Lines Matching full:vnc
22 x11vnc: a VNC server for real X displays
28 mouse) with any VNC viewer. In this way it plays the role for Unix/X11
33 server-side scaling; single port HTTPS/HTTP+VNC; Zeroconf service
42 the user does not need to memorize his VNC display/port number.
74 a USB memory stick for SSL/SSH VNC viewing from nearly any networked
88 SSH tunnels for VNC access.)
104 VNC (Virtual Network Computing) is a very useful network graphics
110 Some VNC links:
116 For Unix, the traditional VNC implementation includes a "virtual" X11
120 connects to Xvnc via the VNC client vncviewer from anywhere on the
123 The VNC protocol is in most cases better suited for remote connections
155 x11vnc", "emerge x11vnc", etc.) Similarly, have a VNC viewer (e.g.
202 13/05/2004 14:59:54 The VNC desktop is far-away:0
208 example) you now want to run a VNC viewer program. There are VNC
211 to connect to x11vnc (see the above VNC links under "Background:" on
227 the x11vnc side that is blocking remote access to the VNC port (e.g.
235 have to do Step 3 as you moved around. Be sure to use a VNC Password
247 the "VNC Terminal Server" entry.
251 connect a VNC Viewer through the SSH encrypted tunnel.
282 start their VNC viewers. For this usage mode the "-connect
294 For x11vnc one can tunnel the VNC protocol through an encrypted ssh
318 machine.) Use of a VNC password is also strongly recommended.
321 actually seems to improve interactive typing response via VNC!
324 VNC compression is not perfect, and so this may help a bit. However,
331 Some VNC viewers will do the ssh tunnelling for you automatically, the
428 VNC Ports and Firewalls: The above discussion was for configuring the
430 done for the default VNC port 5900:
431 Port 5900 -> 192.168.1.3, Port 5900 (VNC)
432 Port 5901 -> 192.168.1.4, Port 5900 (VNC)
438 The VNC displays to enter in the VNC viewer would be, say,
450 5944, to avoid a lot of port scans finding your VNC server. For 5944
455 VNC Viewer. The site http://www.whatismyip.com/ can help here.
481 cmd="x11vnc -display :$disp -localhost -rfbauth .vnc/passwd"
495 #2. Another method is to start the VNC viewer in listen mode
547 VNC password file: Also note in the #1. example script that the option
548 "-rfbauth .vnc/passwd" provides additional protection by requiring a
549 VNC password for every VNC viewer that connects. The vncpasswd or
568 One can also encrypt the VNC traffic using an SSL/TLS tunnel such as
570 -ssl openssl mode. A SSL-enabled Java applet VNC Viewer is also
586 SourceForge.net. I use libvncserver for all of the VNC aspects; I
601 VNC Viewers: To obtain VNC viewers for the viewing side (Windows, Mac
617 rx11vnc.pl that attempts to tunnel the vnc traffic through an ssh port
901 VNC Viewer packages for Unix, Mac OS X, and Windows have been created
933 * The included SSL enabled Java VNC Viewers now handle Mouse Wheel
977 * The SSL enabled Java VNC Viewer Makefile has been modified so that
1004 mode that allows redirection to other SSL enabled VNC servers
1021 from being downloaded successfully in single-port HTTPS/VNC inetd
1046 with VNC client's framebuffer update requests. Some broken VNC
1048 requests at VNC servers (regardless of whether they have received
1053 -allinput to keep up with these VNC clients at the expense of
1111 mode now supports multiple VNC viewers using the same VNC
1127 * Improved reliability of the Single Port SSL VNC and HTTPS java
1157 by default in the -ssl mode. VNC Viewers like vinagre,
1158 gvncviewer/gtk-vnc, the vencrypt package, SSVNC, and others
1161 (VeNCrypt's "*Plain" modes.) A similar but older VNC security type
1165 wraps the entire VNC connection in SSL (like HTTPS does for HTTP,
1167 certain point during the VNC handshake. Use -sslonly to disable
1174 SAVE", etc. and have the VNC viewer verify the cert.) The ANONTLS
1187 self-signed cert in "~/.vnc/certs/server.pem". Previously "-ssl"
1190 chance for the VNC Viewer side (e.g. SSVNC) to remember the cert
1196 the Java VNC Viewer. So, for example, the web browser URL
1208 select the VNC port (e.g. 5901) to listen on, and a few other
1248 * Reverse VNC connections via -connect work in the -find, -create
1250 * Reverse VNC connections (either normal or SSL) can use a Web Proxy
1254 * Reverse VNC connections via the UltraVNC repeater proxy (either
1257 repeater://host:port+ID:NNNN" notation. The SSVNC VNC viewer also
1270 * The -autoport options gives more control over the VNC port x11vnc
1291 buffer/cache area for pixel data. The VNC CopyRect encoding is
1306 * If UltraVNC file transfer or chat is detected, then VNC clients
1318 ultravnc filetransfer, and so can be used as a VNC viewer on Unix
1321 ultra.vnc.) The signed applet SignedUltraViewerSSL.jar version
1322 (pointed to by ultrasigned.vnc) will be needed to access the local
1326 * A new Unix username login mode for VNC Viewers authenticated via a
1332 modes if you are also have set up and use VNC Client SSL
1335 if the VNC Viewer is authenticated via a Client SSL Certificate,
1341 * VNC Service advertising via mDNS / ZeroConf / BonJour with the
1347 VNC server.
1350 * Reverse VNC connections (viewer listening) now work in SSL (-ssl)
1372 * x11vnc can act as a VNC reflector/repeater using the "-reflect
1373 host:N" option. Instead of polling an X display, the remote VNC
1374 Server host:N is connected to and re-exported via VNC. This is
1376 classroom or large demo) VNC viewers where bandwidth and other
1382 * The "-N" option couples the VNC Display number to the X Display
1383 number. E.g. if your X DISPLAY is :2 then the VNC display will be
1407 * The -sslverify option allows for authenticating VNC clients via
1411 * An SSL enabled Java applet VNC Viewer applet is provided by x11vnc
1414 SSL.) (one can use the VNC port, e.g. https://host:5900/, or also
1437 before exporting via VNC. This is intended for use on handhelds
1460 continuously. It is a server in the sense that it is a VNC server that
1461 VNC viewers on the network can connect to and view the screen
1474 is one place where the X protocol has an advantage over the VNC
1492 in the output. 5900 is the default VNC listening port (just like 6000
1499 the VNC display number to the X display. (also see the "SunRay
1504 server-side scaling, and -rfbauth passwd-file to use VNC password
1513 connected VNC viewers. A number of applications do similar things,
1556 -scrollcopyrect and -wireframe speedups using the CopyRect VNC
1679 Q-6: Where can I get a VNC Viewer binary (or source code) for the
1692 default VNC port (5900)?
1694 Q-11: My Firewall/Router doesn't allow VNC Viewers to connect to
1697 Q-12: Is it possible for a VNC Viewer and a VNC Server to connect to
1704 Q-14: Sometimes when a VNC viewer dies abruptly, x11vnc also dies with
1710 Q-16: KDE's krdc VNC viewer cannot connect to x11vnc.
1716 minutes the VNC connection freezes.
1783 Q-34: How do I create a VNC password for use with x11vnc?
1788 Q-36: Can I have two passwords for VNC viewers, one for full access
1795 limit the set of Unix usernames who can connect to the VNC desktop?
1801 Q-40: Why does x11vnc exit as soon as the VNC viewer disconnects? And
1802 why doesn't it allow more than one VNC viewer to connect at the same
1805 Q-41: Can I limit which machines incoming VNC clients can connect
1824 incoming VNC client should be accepted or not? Can I decide to make
1839 disconnect the VNC viewer?
