' with that computer’s name (ie. 'ifarm1802, hcdesk1, ...')
  • Note: If ssh complains that port 2222 is in use, try again with a different 4 digit number. Replace 2222 with your new number below as well.

Now tunnel the VNC port through the above SSH tunnel

Open another terminal window on your local computer and run: 

 % ssh <your-jlab-username>@localhost -p 2222 -L 5907:localhost:5907

Now run your vncviewer and connect to the VNC session

 Open another terminal window on your local computer and run:
 % vncviewer -Shared :7
  • Make sure you include the '-Shared' option or you kick everyone else off.
  • Get the session password from the person running the meeting.

VNC Clients

Linux

If vncviewer and/or vncserver do not exist on your machine you will need to install them. There are a number of software programs available:

  • xvnc4server / xvnc4client
  • tigervnc-server / tigervnc-client
  • vinagre

Mac OS X VNC client

  • 'Chicken of the VNC' works well. It can be found here:
   http://sourceforge.net/projects/cotvnc/
  • First set up the tunnel chain as above in some terminal windows.
 In the VNC login window:
   Host           = localhost
   Display/Port   = 7
   -!-> Be sure to check the 'Shared Display' box

Windows

 Connect to:
   localhost:7, or    # a single ":" needs the only the display number
   127.0.0.1:7, or
   localhost::5907, or # needs "::" to specify the exact port
   127.0.0.1::5907

  Connect to:
    localhost:7, or
    127.0.0.1:7

Windows SSH tunnel process

A procedure for setting up the tunnels under Windows is outlined here: Monitoring_with_VNCViewer_for_Techs

  • Replace hacweb2 with login.jlab.org (or hallgw.jlab.org)
  • Replace the username hacuser with your JLab user name
  • Replace the port 5901 and Session :1 with the VNC display/session number you are using.
Retrieved from "https://hallaweb.jlab.org/wiki/index.php?title=How_to_connect_to_a_d2n_VNC_Session&oldid=37840"