VNC基础

VNC：Virtual Network Computing
VNC是AT&T实验室开发的远程操控计算机的软件。GPL授权。
支持多种操作系统，但我们好像从不在windows下使用这种方式，而是使用远程桌面。
服务端内置java web接口，没有安装vnc viewer也可以使用浏览器登录服务器。

运行过程如下：

下面是ubuntu20.04的版本，查询一下vnc软件包：

root@ecs-hk:~# apt list --installed |grep vnc

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

libvncclient1/focal-updates,focal-security,now 0.9.12+dfsg-9ubuntu0.3 amd64 [installed,automatic]
remmina-plugin-vnc/focal,now 1.4.2+dfsg-1ubuntu1 amd64 [installed,automatic]
tightvncserver/focal,now 1.3.10-0ubuntu5 amd64 [installed]

//当运行vncserver后，提示输入密码，会保存在.vnc/passwd里，加密了的
root@ecs-hk:~# ls .vnc -l
total 16
-rw-r--r-- 1 root root 3638 Dec  6 21:45 ecs-hk:1.log
-rw-r--r-- 1 root root    5 Dec  6 21:41 ecs-hk:1.pid
-rw------- 1 root root    8 Dec  5 23:18 passwd
-rwxr-xr-x 1 root root  223 Dec  6 21:44 xstartup

//不带参数运行vncserver，自动选择一个未用的最小桌面编号。一般是1
//带参数：vncserver :2

所有用户都可以运行vncserver，所以我们切换到普通用户来运行

hkhwusr01@ecs-hk:~$ vncserver

You will require a password to access your desktops.

Password:
Verify:
Would you like to enter a view-only password (y/n)? n
xauth:  file /home/hkhwusr01/.Xauthority does not exist

New 'X' desktop is ecs-hk:1

Creating default startup script /home/hkhwusr01/.vnc/xstartup
Starting applications specified in /home/hkhwusr01/.vnc/xstartup
Log file is /home/hkhwusr01/.vnc/ecs-hk:1.log

hkhwusr01@ecs-hk:~$ ll .vnc
total 24
drwx------  2 hkhwusr01 hkhwusr01 4096 Dec  9 16:48 ./
drwxr-xr-x 17 hkhwusr01 hkhwusr01 4096 Dec  9 16:48 ../
-rw-rw-r--  1 hkhwusr01 hkhwusr01  684 Dec  9 16:48 ecs-hk:1.log
-rw-rw-r--  1 hkhwusr01 hkhwusr01    5 Dec  9 16:48 ecs-hk:1.pid
-rw-------  1 hkhwusr01 hkhwusr01    8 Dec  9 16:48 passwd
-rwxr-xr-x  1 hkhwusr01 hkhwusr01  225 Dec  9 16:48 xstartup*
hkhwusr01@ecs-hk:~$ cat .vnc/ecs-hk\:1.pid
2089
hkhwusr01@ecs-hk:~$ ps -ef|grep 2089
hkhwusr+    2089       1  0 16:48 pts/0    00:00:00 Xtightvnc :1 -desktop X -auth /home/hkhwusr01/.Xauthority -geometry 1024x768 -depth 24 -rfbwait 120000 -rfbauth /home/hkhwusr01/.vnc/passwd -rfbport 5901 -fp /usr/share/fonts/X11/misc/,/usr/share/fonts/X11/Type1/,/usr/share/fonts/X11/75dpi/,/usr/share/fonts/X11/100dpi/ -co /etc/X11/rgb

hkhwusr01@ecs-hk:~$ netstat -tlpn
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:5901            0.0.0.0:*               LISTEN      2089/Xtightvnc
tcp        0      0 0.0.0.0:6001            0.0.0.0:*               LISTEN      2089/Xtightvnc

hkhwusr01@ecs-hk:~/.vnc$ cat xstartup
#!/bin/sh

xrdb $HOME/.Xresources
xsetroot -solid grey
#x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#x-window-manager &
# Fix to make GNOME work
export XKL_XMODMAP_DISABLE=1
/etc/X11/Xsession