1854 Q-54: How do I use VNC Viewers with built-in SSL tunneling?
1856 Q-55: How do I use the Java applet VNC Viewer with built-in SSL
1876 Q-61: Can I have x11vnc advertise its VNC service and port via mDNS /
1877 Zeroconf (e.g. Avahi) so VNC viewers on the local network can detect
1887 Q-64: How do I make x11vnc work with the Java VNC viewer applet in a
1890 Q-65: Are reverse connections (i.e. the VNC server connecting to the
1891 VNC viewer) using "vncviewer -listen" and vncconnect(1) supported?
1957 Q-85: Can I take advantage of the TightVNC extension to the VNC
1978 Danish "dk") and the -modtweak mode works well if the VNC viewer is
1980 the VNC viewer on Unix/Linux with a different keyboard (e.g. "us") or
1995 machine where I run the VNC viewer does not. Is there a way I can map
2000 diamonds. The machine where I run the VNC viewer only has Alt keys.
2009 Q-98: How can I get Caps_Lock to work between my VNC viewer and
2035 reflect the screen that the VNC viewers see? (e.g. for a handheld
2038 Q-106: Why is the view in my VNC viewer completely black? Or why is
2045 VNC viewer connecting to x11vnc is either completely black or
2063 [Exporting non-X11 devices via VNC]
2066 controlled) via VNC with x11vnc?
2068 Q-113: Can I export the Linux Console (Virtual Terminals) via VNC
2071 Q-114: Can I export via VNC a Webcam or TV tuner framebuffer using
2074 Q-115: Can I connect via VNC to a Qt-embedded/Qt-enhanced/Qtopia
2082 Q-117: Now that non-X11 devices can be exported via VNC using x11vnc,
2091 Q-120: Can x11vnc be used as a VNC reflector/repeater to improve
2092 performance for the case of a large number of simultaneous VNC viewers
2113 reverse vnc connection from their Unix desktop to a helpdesk
2114 operator's VNC Viewer.
2216 connections in on a port. E.g. 5900 (default VNC port) or 22 (default
2217 SSH port for tunnelling VNC.) Most systems these days have firewalls
2458 up the Java VNC Viewer jar file (either SSL enabled or regular one),
2464 Q-6: Where can I get a VNC Viewer binary (or source code) for the
2467 To obtain VNC viewers for the viewing side (Windows, Mac OS, or Unix)
2495 x11vnc -wait 50 -localhost -rfbauth $HOME/.vnc/passwd -display :0 $*
2506 rfbauth /home/fred/.vnc/passwd
2552 which also prompts for which VNC port to use and a couple other
2557 default VNC port (5900)?
2560 port 5901 (this is VNC display :1.) If something else is using that
2565 for the VNC display number to enter into the VNC Viewer(s).
2567 The "-N" option will try to match the VNC display number to the X
2568 display (e.g. X11 DISPLAY of :5 (port 6005) will have VNC display :5
2575 Q-11: My Firewall/Router doesn't allow VNC Viewers to connect to
2581 Q-12: Is it possible for a VNC Viewer and a VNC Server to connect to
2596 on the relay machine as the VNC port for the rendezvous.
2598 A way to rendezvous is to have the VNC Server start a reverse
2602 and the VNC viewer forward connects as usual:
2634 command to use for forward (VNC Viewer) and reverse (VNC Server, i.e.
2668 Set up the Tunnel from the VNC Server side:
2671 Set up the Tunnel from the VNC Viewer side:
2674 Run Server on the VNC Server side:
2677 Run Viewer on the VNC Viewer side:
2684 option GatewayPorts=yes, then the tunnel set up by the VNC Server will
2685 be reachable directly by the VNC viewer (as long as the SSH machine's
2695 the VNC Server side:
2700 To automate on the VNC Viewer side, the user can use the Enhanced
2703 * Entering user@third-machine.net:33 into 'VNC Host:Display' entry
2724 Q-14: Sometimes when a VNC viewer dies abruptly, x11vnc also dies with
2745 Q-16: KDE's krdc VNC viewer cannot connect to x11vnc.
2762 minutes the VNC connection freezes.
2786 * -DVNCSHARED to have the vnc display shared by default.
2856 just want to avoid VNC and use x2x for that.
3012 32bpp view is exported via VNC.
3159 been supplied) from the VNC server, and translates that to 24bpp
3253 connect to a VNC server somewhere, then performance would be best if
3265 The Sun Ray technology is a bit like "VNC done in hardware" (the Sun
3331 Q-34: How do I create a VNC password for use with x11vnc?
3333 You may already have one in $HOME/.vnc/passwd if you have used, say,
3349 you will be prompted for a password to save to ~/.vnc/passwd (your
3356 (i.e. not obscured like the -rfbauth VNC passwords) password options.
3359 you have in ~/.vnc/passwd or ~/.vnc/passwdfile (the latter is used
3365 ~/.vnc/passwd. If a password file cannot be found or created x11vnc
3376 ~/.vnc/passwd:
3378 Enter VNC password:
3380 Write password to /home/myname/.vnc/passwd? [y]/n
3381 Password written to: /home/myname/.vnc/passwd
3387 Q-36: Can I have two passwords for VNC viewers, one for full access
3405 option (standard VNC password storing mechanism.) FWIW, note that
3406 although the output (usually placed in $HOME/.vnc/passwd) by the
3410 plain text passwords from $HOME/.vnc/passwd since it is very
3411 straight-forward to work out what to do from the VNC source code.
3426 limit the set of Unix usernames who can connect to the VNC desktop?
3428 outside of the VNC protocol and libvncserver. The standard su(1)
3465 Until the VNC protocol and libvncserver support this things will be
3483 traditional way would be to further require a VNC password to supplied
3485 VNC password is. A scheme that avoids a second password involves using
3583 the -accept where an external program may be run to decide if a VNC
3586 proceeds to the normal VNC and x11vnc authentication methods,
3589 To provide more direct coupling to the VNC client's username and/or
3600 supplied to the VNC viewer and the strings the client returns are then
3602 the command returns success, i.e. exit(0), the VNC client is accepted,
3611 VNC challenge-response dialog with the VNC client. x11vnc sends out a
3612 string of random bytes (16 by the VNC spec) and the client returns the
3614 authorized user could have created. The VNC protocol specifies DES
3615 encryption with a password. If you are willing to modify the VNC
3620 your command then returns success, i.e. exit(0), the VNC client is
3628 Q-40: Why does x11vnc exit as soon as the VNC viewer disconnects? And
3629 why doesn't it allow more than one VNC viewer to connect at the same
3642 VNC password protection (or -passwdfile) It is up to YOU to apply
3646 Q-41: Can I limit which machines incoming VNC clients can connect
3678 is "vnc", e.g.:
3679 vnc: 192.168.100.3 .example.com
3729 incoming VNC client should be accepted or not? Can I decide to make
3784 times out after 60 seconds the screen is locked and the VNC client is
3789 # VNC connection. If timeout expires, screen is locked
3790 # and the VNC viewer is accepted (allows remote access
3825 only after the VNC client has been accepted and authenticated. Like
3860 obviously not bulletproof): when a VNC client attaches to x11vnc put
3876 exit via the -gone option (the vnc client user should obviously
3893 disconnect the VNC viewer?
3906 unlock the screen after the first valid VNC login and to lock the
3907 screen after the last valid VNC login disconnects:
3946 See the description earlier on this page on how to tunnel VNC via SSH
3960 Above we described how to tunnel VNC via SSH from Unix to Unix, you
3973 * Finally, start up your VNC Viewer in Windows and enter
3974 'localhost:0' as the VNC server.
3995 As discussed above another option is to first start the VNC viewer in
4021 any VNC (or other type of) server.
4030 the VNC viewer machine pointing it to the SSL/x11vnc server.
4033 * Finally, start the VNC Viewer and tell it to connect to the local
4034 port (e.g. a vnc display localhost:0) where its outgoing SSL
4052 SSL Viewers: Next, on the VNC viewer side we need an SSL tunnel to
4065 Be sure to use a VNC password because unlike ssh by default the
4088 pointing the VNC viewer to localhost:2).
