CentOS7.9 Realizes Multiplayer Use of Server Desktop Through RealVNC

Enterprise 2023-07-13 05:08:17 views: null

background:

The company's R&D team logs in to the desktop of the CentOS server through VNC to realize the development work

In order to prevent data leakage, it is necessary to set security policies such as prohibiting file transfer and accessing the pasteboard in RealVNC

Installation process:

1. Pre-install the CentOS7.9 system, and select the GNOME desktop during the installation process (this desktop is better compatible with the development environment)

2. Disable SELINUX and firewall after the system installation is complete (if the security requirements are high, you can not disable it)

# 禁用SELINUX
sed -ri /^SELINUX=/'s/(SELINUX=).*/\1disabled/' /etc/selinux/config

# 禁用防火墙(也可不禁用,因为VNC Server安装过程中会将自身添加到防火墙放行列表)
systemctl disable firewalld; systemctl mask firewalld

# 重启系统生效
reboot

3. Download and install RealVNC   Attachment: The latest installation package official website download address

On February 1, 2023, it was found that the new version 7.X was officially launched. The serial number below is only suitable for versions 6.X and earlier. If you do not have a suitable license, please do not use the latest version

# 从官方下载安装包到/tmp目录
wget -P /tmp https://downloads.realvnc.com/download/file/vnc.files/VNC-Server-6.11.0-Linux-x64.rpm

# 安装
yum install -y /tmp/VNC-Server-6.11.0-Linux-x64.rpm

# 导入授权Key
vnclicense -add Z456C-LMKTC-NLGWQ-H5CUR-ZVWEA

Fourth, install and enable Xorg

# 安装Xorg
yum install xorg-x11-drv-dummy

# 为所有用户启用Xorg(需要以root账户运行,在对话框中输入y)
vncinitconfig -enable-system-xorg

Five, configure the configuration file dedicated to the Gnome desktop  official website link: configuration parameters of other desktops

执行 vi /etc/vnc/xstartup.custom 将以下内容写入进去

#!/bin/sh
DESKTOP_SESSION=gnome-classic
export DESKTOP_SESSION
env GNOME_SHELL_SESSION_MODE=classic gnome-session --session gnome-classic
vncserver-virtual -kill $DISPLAY
给配置文件设置可执行权:
chmod +x /etc/vnc/xstartup.custom

6. Deploy RealVNC service

6-1: Here are two working modes of RealVNC:

virtual mode:

This mode allows all non-root users to connect to the server desktop (the desktops between users are independent of each other, and multiple VNC Viewers can use the same user name to connect to the same desktop). When using VNC Viewer to connect, you need to enter the virtual port number 99

x11 mode:

This mode only allows users with root privileges to log in, which is equivalent to mirroring the external monitor of the server. When using VNC Viewer to connect, there is no need to enter the port number (5900 is used by default)
Remarks: The two modes can be run independently or simultaneously

6-2: Start RealVNC in virtual mode and set it to start automatically at boot

# 启动virtual模式的RealVNC
systemctl start vncserver-virtuald.service

# 将其设置为开机自启动
systemctl enable vncserver-virtuald.service

6-3: Start RealVNC in x11 mode, and set it to boot automatically (if you do not need to control the server display, this step can be ignored)

# 启动x11模式下的RealVNC
systemctl start vncserver-x11-serviced.service

# 将其设置为开机自启动
systemctl enable vncserver-x11-serviced.service

Seven, create a remote desktop user

# 新建用户
useradd 用户名

# 修改密码
echo "用户名:用户密码" | chpasswd

备注:
1、RealVNC通过系统用户名及密码进行验证,无需使用vncpasswd程序单独为用户创建密码
2、在Ubuntu系统创建用户时,需要添加-m参数设置用户目录,目录不存在会导致VNC运行出错

Eight, verify the connection

After connecting to the server through VNC Viewer, test the availability of the latest version of VNC Viewer official website through the user name created in the previous step  

9. Centralized management and control

9-1: Enable the policy function to realize unified management and control of all VNC users

