1Xvnc(1) Virtual Network Computing Xvnc(1)
2
6 Xvnc - the X VNC server
7
9 Xvnc [options] :display#
10
12 Xvnc is the X VNC (Virtual Network Computing) server. It is based on a
13 standard X server, but it has a "virtual" screen rather than a physical
14 one. X applications display themselves on it as if it were a normal X
15 display, but they can only be accessed via a VNC viewer - see
16 vncviewer(1).
17 So Xvnc is really two servers in one. To the applications it is an X
19 server, and to the remote VNC users it is a VNC server. By convention
20 we have arranged that the VNC server display number will be the same as
21 the X server display number, which means you can use eg. snoopy:2 to
22 refer to display 2 on machine "snoopy" in both the X world and the VNC
23 world.
24 The best way of starting Xvnc is via the vncserver script. This sets
26 up the environment appropriately and runs some X applications to get
27 you going. See the manual page for vncserver(1) for more information.
28
31 Xvnc takes lots of options - running Xvnc -help gives a list. Many of
32 these are standard X server options, which are described in the
33 Xserver(1) manual page. In addition to options which can only be set
34 via the command-line, there are also "parameters" which can be set both
35 via the command-line and through the vncconfig(1) program.
36 -geometry widthxheight
39 Specify the size of the desktop to be created. Default is
40 1024x768.
41 -depth depth
43 Specify the pixel depth in bits of the desktop to be created.
44 Default is 24, other possible values are 8, 15, and 16 - any‐
45 thing else is likely to cause strange behaviour by applications.
46 -pixelformat format
48 Specify pixel format for server to use (BGRnnn or RGBnnn). The
49 default for depth 8 is BGR233 (meaning the most significant two
50 bits represent blue, the next three green, and the least signif‐
51 icant three represent red), the default for depth 16 is RGB565
52 and for depth 24 is RGB888.
53 -interface IP address
55 Listen on interface. By default Xvnc listens on all available
56 interfaces.
57 -inetd This significantly changes Xvnc's behaviour so that it can be
59 launched from inetd. See the section below on usage with inetd.
60 -help List all the options and parameters
62
65 VNC parameters can be set both via the command-line and through the
66 vncconfig(1) program, and with a VNC-enabled Xorg server via Options
67 entries in the xorg.conf file.
68 Parameters can be turned on with -param or off with -param=0. Parame‐
70 ters which take a value can be specified as -param value. Other valid
71 forms are param=value -param=value --param=value. Parameter names are
72 case-insensitive.
73 -desktop desktop-name
76 Each desktop has a name which may be displayed by the viewer. It
77 defaults to "x11".
78 -rfbport port
80 Specifies the TCP port on which Xvnc listens for connections
81 from viewers (the protocol used in VNC is called RFB - "remote
82 framebuffer"). The default is 5900 plus the display number.
83 -UseIPv4
85 Use IPv4 for incoming and outgoing connections. Default is on.
86 -UseIPv6
88 Use IPv6 for incoming and outgoing connections. Default is on.
89 -rfbwait time, -ClientWaitTimeMillis time
91 Time in milliseconds to wait for a viewer which is blocking the
92 server. This is necessary because the server is single-threaded
93 and sometimes blocks until the viewer has finished sending or
94 receiving a message - note that this does not mean an update
95 will be aborted after this time. Default is 20000 (20 seconds).
96 -httpd directory
98 Run a mini-HTTP server which serves files from the given direc‐
99 tory. Normally the directory will contain the classes for the
100 Java viewer. In addition, files with a .vnc extension will have
101 certain substitutions made so that a single installation of the
102 Java VNC viewer can be served by separate instances of Xvnc.
103 -httpPort port
105 Specifies the port on which the mini-HTTP server runs. Default
106 is 5800 plus the display number.
107 -rfbauth passwd-file, -PasswordFile passwd-file
109 Password file for VNC authentication. There is no default, you
110 should specify the password file explicitly. Password file
111 should be created with the vncpasswd(1) utility. The file is
112 accessed each time a connection comes in, so it can be changed
113 on the fly.
114 -AcceptCutText
116 Accept clipboard updates from clients. Default is on.
117 -MaxCutText bytes
119 The maximum size of a clipboard update that will be accepted
120 from a client. Default is 262144.
121 -SendCutText
123 Send clipboard changes to clients. Default is on.
124 -SendPrimary
126 Send the primary selection and cut buffer to the server as well
127 as the clipboard selection. Default is on.