4130 SSL VNC Viewers:
4132 Regarding VNC viewers that "natively" do SSL unfortunately there do
4135 versions of VNC seem to have some SSL-like encryption built in, but we
4137 (proprietary) SSL-like negotiation is likely embedded in the VNC
4142 -ssl is enabled. It will also be served via HTTPS via either the VNC
4145 In general current SSL VNC solutions are not particularly "seemless".
4149 running stunnel on the VNC viewer side on Unix a little more carefully
4195 The SSL VNC desktop is: far-away.east:0
4205 tunnel extension to the VNC protocol. The older ANONTLS method (vino)
4211 vncs://hostname if vnc://hostname indicates a standard unencrypted VNC
4213 http://hostname. The entire VNC session goes through the SSL tunnel.
4214 VeNCrypt, on the other hand, switches to SSL/TLS early in the VNC
4219 SSL VNC Viewers:. Viewer-side will need to use SSL as well. See the
4220 next FAQ and here for SSL enabled VNC Viewers, including SSVNC, to
4237 creating your own Certificate Authority (CA) for signing VNC server
4249 in the default directory ~/.vnc/certs/ as server.crt (the certificate
4251 the possibility of copying the server.crt to machines where the VNC
4252 Viewer will be run to enable authenticating the x11vnc SSL VNC server
4276 Note: If you serve up the SSL enabled Java VNC Viewer via something
4299 The VNC desktop is: localhost:50
4300 The SSL VNC desktop is: far-away.east:0
4305 SSL-wrapped VNC connections from viewers. x11vnc is listening for
4314 Q-54: How do I use VNC Viewers with built-in SSL tunneling?
4316 Notes on using "native" VNC Viewers with SSL:
4318 There aren't any native VNC Viewers that do SSL (ask your VNC viewer
4320 point the VNC Viewer to. This is often STUNNEL. You can do this
4323 next section for Java Web browser SSL VNC Viewers (you only need a
4326 Notes on the SSL enabled Java VNC Viewer provided in x11vnc
4329 A Java applet VNC Viewer allows you to connect to a VNC Server from a
4332 The SSL enabled Java VNC Viewer (VncViewer.jar) in the x11vnc package
4347 opposed to only the VNC traffic being encrypted with SSL.)
4352 The SSL VNC desktop is: far-away.east:0
4359 could point the web browser at to get the VNC viewer applet. E.g. put
4376 The https service provided thru the actual VNC port (5900 in the above
4378 input and try to guess if the connection is VNC or HTTP.) If it is
4386 This will have the VNC Viewer send a special HTTP GET string "GET
4387 /request.https.vnc.connection HTTP/1.0" that x11vnc will notice more
4388 quickly as a request for a VNC connection. Otherwise it must wait for
4389 a timeout to expire before it assumes a VNC connection.
4392 to /request.https.vnc.connection". Perhaps you are using a web server
4406 Unfortunately, it can be a little tricky getting the SSL VNC Java
4419 the Java Applet jar file and VNC out of the same port (both
4434 * Step Lively: If you get Browser or Java VM or VNC Viewer applet
4463 (some users do it this way), the main thing is that the VNC traffic is
4474 different protocols (HTTP and VNC) through the same SSL service port.
4481 that, maybe test that through another VNC session.)
4492 facing port is different from the internal machine's VNC port, you
4521 certificate when it downloads index.vnc.
4534 connection is VNC instead of the HTTPS it actually is (but since you
4542 for HTTPS connections instead of sharing the VNC port.
4552 Notes on the VNC Viewer ss_vncviewer wrapper script:
4554 If you want to use a native VNC Viewer with the SSL enabled x11vnc you
4556 not seem to be any native SSL VNC Viewers outside of our x11vnc and
4585 created by "x11vnc -ssl SAVE" and safely copied to the VNC viewer
4588 The fourth one is for VNC Viewer authentication, it uses ./client.pem
4607 Q-55: How do I use the Java applet VNC Viewer with built-in SSL
4609 The SSL enabled Java VNC Viewer and firewall Proxies:
4628 be redirected to the originating host (the x11vnc VNC Server.) SSL is
4631 To do this you should use the proxy.vnc HTML file like via this URL in
4633 https://yourmachine.com:5900/proxy.vnc
4636 gives the default index.vnc)
4648 listening on port 443, you will probably need to edit proxy.vnc.
4650 change the line in proxy.vnc from:
4661 https://yourmachine.com/proxy.vnc?PORT=443
4667 https://yourmachine.com/proxy.vnc?GET=1&PORT=443
4685 It is discussed here. This SSL VNC portal provides a clean alternative
4691 this Apache VNC SSL portal method does (as long as desktop.cgi's 'port
4735 x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg
4746 configured to allow connections in on a port. E.g. 5900 (default VNC
4747 port) or 22 (default SSH port for tunnelling VNC.) Most systems these
4795 You next connect to x11vnc with a VNC viewer, give your username and
4827 (delays for 120 seconds after the VNC connection; you have that long
4838 Please consider the security implications of this! The VNC display for
4874 /usr/local/bin/x11vnc -rfbauth /path/to/the/vnc/passwd -o /var/log/x11vnc.log
4884 You may also want to force the VNC port with something like "-rfbport
4892 1vnc.log
4933 x11vnc -forever -rfbauth /home/xyz/.vnc/passwd -bg -o /var/log/x11vnc.log
4952 configured to allow connections in on a port. E.g. 5900 (default VNC
4953 port) or 22 (default SSH port for tunnelling VNC.) Most systems these
4971 -rfbauth /home/fred/.vnc/passwd -o /var/log/x11vnc_sh.log
4975 inetd (otherwise the standard error also goes to the VNC vncviewer,
5012 connecting to it. Always use a VNC password to further protect against
5072 Q-61: Can I have x11vnc advertise its VNC service and port via mDNS /
5073 Zeroconf (e.g. Avahi) so VNC viewers on the local network can detect
5087 The service was tested with Chicken of the VNC ("Use Bonjour"
5115 Also with inetd(8) users always connect to a fixed VNC display, say
5116 hostname:0, and do not need to memorize a special VNC display number
5125 The -display WAIT option makes x11vnc wait until a VNC viewer is
5186 /usr/local/bin/x11vnc -inetd -users =fred -find -rfbauth /home/fred/.vnc/pass
5190 then find his X display. The VNC password (-rfbauth) as opposed to
5191 Unix password (-unixpw) is used to authenticate the VNC client.
5241 Tip: In addition to the usual unixpw parameters, inside the VNC viewer
5257 HTTPS or VNC.)
5327 Local access (VNC Server and VNC Viewer on the same machine): To
5333 vncviewer -geometry +0+0 -encodings raw -passwd $HOME/.vnc/passwd localhost:5
5338 vncviewer -FullScreen -PreferredEncoding raw -passwd $HOME/.vnc/passwd localhos
5342 simply runs only the VNC Viewer on the real X server. The Viewer then
5367 will remain running after you disconnect the VNC viewer and will be
5368 found again on reconnecting via VNC and logging in. To terminate them
5370 does not have to memorize which VNC display number is his. They all go
5389 Q-64: How do I make x11vnc work with the Java VNC viewer applet in a
5392 To have x11vnc serve up a Java VNC viewer applet to any web browsers
5396 (this directory will contain the files index.vnc and, for example,
5406 14/05/2004 11:13:56 The VNC desktop is walnut:0
5410 free to customize the default index.vnc file in the classes directory.
5424 the proxy and ask for the redirection to the VNC server. One way to do
5425 this is to use the signed SSL one referred to in classes/ssl/proxy.vnc
5430 Q-65: Are reverse connections (i.e. the VNC server connecting to the
5431 VNC viewer) using "vncviewer -listen" and vncconnect(1) supported?
5434 the VNC viewer in listen mode: "vncviewer -listen" (see your
5438 to.) The ":port" is optional (default is VNC listening port is 5500.)
5455 auth has been enabled, e.g. via -rfbauth, -passwdfile, etc.) Many VNC
5461 VNC package at www.realvnc.com) specify the -vncconnect option to
5484 (AllowCONNECT apache setting) or the VNC viewer listens on one of
5519 serve the script to avoid unix and vnc passwords from being sent in
5522 By default it uses a separate VNC port for each user desktop (either
5535 running SSL enabled VNC servers. This provides much of the
5543 virtual X sessions via VNC, Xvnc should give the fastest response.)
