VNC Setup and Connecting

Note

The base VNC port is 5900. Screen numbers are the last two digits of the port number, so screen 1 operates on port 5901 and screen 33 operates on port 5933. Certain clients only accept screen numbers below a certain value (i.e., 50) so when in doubt, use the full port number.

VNC Viewers

There are a wide variety of VNC viewers available, mostly implementing the same features. If you have one you are used to, use that. Otherwise, here are some good options:

Connecting to a VNC Server via SSH Tunneling

The Gemini VMs are only accessible via the SSH port, so in order to connect to a VNC session, you must first set up a secure connection (tunnel) through SSH (unless you are already on the gpinet subnet at the summit as discussed in the next section). The Mac VNC client Chicken does this for you automatically. On Windows you will need an SSH client that supports X11 tunnels, such as Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html). You can also always set up an SSH tunnel from the command line (Linux or Mac Terminal, or Cygwin X-term with openSSH installed on Windows).

The basic process is:

  • From local (viewer) machine, run:

    > ssh -L 590x:localhost:590y user@remotehost -p portnum

    where x is the screen number to be used on your local machine, and y is the screen number of the VNC server. Typically, you will want x = y to avoid confusion. portnum is the SSH port number (22 by default). If port 22 is being used then you can omit the -p flag.

  • On the local machine, start viewer pointing to localhost:x. Make sure to allow other clients to connect.

  • If you do not need to control the server (only see the display) add the -ViewOnly option.

Connecting to the Gemini VNCs from the Observatory

When at the observatory, you must be on the same subnet as the VMs. This is currently available through WIFI network gpinet or from one of the workstations in the instrument lab or control room. Once on one of these networks, the VMs are DNS-resolvable as cpogpi01 through cpogpi03 and use port 22 for SSH so you can set up the tunnel for screen 33 on cpogpi01 as:

> ssh -L 5933:localhost:5933 software@cpogpi01

and then point your vncviewer at localhost:33.

Connecting to the Gemini VNCs from Off Site

Offsite users can connect to Gemini using an SSL VPN account. Once your account has been created, go to https://umbral.gemini.edu and select the computer to which you wish to connect from the list in ‘My Resources’ (you must have Flash and the Java runtime environment (JRE) installed and javascript enabled). This will create an SSL tunnel making the VM accessible via a port on your localhost (for example port 2222). You can now SSH to the remote computer by SSHing to your localhost via the port, i.e.:

> ssh -p 2222 software@localhost

You can therefore set up tunnels for the vnc server as:

> ssh -L 5933:localhost:5933 software@localhost  -p 2222

and then point your vncviewer at localhost:33.

Note

Gemini only permits remote connections with keyless SSH. You will need to supply a public rsa key for all machines you wish to use to connect. If you do not already have a public key, do the following (Linux and Mac OS X or CygWin on Windows):

  • From the command line run:

    > ssh-keygen -t rsa
  • Follow all of the prompts and accept all defaults for file locations

  • Your public key will be placed in your home directory in .ssh/id_rsa.pub.

If using Putty with Windows, see the following for instructions: http://www.ualberta.ca/CNS/RESEARCH/LinuxClusters/pka-putty.html

Note

When using Chicken’s auto-SSH tunneling to connect to the Gemini VNCs from offsite you need to include the SSH port number in the SSH host box as: software@localhost:2222.

Creating Background SSH Tunnels

Often, you will want to create multiple SSH tunnels (up to four for the standard VNC setup), which would result in four terminal windows cluttering up your display. A better option is to start the tunnels in the background:

> ssh ssh -M -S control-socket-file -fnNT -L 590x:localhost:590y user@remotehost -p portnum

where x, y and portnum are as before, and control-socket-file is a path to a writeable local file that will store the ssh session control socket. This command will return you to the prompt on your local machine, with the SSH tunnel running in the background. To check on the connection status, run:

> ssh -S control-socket-file -O check user@remotehost

and to close the connection run:

> ssh -S control-socket-file -O exit user@remotehost

So, for the :33 VNC session from a remote machine, the background tunnel commands would be:

> ssh -M -S $HOME/log/gpivnc33socket -fnNT -p 2222 -L5933:localhost:5933 software@localhost
> ssh -S $HOME/log/gpivnc33socket -fnNT -p 2222 -O check software@localhost
> ssh -S $HOME/log/gpivnc33socket -fnNT -p 2222 -O exit software@localhost

VNC Examples

These are some illustrative examples of using different VNC viewers on various operating systems to connect to the 33 VNC on cpogpi01.

