Difference between revisions of "How to connect to a d2n VNC Session"

From Hall A Wiki
Jump to: navigation, search
Line 1: Line 1:
1) Build a tunnel from your machine through to d2n.jlab.org (where the vncserver is running)
+
=== Start a vncserver for yourself on a JLab machine (may already be done for you). ===
  Open a terminal window on your local computer and run:
+
==== Terminology / Miscellaneous Notes ====
  % ssh <your-jlab-username>@login.jlab.org -L 2222:d2n.jlab.org:22
+
* I'll assume that we want the vncserver to be running on jlabl4.jlab.org below.  Change ''jlabl4'' to another machine if desired (ie. d2n, hcdesk1, ...).
 +
* The VNC server has an index referred to as the ''Session'' or ''Display''.  Only one server can run on a given display.  If the ''vncserver ...'' setup line below complains that the display/session is in use, pick a different number.
 +
** In the example below I use ''7''
 +
** Session ''7'' corresponds to port ''5907''.  If you change the session number to X then replace port 5907 with port ''5900+X'' below.
 +
* You will need a 2-factor token to access machines inside the Accelerator fence through ''hallgw.jlab.org''
 +
** https://hallcweb.jlab.org/wiki/index.php/Logging_into_the_Hall_C_cluster
  
'''Note''': If your vncserver is running on a different machine, then replace 'd2n' with that computer’s name (ie. 'jlabl4')
+
==== Connect from offsite ====
 +
This is a two-step process from within the same terminal:
 +
  % ssh <your-jlab-username>@login.jlab.org    # if you want to connect to the ifarm or jlablX
 +
    -- OR --
 +
  % ssh <your-jlab-username>@hallgw.jlab.org    # if you want to connect to a machine inside the Accelerator fence
 +
  ...
 +
  <your-jlab-username>@login.jlab.org's password:
 +
  jlab14% ssh jlabL4
 +
  JLAB RedHat Enterprise Linux 6.4 installed on (...)
 +
  jlabl4%
 +
==== Configure the VNC Server ====
 +
Run these two commands:
 +
  % vncpasswd
 +
    Use a password that is *different* than your JLab password.  Make it secure!
 +
  % vncserver -geometry 1200x1000 :7
 +
  - You should see something like "New 'jlabl4:7 (<your-jlab-username>)' desktop is jlabl4:7"
 +
  - The '-geometry 1200x1000' sets the screen size of the virtual session.  If
 +
    you want to try a different size, you need to kill the vncserver
 +
    first as described below.  Pick a size that is a little smaller than the
 +
    display size on the computer you will usually work from.
  
2) Now tunnel the vnc port through the tunnel from (1):
+
==== Notes ====
   Open another terminal window on your local computer and run:
+
The VNC session (and everything in it) will stay running even if you logout/disconnect unless jlabl4 is rebooted (rare), or you manually kill the vncserver with the command:
 +
  % vncserver -kill :7
 +
* '''You only need to do the above step 'once' (unless the vncserver gets killed for some reason).'''
 +
* '''You ''will'' need to set up the tunnel below every time you want to connect to the VNC session.'''
 +
 
 +
=== Build a tunnel from your machine through to jlabl4.jlab.org (where the vncserver is running) ===
 +
In order to access the VNC server from offsite you need to build a tunnel so the VNC client on your machine can talk to the VNC server you set up above.  (Normally that traffic is blocked by the firewall.)
 +
 
 +
This is done in two steps:  first make a tunnel to pass ssh traffic between your machine and the destination machine, then use a second ssh session through the first tunnel to pass the VNC traffic.
 +
 
 +
Open a terminal window on your local computer and run:
 +
   % ssh <your-jlab-username>@login.jlab.org -L 2222:jlabl4.jlab.org:22
 +
 
 +
* '''Note''': If your vncserver is running on a different machine, then replace 'jlabl4' with that computer’s name (ie. 'd2n, hcdesk1, ...')
 +
* '''Note''': If ssh complains that port 2222 is in use, try again with a different 4 digit number.  Replace 2222 with your new number below as well.
 +
 