5565 This starts up a 16bpp virtual display. To export it via VNC use
5568 Then have the remote vncviewer attach to x11vnc's VNC display (e.g. :0
5640 Local access (VNC Server and VNC Viewer on the same machine): You use
5641 a VNC viewer to access the display remotely; to access your virtual X
5646 vncviewer -geometry +0+0 -encodings raw -passwd $HOME/.vnc/passwd localhost:5
5648 The display numbers (VNC and X) will likely be different (you could
5653 vncviewer -FullScreen -PreferredEncoding raw -passwd $HOME/.vnc/passwd localhos
5657 simply runs only the VNC Viewer on the real X server. The Viewer then
5683 the network via a VNC viewer.
5697 various test machines over the network via VNC. The advantage to
5852 VNC viewer parameters:
5866 * Try other VNC encodings via -encodings (tight may be the fastest,
5880 * Enforce a solid background when VNC viewers are connected via
6015 using VNC.
6033 however the VNC protocol is pretty much self-adapting with respect to
6055 (try to get the viewers to use different VNC encodings, e.g. tight and
6147 all connected VNC viewers to locally translate the window image data
6149 animation is done. This speedup is the VNC CopyRect encoding: the
6215 modified Xvfb watching for CopyRect and other VNC speedups. A
6255 VNC-viewer may have its own screen refresh hot-key or button. See
6322 local viewer-side VNC encoding; is used to swap the pixel data in and
6325 (often it doesn't feel like VNC at all: there is no delay waiting for
6329 VNC protocol, and so it works with all VNC viewers.
6332 shared) client-side caching is that one needs to extend the VNC
6334 modified VNC Viewer (or get the new features to be folded into the
6335 main VNC viewers, patches accepted, etc... likely takes many years
6337 the "-ncache n" works with any unaltered VNC viewer.
6339 A drawback of the "-ncache n" method is that in the VNC Viewer you can
6343 will need to try to adjust the size of his VNC Viewer window so the
6392 with all VNC viewers and also ease of implementing. Hopefully it can
6393 be tuned to use less, or the VNC community will extend the protocol to
6421 Gotcha for older Unix VNC Viewers: The older Unix VNC viewers (e.g.
6435 No problems like this have been observed with Windows VNC Viewers:
6438 Gotcha for KDE krdc VNC Viewer: One user found that KDE's krdc viewer
6447 improving VNC performance by client side caching.
6556 approximated to opaque RGB values for use in VNC. There are some
6558 when the VNC Viewer requires the cursor shape be drawn into the VNC
6559 framebuffer or if you apply a patch to your VNC Viewer to extract
6580 =< a =< 1), with similar for Green and Blue. The VNC protocol does not
6626 used for VNC clients that do not support the CursorShapeUpdates VNC
6629 drawn, correctly blended with the background, into the VNC framebuffer
6634 The CursorShapeUpdates VNC extension complicates matters because the
6635 cursor shape is sent to the VNC viewers supporting it, and the viewers
6638 VNC protocol.
6642 circumstances. This hack is outside of the VNC protocol. It requires
6664 the local VNC viewer. You may disable it with the -nocursor option to
6673 Q-85: Can I take advantage of the TightVNC extension to the VNC
6678 Use the -cursorpos option when starting x11vnc. A VNC viewer must
6694 map all of the VNC client mouse buttons to it via: -buttonmap 123-111.
6707 As an example, suppose the VNC viewer machine has a mouse wheel (these
6800 receives the "<" keysym over the wire from the remote VNC client, it
6863 Danish "dk") and the -modtweak mode works well if the VNC viewer is
6865 the VNC viewer on Unix/Linux with a different keyboard (e.g. "us") or
6871 Windows VNC viewer sends those two down keystrokes out on the wire to
6872 the VNC server, but when the user types the next key to get, e.g., "@"
6873 the Windows VNC viewer sends events bringing the up the
6876 The Unix/Linux VNC viewer on a "us" keyboard does a similar thing
6878 sent to the VNC server.
6880 In both cases no AltGr is sent to the VNC server, but we know AltGr is
6926 XKEYBOARD problem. What was happening was the VNC viewer was
6938 What to do? In general the VNC protocol has not really solved this
6939 problem: what should be done if the VNC viewer sends a keysym not
6940 recognized by the VNC server side? Workarounds can possibly be
6951 unknown Keysyms coming in from VNC viewers to unused Keycodes in
6955 is received from a VNC viewer, and only after that would
6970 autorepeating because that is taken care of on your VNC viewer side.
6993 the default.) Note that with X server autorepeat turned off the VNC
7030 This happens for VNC in general by the following mechanism. Suppose on
7041 left-hand side of the keyboard.) Your local desktop (where the VNC
7056 Note that many VNC Viewers try to guard against this when they are
7058 When it receives the "lost focus" event, the viewer sends VNC
7087 machine where I run the VNC viewer does not. Is there a way I can map
7103 diamonds. The machine where I run the VNC viewer only has Alt keys.
7151 As an example, consider a laptop where the VNC viewer is run that has
7165 Q-98: How can I get Caps_Lock to work between my VNC viewer and
7260 Another issue is that it appears VNC viewers require the screen width
7303 to split the big screen into two and used two VNC viewers to access
7339 separate VNC viewer processes connecting to them. e.g. on the remote
7362 rectangle of width W, height H and offset (X, Y). Thus the VNC screen
7382 If the connected vnc viewers support the NewFBSize VNC extension
7391 If you specify "-xrandr newfbsize" then vnc viewers that do not
7398 reflect the screen that the VNC viewers see? (e.g. for a handheld
7405 Q-106: Why is the view in my VNC viewer completely black? Or why is
7415 VNC viewer connecting to x11vnc is either completely black or
7476 option to keep the Monitor out of low power state while VNC clients
7499 using VNC.
7560 [Exporting non-X11 devices via VNC]
7563 controlled) via VNC with x11vnc?
7705 memory and you just wanted to look at it via VNC.)
7813 Q-113: Can I export the Linux Console (Virtual Terminals) via VNC
7858 Q-114: Can I export via VNC a Webcam or TV tuner framebuffer using
7896 opposed to 32bpp.) Since this can cause problems with VNC viewers,
7902 network bandwidth consumption for the VNC traffic and also local CPU
7967 settings through the VNC Viewer via keystrokes.
7998 Q-115: Can I connect via VNC to a Qt-embedded/Qt-enhanced/Qtopia
8052 Note that Qt-embedded supplies its own VNC graphics driver, but it
8053 cannot do both the Linux console framebuffer and VNC at the same time,
8054 which is often what is desired from VNC.
8102 Q-117: Now that non-X11 devices can be exported via VNC using x11vnc,
8243 do script with command "$HOME/x11vnc -rfbauth .vnc/passwd -ssl SAVE"
8254 command for you.) Then once you are connected via VNC, iconify the
8276 Q-120: Can x11vnc be used as a VNC reflector/repeater to improve
8277 performance for the case of a large number of simultaneous VNC viewers
8281 to the VNC server "host:N" (either another x11vnc or any other VNC
8282 server) and re-export it. VNC viewers then connect to the x11vnc(s)
8285 The -reflect option is the same as: "-rawfb vnc:host:N". See the
8286 -rawfb description under "VNC HOST" for more details.
8317 Where "S" is the original VNC Server, "C" denote VNC viewer clients,
8344 re-exports via VNC to its clients C.) However, CopyRect and
8351 http://sourceforge.net/projects/vnc-reflector/,
8377 (or instruct a non-x11vnc VNC server to reverse connect to the
8431 to connect via a vnc viewer and continue the install. Watch out for
8436 connection to the hostname running the VNC viewer in listen mode.
8451 virtual console. You should be able to connect via a VNC viewer and
8473 install console. You should be able to connect via a VNC viewer and
8481 As of Jan/2004 x11vnc supports the "CutText" part of the RFB (aka VNC)
8483 polling it will be sent to connected VNC viewers. And when CutText is
8484 received from a VNC viewer then x11vnc will set the X11 selections
8535 Yes, it is possible with a number of tools that record VNC and
8552 The SSVNC Unix VNC viewer supports UltraVNC file transfer by use of a
8564 VNC Viewers.
8579 the -users option, then VNC Viewers that connect are able to do
8609 The SSVNC Unix VNC viewer supports these UltraVNC extensions.
8617 switching to the VNC protocol, and so could be used with other
8624 reverse vnc connection from their Unix desktop to a helpdesk
8625 operator's VNC Viewer.