Note

Many users have been experiencing stability issues with Chicken on OS X 10.8+. The built-in screen sharing utility appears to be much more stable, but does not provide middle-click emulation, which is highly useful to working in the VNCs. This can be fixed with a third-party solution. A good one is magicprefs: http://magicprefs.com/. You can use this to emulate a middle click with your gesture of choice (3 finger click is unused by default in 10.9).

Mac OS X Using Built-in Screen Sharing

  • In a terminal run: ssh -L 5933:localhost:5933 sotware@cpogpi01 if you are connecting locally (at Gemini) or ssh -L 5933:localhost:5933 software@localhost -p 2222 if you are connecting remotely via an SSL tunnel. Leave this terminal open connected to the VNC server.

  • Start Screen Sharing by one of the two following methods:
    • In any browser, open a blank tab and type vnc:://localhost:5933 in the address bar and hit enter.
    • In a Finder window, hit Cmd+K (or select Connect To Server from the Finder Go menu), enter vnc::/localhost:5933 in the server address field, and click Connect. Note that this option allows you to save the server address for future use.

Note

Screen Sharing connects with ‘View Only’ unset by default, but you can toggle it on and off by showing the toolbar (from the View menu) and switching between Observe and Control mode.

Mac OS X Using Chicken

  • Start Chicken and select ‘New Connection’ from the ‘Connection’ menu
  • Enter localhost in the ‘Host’ field and 33 in the ‘Display or port’ field (change to 34 for the other server).
  • Leave password field blank
  • Important Check ‘Allow other clients to connect’
  • Check ‘Tunnel over SSH’ and enter software@cpogpi01 in SSH host if you are connecting locally or software@localhost:2222 if you are connecting remotely via an SSL tunnel.
  • Enter the VNC password when prompted
_images/chicken_setup_cpogpi01_local.png

Figure: Chicken connection setup for local connection.

_images/chicken_setup_cpogpi01_remote.png

Figure: Chicken connection setup for remote connection.

Linux (or Mac OS X or CygWin)

  • In a terminal run: ssh -L 5933:localhost:5933 sotware@cpogpi01 if you are connecting locally (at Gemini) or ssh -L 5933:localhost:5933 software@localhost -p 2222 if you are connecting remotely via an SSL tunnel. Leave this terminal open connected to the VNC server.

  • In a new terminal, start the vncviewer:
    • If you have vncviewer installed just run: vncviewer localhost:33
    • If you have vinagre installed run: vinagre. Click ‘Connect’ and enter localhost:33 in the host field.
_images/vinagre_setup.png

Figure: Vinagre connection setup.

Note

You can use this procedure on Windows with Cygwin-X with OpenSSH installed, or on Mac OS X if your vncviewer does not natively support tunneling.

Windows with Putty and TightVNC

  • In Putty, on the Session screen: set up an SSH session to Host cpogpi01 on port 22 if connecting locally or to localhost on port 2222 if connecting remotely via an SSL tunnel.
    _images/putty1_local.png

    Figure: Putty session setup for local connection.

    _images/putty1_remote.png

    Figure: Putty session setup for remote connection.

  • In Putty, in Connection>SSH>Tunnels:
    • Check ‘Local ports accept connections from other hosts’
    • Set Source port to: cpogpi01:5933 if connecting locally and localhost:5933 if connecting remotely via an SSL tunnel.
    • Set Destination to: localhost:5933
    • Click radio buttons ‘Local’ and ‘Auto’
    • Click ‘Add’
    _images/putty2_local.png

    Figure: Putty tunnel setup for local connection.

    _images/putty2_remote.png

    Figure: Putty tunnel setup for remote connection.

  • In Putty, start session by clicking ‘Open’. Enter username (software) when prompted.

  • Start TightVNC, and connect to server localhost::5933 (note the double colon).

_images/tightvnc1.png

Figure: TightVNC connection setup.