 +
=== Now tunnel the VNC port through the above SSH tunnel ===
 +
Open another terminal window on your local computer and run:
 
   % ssh <your-jlab-username>@localhost -p 2222 -L 5907:localhost:5907
 
   % ssh <your-jlab-username>@localhost -p 2222 -L 5907:localhost:5907
  
3) Now run your vncviewer and connect to the vnc session
+
=== Now run your vncviewer and connect to the VNC session ===
 
   Open another terminal window on your local computer and run:
 
   Open another terminal window on your local computer and run:
 
   % vncviewer -Shared :7
 
   % vncviewer -Shared :7
  -!-> Make sure you include the '-Shared' option or you kick everyone else off.
+
* Make sure you include the '-Shared' option or you kick everyone else off.
  ---> Get the session password from the person running the meeting.
+
* Get the session password from the person running the meeting.
  
Mac OS X VNC client:
+
= VNC Clients =
  'Chicken of the VNC' works well. It can be found here:
+
== Linux ==
 +
If ''vncviewer'' and/or ''vncserver'' do not exist on your machine you will need to install them.  There are a number of software programs available:
 +
* xvnc4server / xvnc4client
 +
* tigervnc-server / tigervnc-client
 +
* vinagre
 +
 
 +
== Mac OS X VNC client ==
 +
* 'Chicken of the VNC' works well. It can be found here:
 
     http://sourceforge.net/projects/cotvnc/
 
     http://sourceforge.net/projects/cotvnc/
  ---> First set up the tunnel chain as above in some terminal windows.
+
 
 +
* RealVNC for OSX (https://www.realvnc.com/download/)
 +
 
 +
* First set up the tunnel chain as above in some terminal windows.
 
   In the VNC login window:
 
   In the VNC login window:
 
     Host          = localhost
 
     Host          = localhost
Line 24: Line 75:
 
     -!-> Be sure to check the 'Shared Display' box
 
     -!-> Be sure to check the 'Shared Display' box
  
RealVNC client (https://www.realvnc.com/download/)
+
== Windows ==
Connect to:
+
* RealVNC for Windows (https://www.realvnc.com/download/)
  localhost:7, or
+
  Connect to:
   127.0.0.1:7
+
    localhost:7, or   # a single ":" needs the only the display number
 +
    127.0.0.1:7, or
 +
    localhost::5907, or # needs "::" to specify the exact port
 +
    127.0.0.1::5907
 +
 
 +
* UltraVNC
 +
   Connect to:
 +
    localhost:7, or
 +
    127.0.0.1:7
  
Windows:
+
= Windows SSH tunnel process =
 
   This can be done by using a couple of instances of PuTTY to handle the ssh
 
   This can be done by using a couple of instances of PuTTY to handle the ssh
 
   tunnels and then using RealVNC or UltraVNC to connect to the VNC session.
 
   tunnels and then using RealVNC or UltraVNC to connect to the VNC session.
 
   - I can write a walkthrough for this if there is demand but I'd prefer everyone
 
   - I can write a walkthrough for this if there is demand but I'd prefer everyone
 
     just switch to using a fully functional OS like linux.  (I kid, I kid... ;-)
 
     just switch to using a fully functional OS like linux.  (I kid, I kid... ;-)

Revision as of 11:43, 3 September 2015

Start a vncserver for yourself on a JLab machine (may already be done for you).