8640 user's machine (e.g. Linux, etc) and also create a file named "vnc"
8667 On the helpdesk VNC viewer machine (ip.someplace.net in this example)
8668 you have the helpdesk operator running VNC viewer in listen mode:
8671 or if on Windows, etc. somehow have the VNC viewer be in "listen"
8677 wget -qO - http://www.mysite.com/hd/vnc | sh -
8727 his Web browser to download the "vnc" file (or a script containing the
8733 One command-line free way, tested with KDE, is to name the file vnc.sh
8785 The only change from the "vnc" above is the addition of the -ssl
8799 Start it, and select Options -> 'Reverse VNC Connection (-listen)'.
8808 [vnc]
8828 creates $HOME/.vnc/certs/server-self:mystunnel.pem, then you would
8832 cert = /home/myusername/.vnc/certs/server-self:mystunnel.pem
8834 [vnc]
8864 Filesystem mounting is not part of the VNC protocol.
8872 Or one could combine this with the VNC tunnel at the same time, e.g.:
8914 Printing is not part of the VNC protocol.
8925 Or one could combine this with the VNC tunnel at the same time, e.g.:
9006 Audio is not part of the VNC protocol.
9016 Or one could combine this with the VNC tunnel at the same time, e.g.:
9141 Also note that not all VNC Viewers are IPv6 enabled, so a redirector
9175 For SSH tunnelled encrypted VNC connections, one can of course use the
9178 For SSL encrypted VNC connections, one possibility is to use the IPv6
9202 Our SSVNC VNC Viewer is basically a wrapper for ssh(1) and stunnel(1),
9230 to an internal host (e.g. "-L 5900:otherhost:5900") the VNC traffic
9247 # Chain the vnc connection thru 2 ssh's, and connect x11vnc to user's display:
9252 -rfbauth .vnc/passwd -display :0
9349 encodings (i.e. tight) thread safe (multiple VNC clients can be using
9407 port if it can get it, in which case the VNC display (i.e. the
9408 information you supply to the VNC viewer) is something like
9411 also try to force the port (and thereby the VNC display) using the
9415 ports for both VNC and the HTTP Java applet server to listen on. This
9419 vncserver/Xvnc on a busy Sun Ray because then 3 ports (HTTP, VNC, and
9421 be helpful as well. Both scripts start at VNC display :10 and work
9548 your VNC viewer (since if it locks the screen while you are working
9582 (note that this is a VNC login, not a Unix login, so you may not want
9718 openssl(1)) and the VNC viewer client accepts the certificate without
9724 the VNC traffic and passwords on the network and so it is quite good,
9726 attacker intercepts the VNC client stream and sends it his own Public
9743 verified. This requires the VNC client side have some piece of
9745 Alternatively, although rarely done, x11vnc can verify VNC Clients'
9765 So, for example suppose the user is using the SSL enabled Java VNC
9773 As another example, if the user was using stunnel with his VNC viewer
9780 A third example, using the VNC viewer on Unix with stunnel the wrapper
9815 ~/.vnc/certs/server.crt
9816 ~/.vnc/certs/server.pem
9819 copied to the VNC Viewer machine(s) that will be authenticating the
9822 location ~/.vnc/certs, e.g. it is on an NFS share and you are worried
9864 06/04/2006 11:39:11 using PEM /home/runge/.vnc/certs/server.pem 0.000s
9877 is available to all of the VNC clients and whose private key has been
9884 * The CA cert is (safely) distributed to all machines where VNC
9889 * VNC clients (viewers) can now authenticate the x11vnc server
9902 Optionally, VNC viewer certs and keys could also be generated to
9907 VNC client certs and keys are generated.
9908 * These VNC client certs are signed with the CA private key.
9909 * The VNC client certs+keys are safely distributed to the
9913 * When VNC clients (viewers) connect, they must authenticate
9933 option if you don't want to use the default ~/.vnc/certs.
9941 ~/.vnc/certs/CA/cacert.pem (the CA public certificate)
9942 ~/.vnc/certs/CA/private/cakey.pem (the encrypted CA private key)
9953 ~/.vnc/certs/server.crt (the server public certificate)
9954 ~/.vnc/certs/server.pem (the server private key + public cert)
9966 4) Next, safely copy the CA certificate to the VNC viewer (client)
9968 scp ~/.vnc/CA/cacert.pem clientmachine:.
9970 5) Then the tricky part, make it so the SSL VNC Viewer uses this
9974 For the SSL Java VNC viewer supplied with x11vnc in
9999 (then point the VNC viewer to localhost:1).
10020 The files will be ~/.vnc/certs/server-myotherkey.{crt,pem}
10042 The advantage to doing this is that the VNC client machines will
10052 ~/.vnc/certs/server-req:external.req
10056 ~/.vnc/certs/server-req:external.crt
10059 mv ~/.vnc/certs/server-req:external.key ~/.vnc/certs/server-req:external.
10061 chmod 600 ~/.vnc/certs/server-req:external.pem
10062 cat ~/.vnc/certs/server-req:external.crt >> ~/.vnc/certs/server-req:external.
10067 mv ~/.vnc/certs/server-req:external.pem ~/.vnc/certs/server-ext.pem
10068 mv ~/.vnc/certs/server-req:external.crt ~/.vnc/certs/server-ext.crt
10073 installed an available for the VNC viewer software you plan to use.
10079 You can optionally create certs+keys for your VNC client machines as
10091 ~/.vnc/certs/clients/dilbert.crt
10092 ~/.vnc/certs/clients/dilbert.pem
10098 and incorporate them into the VNC viewer / SSL software (see the ideas
10128 Finally, connect with your VNC viewer using the key. Here is an
10160 the Web browser URL that retrieves the VNC applet, simply add a
10187 certificates (e.g. suppose a user's laptop with a vnc client or server
10267 Then, on the VNC viewer client side, the viewer authenticates the
10276 file. Any other SSL enabled VNC viewer would use root_CA.crt in a
10334 VNC Client Authentication using Certificate Chains:
10409 Finally we connect via VNC viewer that uses CA_Root to verify the
10429 stunnel and openssl on Windows with VNC. Also
10444 The typical way to allow access to x11vnc (or any other VNC server)
10448 user@gateway) to set up the encrypted channel that VNC is then
10449 tunneled through. Next he starts up the VNC viewer on the machine
10455 or home firewall. For VNC access it is a bit awkward, however, because
10466 With the SSL support in x11vnc and the SSL enabled Java VNC viewer
10471 SSL VNC connections. The only thing needed on the Viewer side is a
10473 entire VNC connection process. No VNC or SSH specific software needs
10476 The stunnel VNC viewer stunnel wrapper script provided (ss_vncviewer)
10482 Simpler Solutions: This apache SSL VNC portal solution may be too much
10506 to verify SSL Certificates, then the VNC Viewer is vulnerable to
10517 apache SSL VNC portal ask for something that (so far) seems difficult
10522 * It handles both VNC traffic and Java VNC Applet downloads.
10544 also choose the Internet-facing port for this VNC service to be port
10559 used port, and also to stay out of the way of normal VNC servers on
10564 workstations to be granted VNC access:
10565 x11vnc -ssl SAVE -http -display :0 -forever -rfbauth ~/.vnc/passwd -rfbport 5
10568 i.e. we force SSL VNC connections, port 5915, serve the Java VNC
10569 viewer applet, and require a VNC password (another option would be
10608 # /vnc for http jar file downloading:
10610 RewriteRule /vnc/([^/]+)$ /vnc/$1/index.vnc?CONNECT=$1+5915&PO
10612 RewriteRule /vnc/trust/([^/]+)$ /vnc/$1/index.vnc?CONNECT=$1+5915&PO
10614 RewriteRule /vnc/proxy/([^/]+)$ /vnc/$1/proxy.vnc?CONNECT=$1+5915&PO
10616 RewriteRule /vnc/trust/proxy/([^/]+)$ /vnc/$1/proxy.vnc?CONNECT=$1+5915&PO
10619 # Read in the allowed host to vnc display mapping file. It looks like:
10625 # the display "15" means 5815 for http applet download, 5915 for SSL vnc.
