How to connect to a d2n VNC Session
- 1 Start a vncserver for yourself on a JLab machine (may already be done for you).
- 2 Build a tunnel from your machine through to jlabl4.jlab.org (where the vncserver is running)
- 3 Now tunnel the VNC port through the above SSH tunnel
- 4 Now run your vncviewer and connect to the VNC session
- 5 VNC Clients
Start a vncserver for yourself on a JLab machine (may already be done for you).
Terminology / Miscellaneous Notes
- I'll assume that we want the vncserver to be running on jlabl4.jlab.org below. Change jlabl4 to ifarm1802 or another machine if desired (ie. hcdesk1, ...).
- The VNC server has an index referred to as the Session or Display. Only one server can run on a given display. If the vncserver ... setup line below complains that the display/session is in use, pick a different number.
- In the example below I use 7
- Session 7 corresponds to port 5907. If you change the session number to X then replace port 5907 with port 5900+X below.
- You will need a 2-factor token to access machines inside the Accelerator fence through hallgw.jlab.org
Connect from offsite
This is a two-step process from within the same terminal:
% ssh <your-jlab-username>@login.jlab.org # if you want to connect to the ifarm1802 or jlablX -- OR -- % ssh <your-jlab-username>@hallgw.jlab.org # if you want to connect to a machine inside the Accelerator fence ... <your-jlab-username>@login.jlab.org's password: jlab14% ssh jlabL4 JLAB RedHat Enterprise Linux 6.4 installed on (...) jlabl4%
Configure the VNC Server
Run these two commands:
% vncpasswd Use a password that is *different* than your JLab password. Make it secure! % vncserver -geometry 1200x1000 :7 - You should see something like "New 'jlabl4:7 (<your-jlab-username>)' desktop is jlabl4:7" - The '-geometry 1200x1000' sets the screen size of the virtual session. If you want to try a different size, you need to kill the vncserver first as described below. Pick a size that is a little smaller than the display size on the computer you will usually work from.
The VNC session (and everything in it) will stay running even if you logout/disconnect unless jlabl4 is rebooted (rare), or you manually kill the vncserver with the command:
% vncserver -kill :7
- You only need to do the above step 'once' (unless the vncserver gets killed for some reason).
- You will need to set up the tunnel below every time you want to connect to the VNC session.
Build a tunnel from your machine through to jlabl4.jlab.org (where the vncserver is running)
In order to access the VNC server from offsite you need to build a tunnel so the VNC client on your machine can talk to the VNC server you set up above. (Normally that traffic is blocked by the firewall.)
This is done in two steps: first make a tunnel to pass ssh traffic between your machine and the destination machine, then use a second ssh session through the first tunnel to pass the VNC traffic.
Open a terminal window on your local computer and run:
% ssh <your-jlab-username>@login.jlab.org -L 2222:jlabl4.jlab.org:22
- Note: If your vncserver is running on a different machine, then replace 'jlabl4' with that computer’s name (ie. 'ifarm1802, hcdesk1, ...')
- Note: If ssh complains that port 2222 is in use, try again with a different 4 digit number. Replace 2222 with your new number below as well.
Now tunnel the VNC port through the above SSH tunnel
Open another terminal window on your local computer and run:
% ssh <your-jlab-username>@localhost -p 2222 -L 5907:localhost:5907
Now run your vncviewer and connect to the VNC session
Open another terminal window on your local computer and run: % vncviewer -Shared :7
- Make sure you include the '-Shared' option or you kick everyone else off.
- Get the session password from the person running the meeting.
If vncviewer and/or vncserver do not exist on your machine you will need to install them. There are a number of software programs available:
- xvnc4server / xvnc4client
- tigervnc-server / tigervnc-client
Mac OS X VNC client
- 'Chicken of the VNC' works well. It can be found here:
- RealVNC for OSX (https://www.realvnc.com/download/)
- First set up the tunnel chain as above in some terminal windows.
In the VNC login window: Host = localhost Display/Port = 7 -!-> Be sure to check the 'Shared Display' box
- RealVNC for Windows (https://www.realvnc.com/download/)
Connect to: localhost:7, or # a single ":" needs the only the display number 127.0.0.1:7, or localhost::5907, or # needs "::" to specify the exact port 127.0.0.1::5907
Connect to: localhost:7, or 127.0.0.1:7
Windows SSH tunnel process
A procedure for setting up the tunnels under Windows is outlined here: Monitoring_with_VNCViewer_for_Techs
- Replace hacweb2 with login.jlab.org (or hallgw.jlab.org)
- Replace the username hacuser with your JLab user name
- Replace the port 5901 and Session :1 with the VNC display/session number you are using.