Terminology / Miscellaneous Notes

  • I'll assume that we want the vncserver to be running on jlabl4.jlab.org below. Change jlabl4 to another machine if desired (ie. d2n, hcdesk1, ...).
  • The VNC server has an index referred to as the Session or Display. Only one server can run on a given display. If the vncserver ... setup line below complains that the display/session is in use, pick a different number.
    • In the example below I use 7
    • Session 7 corresponds to port 5907. If you change the session number to X then replace port 5907 with port 5900+X below.
  • You will need a 2-factor token to access machines inside the Accelerator fence through hallgw.jlab.org

Connect from offsite

This is a two-step process from within the same terminal:

 % ssh <your-jlab-username>@login.jlab.org     # if you want to connect to the ifarm or jlablX
   -- OR --
 % ssh <your-jlab-username>@hallgw.jlab.org    # if you want to connect to a machine inside the Accelerator fence
 ...
 <your-jlab-username>@login.jlab.org's password:
 jlab14% ssh jlabL4
 JLAB RedHat Enterprise Linux 6.4 installed on (...)
 jlabl4%

Configure the VNC Server

Run these two commands:

 % vncpasswd
   Use a password that is *different* than your JLab password.  Make it secure!
 % vncserver -geometry 1200x1000 :7
 - You should see something like "New 'jlabl4:7 (<your-jlab-username>)' desktop is jlabl4:7"
 - The '-geometry 1200x1000' sets the screen size of the virtual session.  If
   you want to try a different size, you need to kill the vncserver
   first as described below.  Pick a size that is a little smaller than the
   display size on the computer you will usually work from.

Notes

The VNC session (and everything in it) will stay running even if you logout/disconnect unless jlabl4 is rebooted (rare), or you manually kill the vncserver with the command:

 % vncserver -kill :7
  • You only need to do the above step 'once' (unless the vncserver gets killed for some reason).
  • You will need to set up the tunnel below every time you want to connect to the VNC session.

Build a tunnel from your machine through to jlabl4.jlab.org (where the vncserver is running)

In order to access the VNC server from offsite you need to build a tunnel so the VNC client on your machine can talk to the VNC server you set up above. (Normally that traffic is blocked by the firewall.)

This is done in two steps: first make a tunnel to pass ssh traffic between your machine and the destination machine, then use a second ssh session through the first tunnel to pass the VNC traffic.

Open a terminal window on your local computer and run:

 % ssh <your-jlab-username>@login.jlab.org -L 2222:jlabl4.jlab.org:22
  • Note: If your vncserver is running on a different machine, then replace 'jlabl4' with that computer’s name (ie. 'd2n, hcdesk1, ...')
  • Note: If ssh complains that port 2222 is in use, try again with a different 4 digit number. Replace 2222 with your new number below as well.

Now tunnel the VNC port through the above SSH tunnel

Open another terminal window on your local computer and run:

 % ssh <your-jlab-username>@localhost -p 2222 -L 5907:localhost:5907

Now run your vncviewer and connect to the VNC session

 Open another terminal window on your local computer and run:
 % vncviewer -Shared :7
  • Make sure you include the '-Shared' option or you kick everyone else off.
  • Get the session password from the person running the meeting.

VNC Clients

Linux

If vncviewer and/or vncserver do not exist on your machine you will need to install them. There are a number of software programs available:

  • xvnc4server / xvnc4client
  • tigervnc-server / tigervnc-client
  • vinagre

Mac OS X VNC client

  • 'Chicken of the VNC' works well. It can be found here:
   http://sourceforge.net/projects/cotvnc/
  • First set up the tunnel chain as above in some terminal windows.
 In the VNC login window:
   Host           = localhost
   Display/Port   = 7
   -!-> Be sure to check the 'Shared Display' box

Windows

 Connect to:
   localhost:7, or    # a single ":" needs the only the display number
   127.0.0.1:7, or
   localhost::5907, or # needs "::" to specify the exact port
   127.0.0.1::5907
  • UltraVNC
  Connect to:
    localhost:7, or
    127.0.0.1:7

Windows SSH tunnel process

 This can be done by using a couple of instances of PuTTY to handle the ssh
 tunnels and then using RealVNC or UltraVNC to connect to the VNC session.
 - I can write a walkthrough for this if there is demand but I'd prefer everyone
   just switch to using a fully functional OS like linux.  (I kid, I kid... ;-)