10627 RewriteMap vnchosts txt:/dist/apache/conf/vnc.hosts
10629 # Proxy: check for the CONNECT hostname and port being in the vnc.hosts list
10643 # Remap /vnc to the proxy http download (e.g. http://host:5815)
10651 RewriteRule ^/vnc/([^/]+)/(.*) /vnc0/$1:http:58${vnchosts:$1|NOTFOUND}/$2
10667 external file (/dist/apache/conf/vnc.hosts in the example above), the
10669 vnc hosts file:
10674 You list the hostname and the VNC display (always 15 in our example).
10675 Only to these hosts will the external VNC viewers be able to connect
10684 http://www.gateway.east:563/vnc/host2
10698 http://www.gateway.east:563/vnc/proxy/host2
10701 that is able to interact with the internal proxy for the VNC
10707 For completeness, the "trust" cases that skip a VNC certificate dialog
10709 http://www.gateway.east:563/vnc/trust/host2
10710 http://www.gateway.east:563/vnc/trust/proxy/host2
10727 http://www.gateway.east/vnc/host2
10728 http://www.gateway.east/vnc/trust/host2
10766 http://www.gateway.east:563/vnc/host2/index.vnc?CONNECT=host2+5915&PORT=563,
10769 (or otherwise make direct edits to index.vnc to set these parameters).
10776 trustAllVncCerts tell the Java VNC applet to skip a dialog asking
10777 about the VNC Certificate. They are a bit faster and more reliable
10785 The external file /dist/apache/conf/vnc.hosts containing the allowed
10786 VNC server hostnames is read in. Its 2nd column contains the VNC
10790 download URL and the proxy CONNECT the VNC viewer makes to only the
10791 intended VNC servers.
10799 Note that these index.vnc and VncViewer.jar downloads to the browser
10801 by a really bad guy. The subsequent VNC connection, however, is
10807 Unfortunately the Java VNC viewer applet currently is not able to save
10808 its own list of Certificates (e.g. the user says trust this VNC
10834 * VNC passwords: -rfbauth, -passwdfile, or -usepw. Even adding a
10835 simple company-wide VNC password helps block unwanted access.
10843 * Run a separate instance of Apache that provides this VNC service
10847 etc, are often hacked, with backdoors and VNC servers of their
10855 The ss_vncviewer stunnel wrapper script for VNC viewers has the -proxy
10864 Unix) put 'host1:15' into the 'VNC Server' entry box, and here are
10901 # /vnc http jar file downloading:
10903 RewriteRule /vnc/([^/]+)$ /vnc/$1/index.vnc?CONNECT=$
10905 RewriteRule /vnc/proxy/([^/]+)$ /vnc/$1/proxy.vnc?CONNECT=$
10913 RewriteRule /vncs/([^/]+)$ /vncs/$1/index.vnc?CONNECT=$
10915 RewriteRule /vncs/proxy/([^/]+)$ /vncs/$1/proxy.vnc?CONNECT=$
10918 RewriteRule /vncs/trust/([^/]+)$ /vncs/$1/index.vnc?CONNECT=$
10921 RewriteRule /vncs/trust/proxy/([^/]+)$ /vncs/$1/proxy.vnc?CONNECT=$
10928 RewriteRule /vnc443/([^/]+)$ /vncs/$1/index.vnc?CONNECT=$
10930 RewriteRule /vnc443/proxy/([^/]+)$ /vncs/$1/proxy.vnc?CONNECT=$
10933 RewriteRule /vnc443/trust/([^/]+)$ /vncs/$1/index.vnc?CONNECT=$
10936 RewriteRule /vnc443/trust/proxy/([^/]+)$ /vncs/$1/proxy.vnc?CONNECT=$
10940 # Read in the allowed host to vnc display mapping file. It looks like:
10946 # the display "15" means 5915 for SSL VNC and 5815 for http applet download.
10948 RewriteMap vnchosts txt:/dist/apache/conf/vnc.hosts
10951 # Remap /vnc and /vncs to the proxy http download (e.g. https://host:5915)
10959 RewriteRule ^/vnc/([^/]+)/(.*) /vnc0/$1:http:58${vnchosts:$1|NOTFOUND}/$2
10975 https://www.gateway.east/vnc/host2
10978 https://www.gateway.east/vnc/proxy/host2
10984 (/dist/apache/conf/vnc.hosts in the above example) contains the
10985 hostnames of the allowed VNC servers.
10989 https://www.gateway.east/vnc/host2
10990 https://www.gateway.east/vnc/proxy/host2
11006 In all of the above cases the VNC traffic from Viewer to x11vnc is
11009 CONNECT's for the "double proxy" case). This part (the VNC traffic) is
11017 and/or index.vnc/proxy.vnc instead of each x11vnc if you want to.
11031 The "single-port" (i.e. 5915) HTTPS applet download and VNC connection
11035 connections to inetd download index.vnc and the Jar file (via https)
11036 and the the last connection to inetd establishes the SSL VNC
11147 - One might imagine the ProxyPass could be done for the VNC traffic as
11151 a full bidirectional link required by VNC that CONNECT provides) this
11169 the VNC Viewer applet can try up to 3 times to retrieve the x11vnc
11175 parameter. This can cut the total time to the VNC password prompt down
11191 RewriteRule /vnc/([^/]+)$ /vnc/$1/index.vnc?CONNECT=$1+5915&PO
11193 RewriteRule /vnc/trust/([^/]+)$ /vnc/$1/index.vnc?CONNECT=$1+5915&PO
11195 RewriteRule /vnc/proxy/([^/]+)$ /vnc/$1/proxy.vnc?CONNECT=$1+5915&PO
11197 RewriteRule /vnc/trust/proxy/([^/]+)$ /vnc/$1/proxy.vnc?CONNECT=$1+5915&PO
11200 The httpsPort and urlPrefix provide useful hints to the VNC Viewer
11206 RewriteRule /vnc/([^/]+)$ /vnc/$1/index.vnc?CONNECT=$1+5915&P
11208 RewriteRule /vnc/proxy/([^/]+)$ /vnc/$1/proxy.vnc?CONNECT=$1+5915&P
11210 RewriteRule /vncs/([^/]+)$ /vncs/$1/index.vnc?CONNECT=$1+5915&P
11212 RewriteRule /vncs/proxy/([^/]+)$ /vncs/$1/proxy.vnc?CONNECT=$1+5915&P
11214 RewriteRule /vncs/trust/([^/]+)$ /vncs/$1/index.vnc?CONNECT=$1+5915&P
11217 RewriteRule /vncs/trust/proxy/([^/]+)$ /vncs/$1/proxy.vnc?CONNECT=$1+5915&P
11223 The httpsPort and urlPrefix and GET provide useful hints to the VNC
11225 Proxies, certificates, etc, and also for the ultimate VNC connection
11227 immediately switch to the VNC protocol).
11232 http://gateway:563/vnc/machinename
11235 otherwise, on the VNC SSL certificate. It is trusted without question.
11238 recommend them. It is better to use /vnc or /vncs and the first time
11251 Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer)
11258 The Enhanced TightVNC Viewer, SSVNC, adds encryption security to VNC
11263 SSH connections to any VNC server, such as x11vnc, and then launches
11264 the VNC Viewer to use the encrypted tunnel.
11267 encrypted VNC connections to any VNC Server if they are running an SSL
11269 will work to any VNC Server host running sshd that you can log into.
11282 and Vino/ANONTLS encryption extensions to VNC on Unix, Mac OS X, and
11284 encryption also works with any third party VNC Viewer (e.g. RealVNC,
11285 TightVNC, UltraVNC, etc...) you select via 'Change VNC Viewer'.
11287 The short name for this project is "ssvnc" for SSL/SSH VNC Viewer.
11297 USB memory stick / flash drive for secure VNC viewing from almost any
11299 named "Home" in the toplevel ssvnc directory on the drive your VNC
11328 * Ability to Save and Load VNC profiles for different hosts.
