How to connect to a d2n VNC Session

From Hall A Wiki
Revision as of 21:31, 13 May 2020 by Xiaochao (Talk | contribs) (Linux/MacOS SSH tunnel process)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Start a vncserver for yourself on a JLab machine (may already be done for you).

NOTE: Run the vncserver on the jlablX hosts only for now.  The ifarm nodes don't seem to have a complete software install anymore.

Terminology / Miscellaneous Notes

  • I'll assume that we want the vncserver to be running on below. Change jlabl4 to ifarm1802 or another machine if desired (ie. hcdesk1, ...).
  • The VNC server has an index referred to as the Session or Display. Only one server can run on a given display. If the vncserver ... setup line below complains that the display/session is in use, pick a different number.
    • In the example below I use 7
    • Session 7 corresponds to port 5907. If you change the session number to X then replace port 5907 with port 5900+X below.
  • You will need a 2-factor token to access machines inside the Accelerator fence through

Connect from offsite

This is a two-step process from within the same terminal:

 % ssh <your-jlab-username>     # if you want to connect to the ifarm1802 or jlablX
   -- OR --
 % ssh <your-jlab-username>    # if you want to connect to a machine inside the Accelerator fence
 <your-jlab-username>'s password:
 jlab14% ssh jlabL4
 JLAB RedHat Enterprise Linux 6.4 installed on (...)

Configure the VNC Server

Run these two commands (this is only done once):

 % vncpasswd
   Use a password that is *different* than your JLab password.  Make it secure!
 % vncserver -geometry 1200x1000 :7
 - You should see something like "New 'jlabl4:7 (<your-jlab-username>)' desktop is jlabl4:7"
 - The '-geometry 1200x1000' sets the screen size of the virtual session.  If
   you want to try a different size, you need to kill the vncserver
   first as described below.  Pick a size that is a little smaller than the
   display size on the computer you will usually work from.

NOTE: If you are able to connect, but you can't move windows around, etc. Then try the following:

Use a text editor to create or modify the file $HOME/.vnc/xstartup so it looks like this:

## Only _one_ of the start* lines below should be active, the other(s)
## must be commented out.
startxfce4     # will start xfce4
#startkde      # will start kde

Then make it executable:

% chmod a+x $HOME/.vnc/xstartup

And kill and restart your vncserver and you should have a working desktop/window manager.


The VNC session (and everything in it) will stay running even if you logout/disconnect unless jlabl4 is rebooted (rare), or you manually kill the vncserver with the command:

 % vncserver -kill :7
  • You only need to do the above step 'once' (unless the vncserver gets killed for some reason).
  • Please avoid opening more vnc servers than you need. To see what might be still running, do:
 % ls $HOME/.vnc/*.pid

which may return something like:


If you know those aren't working sessions, you can clean them up by

 % vncserver -kill :14
 % vncserver -kill :44
  • You will need to set up the tunnel below every time you want to connect to the VNC session.

Build a tunnel from your machine through to (where the vncserver is running)

In order to access the VNC server from offsite you need to build a tunnel so the VNC client on your machine can talk to the VNC server you set up above. (Normally that traffic is blocked by the firewall.)

Windows SSH tunnel process

A procedure for setting up the tunnels under Windows is outlined here: Monitoring_with_VNCViewer_for_Techs

  • Replace hacweb2 with (or
  • Replace the username hacuser with your JLab user name
  • Replace the port 5901 and Session :1 with the VNC display/session number you are using.

Linux/MacOS SSH tunnel process

Open a terminal window on your local computer and run:

 % ssh <your-jlab-username> -L
  • Note: If your vncserver is running on a different machine, then replace 'jlabl4' with that computer’s name (ie. 'ifarm1802 (if working), hcdesk1, ...')
  • Note: vncserver may not run correctly on ifarm180x (the window may appear like a black hole), instead use jlablx, open a terminal and ssh to ifarm instead.
  • Note: If ssh complains that port 2222 is in use, try again with a different 4 digit number. Replace 2222 with your new number below as well.

Now tunnel the VNC port through the above SSH tunnel

Open another terminal window on your local computer and run:

 % ssh <your-jlab-username>@localhost -p 2222 -L 5907:localhost:5907

Now run your vncviewer and connect to the VNC session

 Open another terminal window on your local computer and run:
 % vncviewer -Shared :7
  • Make sure you include the '-Shared' option or you kick everyone else off.
  • Get the session password from the person running the meeting.

VNC Clients


If vncviewer and/or vncserver do not exist on your machine you will need to install them. There are a number of software programs available:

  • xvnc4server / xvnc4client
  • tigervnc-server / tigervnc-client
  • vinagre

Mac OS X VNC client

  • 'Chicken of the VNC' works well. It can be found here:
  • First set up the tunnel chain as above in some terminal windows.
 In the VNC login window:
   Host           = localhost
   Display/Port   = 7
   -!-> Be sure to check the 'Shared Display' box


 Connect to:
   localhost:7, or    # a single ":" needs the only the display number, or
   localhost::5907, or # needs "::" to specify the exact port
  Connect to:
    localhost:7, or