但是使用浏览器直接访问，不太行：

服务日志是

hkhwusr01@ecs-hk:~/.vnc$ cat ecs-hk\:1.log
09/12/22 16:48:24 Xvnc version TightVNC-1.3.10
09/12/22 16:48:24 Copyright (C) 2000-2009 TightVNC Group
09/12/22 16:48:24 Copyright (C) 1999 AT&T Laboratories Cambridge
09/12/22 16:48:24 All Rights Reserved.
09/12/22 16:48:24 See http://www.tightvnc.com/ for information on TightVNC
09/12/22 16:48:24 Desktop name 'X' (ecs-hk:1)
09/12/22 16:48:24 Protocol versions supported: 3.3, 3.7, 3.8, 3.7t, 3.8t
09/12/22 16:48:24 Listening for VNC connections on TCP port 5901
Font directory '/usr/share/fonts/X11/75dpi/' not found - ignoring
Font directory '/usr/share/fonts/X11/100dpi/' not found - ignoring
xrdb: No such file or directory
xrdb: can't open file '/home/hkhwusr01/.Xresources'

09/12/22 16:53:18 Got connection from client 111.111.11.58
09/12/22 16:53:18 rfbProcessClientProtocolVersion: not a valid RFB client
09/12/22 16:53:18 Client 111.111.11.58 gone
09/12/22 16:53:18 Statistics:
09/12/22 16:53:18   framebuffer updates 0, rectangles 0, bytes 0

Xvnc对应用程序来说，是X服务器；对VNC用户来说，是VNC服务器
通过vncserver(perl脚本)来启动Xvnc（或Xtightvnc）

基于java的VNC的WEB服务端口从5801开始
过去，VNC服务采用的图像界面是twm，可以改为gnome-session或startkde，当然前提是安装了这2种桌面环境

VNC是简单协议，在这种情况下，使用大量带宽。传输原始图像（一个X.Y位置上的正方形的点阵数据）到客户端，
客户端传送事件消息到服务端。服务器发送小方块的帧缓存给客户端。

VNC本身不安全。虽然密码传输经过加密，但可以拦截并暴力破解。

以下是centos7.9操作

[root@ecs-sig ~]# rpm -qa|grep vnc
tigervnc-1.8.0-22.el7.x86_64
tigervnc-server-minimal-1.8.0-22.el7.x86_64
tigervnc-icons-1.8.0-22.el7.noarch
tigervnc-license-1.8.0-22.el7.noarch
tigervnc-server-1.8.0-22.el7.x86_64

#同时安装了 xfce : yum groupinstall xfce

[root@ecs-sig ~]# runlevel
N 5
[root@ecs-sig ~]# echo $DISPLAY
localhost:10.0
[root@ecs-sig ~]# systemctl start vncserver@:1.service
Job for vncserver@:1.service failed because the control process exited with error code. See "systemctl status vncserver@:1.service" and "journalctl -xe" for details.
[root@ecs-sig ~]# vim /root/.vnc/ecs-sig:1.log
Xvnc TigerVNC 1.8.0 - built Nov 16 2020 16:47:50
Copyright (C) 1999-2017 TigerVNC Team and many others (see README.txt)
See http://www.tigervnc.org for information on TigerVNC.
Underlying X server release 12004000, The X.Org Foundation


Fri Dec  9 19:28:22 2022
 vncext:      VNC extension running!
 vncext:      Listening for VNC connections on all interface(s), port 5901
 vncext:      created VNC server for screen 0
Killing Xvnc process ID 2714
Error: cannot open display: :1

[root@ecs-sig system]# cat vncserver\@\:1.service
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking

# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
#ExecStart=/usr/bin/vncserver_wrapper <USER> %i
ExecStart=/usr/bin/vncserver_wrapper root %i
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

[root@ecs-sig .vnc]# cat xstartup
#!/bin/sh

unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
/etc/X11/xinit/xinitrc
# Assume either Gnome or KDE will be started by default when installed
# We want to kill the session automatically in this case when user logs out. In case you modify
# /etc/X11/xinit/Xclients or ~/.Xclients yourself to achieve a different result, then you should
# be responsible to modify below code to avoid that your session will be automatically killed
if [ -e /usr/bin/gnome-session -o -e /usr/bin/startkde ]; then
    vncserver -kill $DISPLAY
fi

怎么办

[root@ecs-sig .vnc]# cat /etc/X11/xinit/xinitrc
# Mandatorily source xinitrc-common, which is common code shared between the
# Xsession and xinitrc scripts which has been factored out to avoid duplication
. /etc/X11/xinit/xinitrc-common