11329 * You can also use your own VNC Viewer, e.g. UltraVNC or RealVNC,
11332 * Reverse (viewer listening) VNC connections via SSL and SSH.
11333 * VeNCrypt SSL/TLS VNC encryption support (used by VeNCrypt, QEMU,
11334 ggi, libvirt/virt-manager/xen, vinagre/gvncviewer/gtk-vnc)
11335 * ANONTLS SSL/TLS VNC encryption support (used by Vino)
11336 * VeNCrypt and ANONTLS are also enabled for any 3rd party VNC Viewer
11339 'Change VNC Viewer' to select the one you want.)
11347 * Zeroconf (aka Bonjour) is used on Unix and Mac OS X to find VNC
11354 * Support for native MacOS X usage with bundled Chicken of the VNC
11357 * Dynamic VNC Server Port determination and redirection (using ssh's
11363 * Simplified mode launched by command "tsvnc" that provides a VNC
11369 TightVNC Viewer improvements (these only apply to the Unix VNC viewer,
11371 * rfbNewFBSize VNC support (dynamic screen resizing)
11373 * ZRLE VNC encoding support (RealVNC's encoding)
11410 periods of time a listening port on the the local (VNC viewer)
11412 * Reverse (viewer listening) VNC connections can show a Popup dialog
11449 * The VNC Viewer ssvncviewer supports IPv6 natively (no helpers
11454 * Chicken of the VNC Viewer (macosx)
11491 On MacOSX if you don't like the Chicken of the VNC (e.g. no local
11508 If you want a simple VNC Terminal Services only mode (requires x11vnc
11574 If you want a simple VNC Terminal Services only mode (requires x11vnc
11611 storing VNC profiles and certificates. Also, for convenience, if you
11689 the otherwise unreachable VNC Server. SSH gateway machines can be used
11693 Dynamic VNC Server Port determination: If you are running SSVNC on
11694 Unix and are using SSH to start the remote VNC server and the VNC
11698 built in SOCKS proxy (ssh -D ...) to connect to the dynamic VNC server
11700 VNC Host:Display user@somehost.com
11707 "New 'X' desktop is hostname:4" and also "VNC server is already
11740 this caching method is distracting. Our Unix VNC viewer will
11775 -passwd <PASSWD-FILENAME> (standard VNC authentication)
11802 to allow more than one incoming VNC server at a time.
11809 remote VNC server, "command args..." is executed and the
11823 allow more than one incoming VNC server to be connected
11830 a reverse VNC connection comes in show a popup asking
11845 -16bpp If the vnc viewer X display is depth 24 at 32bpp
11846 request a 16bpp format from the VNC server to cut
11906 -sendalways Whenever the mouse enters the VNC viewer main
11907 window, send the selection to the VNC server even if
11911 -recvtext str When cut text is received from the VNC server,
11926 -sendalways Whenever the mouse enters the VNC viewer main
11927 window, send the selection to the VNC server even if
11931 -recvtext str When cut text is received from the VNC server,
11957 VNC server to retrieve the pixels. This is too slow.
11973 password, newline are sent to the VNC server after any VNC
11975 used for the -unixpw login. Other VNC servers could do
11982 x11vnc to not echo the Unix Username back to the VNC
11998 It can also be the hostname and port or display of the VNC
12002 server, NOT the VNC server. The repeater will connect you.
12034 (e.g. SSL or SSH) for the entire VNC session.
12077 remote VNC server.
12087 the remote VNC server. In other words, a set of 'Hot Keys'.
12183 that prompts for the VNC display and then starts up STUNNEL followed
12204 These allow you to print from the remote (VNC Server) machine to local
12205 printers, listen to sounds (with some limitations) from the remote VNC
12207 remote VNC Server machine. Basically these new features try to
12301 VNC viewer! Let us know how it went.
12357 x11vnc: a VNC server for real X displays
12362 x11vnc: allow VNC connections to real X11 displays. 0.9.13 lastmod: 2010-12-27
12473 -desktop name VNC desktop name (default "LibVNCServer")
12494 x11vnc: allow VNC connections to real X11 displays. 0.9.13 lastmod: 2010-12-27
12510 as a VNC server it will print out a string: PORT=XXXX where XXXX is typically
12511 5900 (the default VNC server port). One would next run something like
12518 these protections. See the FAQ for details how to tunnel the VNC connection
12525 Also, use of a VNC password (-rfbauth or -passwdfile) is strongly recommended.
12569 -N If the X display is :N, try to set the VNC display to
12576 -autoport n Automatically probe for a free VNC port starting at n.
12578 stay away from other VNC servers near 5900.
12580 -rfbport str The VNC port to listen on (a LibVNCServer option), e.g.
12642 connect to the remote VNC server host:N and be a
12644 to manage the case of many simultaneous VNC viewers
12650 -rawfb vnc:host:N for more details.
12678 offset +X+Y. The VNC display has size WxH (i.e. smaller
12768 of the display that is then exported via VNC.
12837 VNC viewers cannot handle 24bpp (e.g. "main: setPF:
12889 -viewonly All VNC clients can only watch (default off).
12890 -shared VNC display is shared, i.e. more than one viewer can
12897 To get the standard non-shared VNC behavior where when
12898 a new VNC client connects the existing VNC client is
12921 use if a VNC client (the only client for that process)
12969 VNC Viewers that connect are able to do filetransfer
12983 VNC Viewers that connect are able to do filetransfer
13005 this VNC server to the local network. (Related terms:
13030 Note that unlike most vnc servers, x11vnc will require a
13045 "vnc repeater": http://www.uvnc.com/addons/repeater.html
13049 before the VNC protocol is started. Here are the ways
13067 vnc viewer. Somehow the pre-string tells the repeater
13068 server how to find the vnc viewer and connect you to it.
13093 that if the VNC Client does any sort of a 'Fetch Cert'
13174 reach the VNC viewer. Up to 3 may be chained, separate
13187 -novncconnect VNC program vncconnect(1). When the property is
13280 -grabkbd When VNC viewers are connected, attempt to the grab
13310 -grabalways Apply both -grabkbd and -grabptr even when no VNC
13330 (BTW: neither should the VNC -rfbauth file: it is NOT
13347 Note that due to the VNC protocol only the first 8
13360 VNC spec). Then follows len bytes which is the random
13369 are used. The latter will require customizing the VNC
13395 -showrfbauth filename Print to the screen the obscured VNC password kept in
13415 as it is typed. This could be of use for VNC viewers
13591 with status 0 (success) the VNC user will be accepted.
13624 env | egrep -i 'rfb|vnc' 1>&2
13756 to the connecting VNC client in combined -unixpw
13759 Normally in a -unixpw mode the VNC client must
13799 or creation) to a VNC server listening on port. You
13803 If 0 <= port < 200 it is taken as a VNC display (5900 is
13809 This provides an easy way to add SSL encryption to a VNC
13810 server that does not support SSL (e.g. Xvnc or vnc.so)
13811 In fact, the protocol does not even need to be VNC,
13822 x11vnc waits until a VNC client connects before opening
13836 VNC client first attaches to since some VNC viewers
13883 be applied to the VNC screen. For example,
13937 (x11vnc -R opt:val) during his VNC session.
13941 authenticated VNC user with his desktop. This could
13945 for his desktop and VNC.
14097 "Xvnc" will start up a VNC X server (real-
14098 or tight-vnc, e.g. use if Xvfb is not available).
14151 redirection of the connected VNC viewer to the Xvnc.
14153 So in Xvnc.redirect x11vnc does no VNC but merely
14156 as connecting directly to the Xvnc with the VNC Viewer.