# 创建policy.d目录
mkdir /etc/vnc/policy.d

# 创建restrictions文件
echo 'BlockNonPolicyServers=0' > /etc/vnc/policy.d/restrictions

# 创建配置文件
touch /etc/vnc/policy.d/vncserver-x11-virtual

9-2: Setting strategy    official website: parameter description

编辑配置文件 vi /etc/vnc/policy.d/vncserver-x11-virtual 选择性将以下参数添加进去


# 指定VNC窗口标题(支持系统变量)
Desktop=$HOSTNAME:$USER

# 禁止从用户界面停止VNC服务器
DisableClose=1

# 禁止检测更新
EnableAutoUpdateChecks=0

# 禁止用户之间聊天对话
EnableChat=0

# 禁止从用户界面手动更新
EnableManualUpdateChecks=0

# 禁止通过VNC将服务器文件打印到本机打印机
EnableRemotePrinting=0

# 禁止访客登录
GuestAccessEnable=0

# 禁止与服务器互传文件
ShareFiles=0

# 禁止用户从图形界面进行反向连接
DisableAddNewClient=1

# 禁止用户配置VNC的选项菜单
DisableOptions=1

# 禁止与服务器剪切板进行信息交互
SendCutText=0

# X11模式下,禁止在显示器弹出连接确认框
QueryConnect=0

# 禁止非Root用户访问普通用户的VNC配置文件
RootSecurity=1

# 禁用用户体验改进计划(收集运行数据传到VNC官网)
EnableAnalytics=0

10. Routine maintenance

10-1: By default, RealVNC will create a virtual desktop when the user connects, and end the desktop when the user disconnects. If you want the user to keep the desktop state when you log out, you need to modify the configuration file

# 将ConnectToExisting参数写入到配置文件
echo 'ConnectToExisting=1' | tee -a /etc/vnc/config.d/vncserver-virtuald 

# 重启服务以生效
systemctl restart vncserver-virtuald

10-2: The desktop runs for a long time, and the user's misoperation in the UI may cause the desktop to freeze or fail to connect. At this time, the virtual desktop corresponding to the user needs to be killed

# 执行 su - 用户名 切换到用户目录


# 执行ll -t ~/.vnc/命令,会以创建时间的先后顺序显示如下文件:
 
-rw------- 1 vnc vnc 17019 4月  18 11:34 localhost.localdomain:2.log
-rw------- 1 vnc vnc     5 4月  18 11:34 localhost.localdomain:2.pid
drwx------ 2 vnc vnc    58 4月  15 13:54 config.d
-rw------- 1 vnc vnc 18952 4月  15 13:54 localhost.localdomain:3.log
-rw------- 1 vnc vnc 53140 4月  15 13:20 localhost.localdomain:1.log
-rw------- 1 vnc vnc    50 4月  15 12:00 vncchat.xml
-rw------- 1 vnc vnc  2824 4月  15 11:45 private.key

# 根据时间信息找到最新创建的pid文件:localhost.localdomain:2.pid,其中的2就是虚拟桌面号

# 执行命令将其结束:vncserver -kill :2

10-3 : If the server is not connected to the external network and used offline, the corresponding relationship between the host name and the IP address 127.0.0.1 needs to be written into the hosts file, otherwise it will cause the VNC Viewer to connect to the server for about 30 seconds, or the connection error will be reported

echo "127.0.0.1 $HOSTNAME" >> /etc/hosts

10-4 : If RealVNC is built on an Ubuntu server, you need to disable the hibernation function and uninstall the lock screen function for the xfce desktop, otherwise the VNC desktop will be stuck and cannot be operated

# Ubuntu系统禁用休眠
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target

# 卸载xfce桌面的锁屏功能
apt purge xfce4-screensaver

10-5 : If the NIS authentication system is deployed after installing RealVNC, RealVNC may have problems such as login failure/cannot find users, but NIS functions normally, and the server needs to be restarted at this time (guess it is a bug of RealVNC)

10-6 : Upgrade the VNC server

按本文第3步下载并安装最新版VNC Server(无需重复导入授权Key),客户通过VNC Viewer断开与服务器的连接,再重新登录后即可使用新安装的VNC Server

Guess you like

Origin blog.csdn.net/baishikele006/article/details/124192999
Recommended
Ranking
springcloud + nacos - version selection
tensorflow2.1 MNIST handwritten digit recognition dataset
ACWING58. The minimum number of arrays arranged (the offer to prove safety)
What is the station station
Linux Ubuntu installation common services (7) Elasticsearch
LeetCode | 0994. Rotting Oranges rotten oranges [Python]
Close source line removal console Vue
sql tutorial
Egret 2D(6)--collision detection and text
SpringCloud-Introduction to Zuul
Daily
More
2024-07-24(0)
2024-07-23(0)
2024-07-22(0)
2024-07-21(0)
2024-07-20(0)
2024-07-19(0)
2024-07-18(0)
2024-07-17(0)
2024-07-16(0)
2024-07-15(0)

Code World

© 2018 codetd.com