128 -SetPrimary
130 Set the PRIMARY as well as the CLIPBOARD selection. Default is
131 on.
132 -AcceptPointerEvents
134 Accept pointer press and release events from clients. Default is
135 on.
136 -AcceptKeyEvents
138 Accept key press and release events from clients. Default is on.
139 -AcceptSetDesktopSize
141 Accept requests to resize the size of the desktop. Default is
142 on.
143 -DisconnectClients
145 Disconnect existing clients if an incoming connection is non-
146 shared. Default is on. If DisconnectClients is false, then a new
147 non-shared connection will be refused while there is a client
148 active. When combined with NeverShared this means only one
149 client is allowed at a time.
150 -NeverShared
152 Never treat incoming connections as shared, regardless of the
153 client-specified setting. Default is off.
154 -AlwaysShared
156 Always treat incoming connections as shared, regardless of the
157 client-specified setting. Default is off.
158 -Protocol3.3
160 Always use protocol version 3.3 for backwards compatibility with
161 badly-behaved clients. Default is off.
162 -FrameRate fps
164 The maximum number of updates per second sent to each client. If
165 the screen updates any faster then those changes will be aggre‐
166 gated and sent in a single update to the client. Note that this
167 only controls the maximum rate and a client may get a lower rate
168 when resources are limited. Default is 60.
169 -CompareFB mode
171 Perform pixel comparison on framebuffer to reduce unnecessary
172 updates. Can be either 0 (off), 1 (always) or 2 (auto). Default
173 is 2.
174 -ZlibLevel level
176 Zlib compression level for ZRLE encoding (it does not affect
177 Tight encoding). Acceptable values are between 0 and 9.
178 Default is to use the standard compression level provided by the
179 zlib(3) compression library.
180 -ImprovedHextile
182 Use improved compression algorithm for Hextile encoding which
183 achieves better compression ratios by the cost of using slightly
184 more CPU time. Default is on.
185 -SecurityTypes sec-types
187 Specify which security scheme to use for incoming connections.
188 Valid values are a comma separated list of None, VncAuth, Plain,
189 TLSNone, TLSVnc, TLSPlain, X509None, X509Vnc and X509Plain.
190 Default is VncAuth,TLSVnc.
191 -Password password
193 Obfuscated binary encoding of the password which clients must
194 supply to access the server. Using this parameter is insecure,
195 use PasswordFile parameter instead.
196 -PlainUsers user-list
198 A comma separated list of user names that are allowed to authen‐
199 ticate via any of the "Plain" security types (Plain, TLSPlain,
200 etc.). Specify * to allow any user to authenticate using this
201 security type. Default is to deny all users.
202 -pam_service name, -PAMService name
204 PAM service name to use when authentication users using any of
205 the "Plain" security types. Default is vnc.
206 -X509Cert path
208 Path to a X509 certificate in PEM format to be used for all X509
209 based security types (X509None, X509Vnc, etc.).
210 -X509Key path
212 Private key counter part to the certificate given in X509Cert.
213 Must also be in PEM format.
214 -GnuTLSPriority priority
216 GnuTLS priority string that controls the TLS session’s handshake
217 algorithms. See the GnuTLS manual for possible values. Default
218 is NORMAL.
219 -BlacklistThreshold count
221 The number of unauthenticated connection attempts allowed from
222 any individual host before that host is black-listed. Default
223 is 5.
224 -BlacklistTimeout seconds
226 The initial timeout applied when a host is first black-listed.
227 The host cannot re-attempt a connection until the timeout
228 expires. Default is 10.
229 -IdleTimeout seconds
231 The number of seconds after which an idle VNC connection will be
232 dropped. Default is 0, which means that idle connections will
233 never be dropped.
234 -MaxDisconnectionTime seconds
236 Terminate when no client has been connected for N seconds.
237 Default is 0.
238 -MaxConnectionTime seconds
240 Terminate when a client has been connected for N seconds.
241 Default is 0.
242 -MaxIdleTime seconds
244 Terminate after N seconds of user inactivity. Default is 0.
245 -QueryConnect
247 Prompts the user of the desktop to explicitly accept or reject
248 incoming connections. Default is off.
249 The vncconfig(1) program must be running on the desktop in order
251 for QueryConnect to be supported.
252 -QueryConnectTimeout seconds
254 Number of seconds to show the Accept Connection dialog before
255 rejecting the connection. Default is 10.