# The user may have their own clients they want to run.  If they don't,
# fall back to system defaults.
if [ -f $HOME/.Xclients ]; then
    exec $CK_XINIT_SESSION $SSH_AGENT $HOME/.Xclients || \
    exec $CK_XINIT_SESSION $SSH_AGENT $HOME/.Xclients
elif [ -f /etc/X11/xinit/Xclients ]; then  #手工测试，走到这里
    exec $CK_XINIT_SESSION $SSH_AGENT /etc/X11/xinit/Xclients || \
    exec $CK_XINIT_SESSION $SSH_AGENT /etc/X11/xinit/Xclients
else
    # Failsafe settings.  Although we should never get here
    # (we provide fallbacks in Xclients as well) it can't hurt.
    [ -x /usr/bin/xsetroot ] && /usr/bin/xsetroot -solid '#222E45'
    [ -x /usr/bin/xclock ] && /usr/bin/xclock -geometry 100x100-5+5 &
    [ -x /usr/bin/xterm ] && xterm -geometry 80x50-50+150 &
    [ -x /usr/bin/twm ] && /usr/bin/twm
fi

如果把 /root/.vnc/下面文件都删除，再启动
Dec 09 20:37:48 ecs-sig systemd[1]: Starting Remote desktop service (VNC)...
Dec 09 20:37:48 ecs-sig vncserver_wrapper[8877]: You will require a password to access your desktops.
Dec 09 20:37:48 ecs-sig vncserver_wrapper[8877]: getpassword error: Inappropriate ioctl for device
Dec 09 20:37:48 ecs-sig systemd[1]: vncserver@:1.service: control process exited, code=exited status=2
Dec 09 20:37:48 ecs-sig vncserver_wrapper[8877]: Password:FATAL: 'runuser -l root' failed!
Dec 09 20:37:48 ecs-sig systemd[1]: Failed to start Remote desktop service (VNC).
Dec 09 20:37:48 ecs-sig systemd[1]: Unit vncserver@:1.service entered failed state.
Dec 09 20:37:48 ecs-sig systemd[1]: vncserver@:1.service failed.

运行vncpasswd再运行，又和前面的报错一样了。

如果把/root/.vnc/xstartup里注释
[root@ecs-sig .vnc]# cat xstartup
#!/bin/sh

unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
/etc/X11/xinit/xinitrc
# Assume either Gnome or KDE will be started by default when installed
# We want to kill the session automatically in this case when user logs out. In case you modify
# /etc/X11/xinit/Xclients or ~/.Xclients yourself to achieve a different result, then you should
# be responsible to modify below code to avoid that your session will be automatically killed

#以下部分手工注释
#if [ -e /usr/bin/gnome-session -o -e /usr/bin/startkde ]; then
#    vncserver -kill $DISPLAY
#fi

再运行，挺久没返回，看下进程
[root@ecs-sig ~]# ps -ef|grep vnc
root      9109  1832  0 20:43 pts/0    00:00:00 systemctl start vncserver@:1.service
root      9117     1  0 20:43 ?        00:00:00 /bin/sh /usr/bin/vncserver_wrapper root :1
root      9139     1  0 20:43 ?        00:00:00 /usr/bin/Xvnc :1 -auth /root/.Xauthority -desktop ecs-sig:1 (root) -fp catalogue:/etc/X11/fontpath.d -geometry 1024x768 -pn -rfbauth /root/.vnc/passwd -rfbport 5901 -rfbwait 30000

过一会，最终返回失败了：
[root@ecs-sig .vnc]# cat *log

Xvnc TigerVNC 1.8.0 - built Nov 16 2020 16:47:50
Copyright (C) 1999-2017 TigerVNC Team and many others (see README.txt)
See http://www.tigervnc.org for information on TigerVNC.
Underlying X server release 12004000, The X.Org Foundation


Fri Dec  9 20:43:22 2022
 vncext:      VNC extension running!
 vncext:      Listening for VNC connections on all interface(s), port 5901
 vncext:      created VNC server for screen 0
Missing chrome or resource URL: resource://gre/modules/UpdateListener.jsm
Missing chrome or resource URL: resource://gre/modules/UpdateListener.sys.mjs

这个时候，是可以vnc连接上的，桌面上只能看到firefox（没安装chrome）开了2个页签
也有连接信息：
Fri Dec  9 20:50:29 2022
 Connections: accepted: 111.112.18.58::27046
 SConnection: Client needs protocol version 3.8

Fri Dec  9 20:50:30 2022
 SConnection: Client requests security type VncAuth(2)
 VNCSConnST:  Server default pixel format depth 24 (32bpp) little-endian rgb888
 VNCSConnST:  Client pixel format depth 24 (32bpp) little-endian rgb888
X connection to :1 broken (explicit kill or server shutdown).

一会就断开了

Gdk-Message: 20:44:52.281: firefox: Fatal IO error 11 (Resource temporarily unavailable) on X server :1.

Exiting due to channel error.