14161 Xvnc.redirect should also work for the vnc.so X server
14166 -vencrypt mode The VeNCrypt extension to the VNC protocol allows
14209 -anontls mode The ANONTLS extension to the VNC protocol allows
14217 It is referred to as 'TLS' for its registered VNC
14267 built-in encrypted SSL/TLS tunnel between VNC viewers
14274 The VNC Viewer-side needs to support SSL/TLS as well.
14283 If the VNC Viewer supports VeNCrypt or ANONTLS (vino's
14294 The connecting VNC viewer SSL tunnel can (at its option)
14300 if the VNC viewer simply accepts this server's key
14312 file ~/.vnc/certs/server.pem. On subsequent calls if
14325 to refer to the file ~/.vnc/certs/server-<string>.pem
14328 ~/.vnc/certs/server-charlie.pem
14344 authentication of the server to VNC viewers.)
14353 the VNC viewer authenticating them (via the public
14359 to authenticate either the VNC server or VNC client.
14366 default ~/.vnc/certs
14397 ~/.vnc/certs
14405 manage multiple VNC Certificate Authority (CA) keys.
14406 Another use is if ~/.vnc/cert is on an NFS share you
14415 to provide certificates to authenticate incoming VNC
14456 ~/.vnc/certs default.
14478 They provide VNC Certificate Authority (CA) key creation
14481 VNC-ing with x11vnc. (note that they require openssl(1)
14486 temporary key and the VNC viewers always accept it,
14503 if you had a large number of VNC client and server
14508 Next, he could create signed VNC server keys
14511 any VNC client that has the CA cert.
14514 VNC clients themselves are authenticated to x11vnc
14519 key files. On the VNC client side, they will need to
14536 certificate chain used to verify the VNC client.
14557 -gencrl ...' are useful. (Run them in ~/.vnc/certs)
14564 or otherwise ~/.vnc/certs is used.
14572 x11vnc command exits; the VNC server is not run.
14576 as long as clients accept the cert for VNC connections.
14582 workstations where VNC viewers will be run. One will
14595 -sslGenCert type name Generate a VNC server or client certificate and private
14601 VNC server is not run.
14605 "client" (for a VNC viewer). Note that typically
14606 only "server" is used: the VNC clients authenticate
14607 themselves by a non-public-key method (e.g. VNC or
14645 directory other than the default ~/.vnc/certs You will
14671 file will be ~/.vnc/certs/server.pem. This one would
14677 to be copied and imported into the VNC viewer
14681 it is only needed on the VNC viewer side. The,
14682 e.g. ~/.vnc/certs/clients/<name>.pem contains both
14689 masquerade as the x11vnc server (or VNC viewer client).
14706 was safely copied to the VNC viewer machine where
14717 scp ~/.vnc/certs/clients/roger.pem somehost:.
14718 rm ~/.vnc/certs/clients/roger.pem
14721 ~/.vnc/certs/clients/roger.crt (or simply -sslverify
14739 a directory besides the default ~/.vnc/certs)
14743 the x11vnc command exits; the VNC server is not run.
14756 the VNC server is not run.
14762 managed (in the ~/.vnc/certs dir, use -ssldir to refer
14772 ([dir] is ~/.vnc/certs or one given by -ssldir.)
14825 "The SSL VNC desktop is ..." and "SSLPORT=..."
14844 Your VNC viewer will also need to be able to connect
14891 use SSH but want some encryption for your VNC session.
14908 side of the VNC connection (See SSVNC for examples).
14953 The SSVNC vnc viewer project supplies a symmetric
14962 or server (VNC or otherwise.) The cipher (1st arg)
14976 single VNC port (e.g. 5900) for both VNC and HTTPS
14990 or VNC Viewer applet. That's right 3 separate "Are
15007 ('index.vnc' or 'proxy.vnc') is sent do NOT set the
15008 applet PORT parameter to the actual VNC port but set it
15016 connect to the firewall/router port, not the VNC port
15032 not need to specify extra PARAMS in the index.vnc file.
15036 the network (i.e. you just want the single VNC/HTTPS
15045 -stunnel, or -enc options), allow the Java VNC Viewer
15046 applet to be downloaded thru the VNC port via HTTP.
15086 the ssh machine "host" can be reached by the VNC
15097 "disp" is the VNC display for the remote SSH side,
15117 line, first look for ~/.vnc/passwd and if found use it
15118 with -rfbauth; next, look for ~/.vnc/passwdfile and
15120 for a password to create ~/.vnc/passwd and use it with
15124 -storepasswd pass file Store password "pass" as the VNC password in the
15130 in the file ~/.vnc/passwd. Called with one argument,
15362 -solid [color] To improve performance, when VNC clients are connected
15441 all viewers that do not support the NewFBSize VNC
15446 -rotate string Rotate and/or flip the framebuffer view exported by VNC.
15471 VNC viewers.
15494 it is expanded to the vnc display (the name may need
15591 in some circumstances: namely *both* the VNC viewer
15599 *only* enable CapsLock on the VNC viewer side (i.e. by
15606 you press Caps_Lock on the VNC Viewer side but that does
15631 -skip_dups Some VNC viewers send impossible repeated key events,
15635 just process the first event. Note: some VNC viewers
15640 -add_keysyms If a Keysym is received from a VNC viewer and that
15692 "dead_acute", etc. However some VNC viewers send the
15720 -repeat VNC clients are connected and VNC keyboard input is
15730 Note: your VNC viewer side will likely do autorepeating,
15745 VNC viewers and the X server at all.
15750 from VNC clients.
15755 received from VNC clients.
15767 is done depends on the VNC viewer and the X server.
15770 Some VNC viewers support the TightVNC CursorPosUpdates
15779 will be some lag between the vnc viewer pointer and
15883 -nocursorpos back to all vnc clients that support the TightVNC
15896 VNC mouse event force the pointer to the indicated x,y
15904 VNC input event.
15974 an awkward way in that in the VNC Viewer you can see the
15985 both on the x11vnc server side and on the VNC Viewer
15987 tripled for both x11vnc and the VNC Viewer. As a rule
16015 Some VNC Viewers provide better response than others
16028 the window will be pushed to top in the VNC viewer.
16043 GNOME) when VNC clients are connected.
16119 sent efficiently to the VNC clients). Use this option
16124 telling the VNC viewers to locally copy the translated
16125 window region. This is the VNC CopyRect encoding:
16162 it does there is a nice speedup from using the VNC
16188 your VNC viewer may have its own refresh hot-key
16401 Neither x11vnc's screen polling and vnc compression
16557 state when VNC clients are connected.
16565 VNC clients are connected, while "-fbpm" means to not
16573 going into a reduced power state when VNC clients
16587 VNC clients are connected, while "-dpms" means to not
16609 -clientdpms As -forcedpms but only when VNC clients are connected.
16612 This allows the VNC viewer to click a button that will
16623 that x11vnc is polling. That way the person on the VNC
16777 If the string begins with "vnc", see the VNC HOST
16779 of another remote VNC server.
16805 -rawfb vnc:somehost:0
16876 network VNC traffic.
16935 the settings through the VNC Viewer via keystrokes.
17036 VNC HOST: if the -rawfb string is of the form
17037 "vnc:host:N" then the VNC display "N" on the remote
17038 VNC server "host" is connected to (i.e. x11vnc acts as
17039 a VNC client itself) and that framebuffer is exported.
17043 10) simultaneous VNC viewers, and you try a divide
17051 For example, if there will be 64 simultaneous VNC
17052 viewers this can lead to a lot of redundant VNC traffic
17057 with option -rawfb vnc:host:N, then there are only
17059 8 vnc viewer connections thereby spreading the load
17069 second that must be propagated. Tip: if the remote VNC
17076 the password needed to log into the vnc host server, or
17080 To set the pixel format that x11vnc requests as a VNC
17087 The VNC HOST mode implies -shared. Use -noshared as
17391 VNC session password. If =<hexnumber> is appended
17412 with the VNC display number. You can also set the font
17979 The vncconnect(1) command from standard VNC
18144 connected VNC clients. str is a non-empty string. If a
18145 VNC client sends rfbCutText having the prefix "str"
18155 VNC viewers to run x11vnc -remote commands. Do not
18227 -desktop name VNC desktop name (default "LibVNCServer")
18246 x11vnc -rfbauth $HOME/.vnc/passwd -solid