256 -localhost
258 Only allow connections from the same machine. Useful if you use
259 SSH and want to stop non-SSH connections from any other hosts.
260 -Log logname:dest:level
262 Configures the debug log settings. dest can currently be
263 stderr, stdout or syslog, and level is between 0 and 100, 100
264 meaning most verbose output. logname is usually * meaning all,
265 but you can target a specific source file if you know the name
266 of its "LogWriter". Default is *:stderr:30.
267 -RemapKeys mapping
269 Sets up a keyboard mapping. mapping is a comma-separated string
270 of character mappings, each of the form char->char, or
271 char<>char, where char is a hexadecimal keysym. For example, to
272 exchange the " and @ symbols you would specify the following:
273 RemapKeys=0x22<>0x40
275 -AvoidShiftNumLock
277 Key affected by NumLock often require a fake Shift to be
278 inserted in order for the correct symbol to be generated. Turn‐
279 ing on this option avoids these extra fake Shift events but may
280 result in a slightly different symbol (e.g. a Return instead of
281 a keypad Enter).
282 -AllowOverride
284 Comma separated list of parameters that can be modified using
285 VNC extension. Parameters can be modified for example using
286 vncconfig(1) program from inside a running session.
287 Allowing override of parameters such as PAMService or Password‐
289 File can negatively impact security if Xvnc runs under different
290 user than the programs allowed to override the parameters.
291 When NoClipboard parameter is set, allowing override of SendCut‐
293 Text and AcceptCutText has no effect.
294 Default is desktop,AcceptPointerEvents,SendCutText,AcceptCut‐
296 Text,SendPrimary,SetPrimary.
297
300 By configuring the inetd(1) service appropriately, Xvnc can be launched
301 on demand when a connection comes in, rather than having to be started
302 manually. When given the -inetd option, instead of listening for TCP
303 connections on a given port it uses its standard input and standard
304 output. There are two modes controlled by the wait/nowait entry in the
305 inetd.conf file.
306 In the nowait mode, Xvnc uses its standard input and output directly as
308 the connection to a viewer. It never has a listening socket, so cannot
309 accept further connections from viewers (it can however connect out to
310 listening viewers by use of the vncconfig program). Further viewer
311 connections to the same TCP port result in inetd spawning off a new
312 Xvnc to deal with each connection. When the connection to the viewer
313 dies, the Xvnc and any associated X clients die. This behaviour is
314 most useful when combined with the XDMCP options -query and -once. An
315 typical example in inetd.conf might be (all on one line):
316 5950 stream tcp nowait nobody /usr/local/bin/Xvnc Xvnc -inetd
318 -query localhost -once securitytypes=none
319 In this example a viewer connection to :50 will result in a new Xvnc
321 for that connection which should display the standard XDM login screen
322 on that machine. Because the user needs to login via XDM, it is usu‐
323 ally OK to accept connections without a VNC password in this case.
324 In the wait mode, when the first connection comes in, inetd gives the
326 listening socket to Xvnc. This means that for a given TCP port, there
327 is only ever one Xvnc at a time. Further viewer connections to the
328 same port are accepted by the same Xvnc in the normal way. Even when
329 the original connection is broken, the Xvnc will continue to run. If
330 this is used with the XDMCP options -query and -once, the Xvnc and
331 associated X clients will die when the user logs out of the X session
332 in the normal way. It is important to use a VNC password in this case.
333 A typical entry in inetd.conf might be:
334 5951 stream tcp wait james /usr/local/bin/Xvnc Xvnc -inetd
336 -query localhost -once passwordFile=/home/james/.vnc/passwd
337 In fact typically, you would have one entry for each user who uses VNC
339 regularly, each of whom has their own dedicated TCP port which they
340 use. In this example, when user "james" connects to :51, he enters his
341 VNC password, then gets the XDM login screen where he logs in in the
342 normal way. However, unlike the previous example, if he disconnects,
343 the session remains persistent, and when he reconnects he will get the
344 same session back again. When he logs out of the X session, the Xvnc
345 will die, but of course a new one will be created automatically the
346 next time he connects.
347
350 vncconfig(1), vncpasswd(1), vncserver(1), vncviewer(1), Xserver(1),
351 inetd(1)
352 http://www.tigervnc.org
353
356 Tristan Richardson, RealVNC Ltd. and others.
357 VNC was originally developed by the RealVNC team while at Olivetti
359 Research Ltd / AT&T Laboratories Cambridge. TightVNC additions were
360 implemented by Constantin Kaplinsky. Many other people have since par‐
361 ticipated in development, testing and support. This manual is part of
362 the TigerVNC software suite.
363TigerVNC Xvnc(1)