1Xvnc(1) Virtual Network Computing Xvnc(1)
2
3
4
6 Xvnc - the X VNC server
7
9 Xvnc [options] :display#
10
12 Xvnc is the X VNC (Virtual Network Computing) server. It is based on a
13 standard X server, but it has a "virtual" screen rather than a physical
14 one. X applications display themselves on it as if it were a normal X
15 display, but they can only be accessed via a VNC viewer - see
16 vncviewer(1).
17
18 So Xvnc is really two servers in one. To the applications it is an X
19 server, and to the remote VNC users it is a VNC server. By convention
20 we have arranged that the VNC server display number will be the same as
21 the X server display number, which means you can use eg. snoopy:2 to
22 refer to display 2 on machine "snoopy" in both the X world and the VNC
23 world.
24
25 The best way of starting Xvnc is via vncsession. This sets up the
26 environment appropriately and starts a desktop environment. See the
27 manual page for vncsession(8) for more information.
28
29
31 Xvnc takes lots of options - running Xvnc -help gives a list. Many of
32 these are standard X server options, which are described in the
33 Xserver(1) manual page. In addition to options which can only be set
34 via the command-line, there are also "parameters" which can be set both
35 via the command-line and through the vncconfig(1) program.
36
37
38 -geometry widthxheight
39 Specify the size of the desktop to be created. Default is
40 1024x768.
41
42 -depth depth
43 Specify the pixel depth in bits of the desktop to be created.
44 Default is 24, other possible values are 16 and 32. Anything
45 else is likely to cause strange behaviour by applications and
46 may prevent the server from starting at all.
47
48 -pixelformat format
49 Specify pixel format for server to use (BGRnnn or RGBnnn). The
50 default for depth 16 is RGB565 and for depth 24 and 32 is
51 RGB888.
52
53 -interface IP address
54 Listen on interface. By default Xvnc listens on all available
55 interfaces.
56
57 -inetd This significantly changes Xvnc's behaviour so that it can be
58 launched from inetd. See the section below on usage with inetd.
59
60 -help List all the options and parameters
61
62
64 VNC parameters can be set both via the command-line and through the
65 vncconfig(1) program, and with a VNC-enabled Xorg server via Options
66 entries in the xorg.conf file.
67
68 Parameters can be turned on with -param or off with -param=0. Parame‐
69 ters which take a value can be specified as -param value. Other valid
70 forms are param=value -param=value --param=value. Parameter names are
71 case-insensitive.
72
73
74 -desktop desktop-name
75 Each desktop has a name which may be displayed by the viewer. It
76 defaults to "x11".
77
78 -rfbport port
79 Specifies the TCP port on which Xvnc listens for connections
80 from viewers (the protocol used in VNC is called RFB - "remote
81 framebuffer"). The default is 5900 plus the display number.
82
83 -UseIPv4
84 Use IPv4 for incoming and outgoing connections. Default is on.
85
86 -UseIPv6
87 Use IPv6 for incoming and outgoing connections. Default is on.
88
89 -rfbunixpath path
90 Specifies the path of a Unix domain socket on which Xvnc listens
91 for connections from viewers, instead of listening on a TCP
92 port.
93
94 -rfbunixmode mode
95 Specifies the mode of the Unix domain socket. The default is
96 0600.
97
98 -rfbwait time, -ClientWaitTimeMillis time
99 Time in milliseconds to wait for a viewer which is blocking the
100 server. This is necessary because the server is single-threaded
101 and sometimes blocks until the viewer has finished sending or
102 receiving a message - note that this does not mean an update
103 will be aborted after this time. Default is 20000 (20 seconds).
104
105 -rfbauth passwd-file, -PasswordFile passwd-file
106 Password file for VNC authentication. There is no default, you
107 should specify the password file explicitly. Password file
108 should be created with the vncpasswd(1) utility. The file is
109 accessed each time a connection comes in, so it can be changed
110 on the fly.
111
112 -AcceptCutText
113 Accept clipboard updates from clients. Default is on.
114
115 -MaxCutText bytes
116 The maximum size of a clipboard update that will be accepted
117 from a client. Default is 262144.
118
119 -SendCutText
120 Send clipboard changes to clients. Default is on.
121
122 -SendPrimary
123 Send the primary selection and cut buffer to the server as well
124 as the clipboard selection. Default is on.
125
126 -AcceptPointerEvents
127 Accept pointer press and release events from clients. Default is
128 on.
129
130 -AcceptKeyEvents
131 Accept key press and release events from clients. Default is on.
132
133 -AcceptSetDesktopSize
134 Accept requests to resize the size of the desktop. Default is
135 on.
136
137 -DisconnectClients
138 Disconnect existing clients if an incoming connection is non-
139 shared. Default is on. If DisconnectClients is false, then a new
140 non-shared connection will be refused while there is a client
141 active. When combined with NeverShared this means only one
142 client is allowed at a time.
143
144 -NeverShared
145 Never treat incoming connections as shared, regardless of the
146 client-specified setting. Default is off.
147
148 -AlwaysShared
149 Always treat incoming connections as shared, regardless of the
150 client-specified setting. Default is off.
151
152 -Protocol3.3
153 Always use protocol version 3.3 for backwards compatibility with
154 badly-behaved clients. Default is off.
155
156 -FrameRate fps
157 The maximum number of updates per second sent to each client. If
158 the screen updates any faster then those changes will be aggre‐
159 gated and sent in a single update to the client. Note that this
160 only controls the maximum rate and a client may get a lower rate
161 when resources are limited. Default is 60.
162
163 -CompareFB mode
164 Perform pixel comparison on framebuffer to reduce unnecessary
165 updates. Can be either 0 (off), 1 (always) or 2 (auto). Default
166 is 2.
167
168 -ZlibLevel level
169 Zlib compression level for ZRLE encoding (it does not affect
170 Tight encoding). Acceptable values are between 0 and 9.
171 Default is to use the standard compression level provided by the
172 zlib(3) compression library.
173
174 -ImprovedHextile
175 Use improved compression algorithm for Hextile encoding which
176 achieves better compression ratios by the cost of using slightly
177 more CPU time. Default is on.
178
179 -SecurityTypes sec-types
180 Specify which security scheme to use for incoming connections.
181 Valid values are a comma separated list of None, VncAuth, Plain,
182 TLSNone, TLSVnc, TLSPlain, X509None, X509Vnc and X509Plain.
183 Default is VncAuth,TLSVnc.
184
185 -Password password
186 Obfuscated binary encoding of the password which clients must
187 supply to access the server. Using this parameter is insecure,
188 use PasswordFile parameter instead.
189
190 -PlainUsers user-list
191 A comma separated list of user names that are allowed to authen‐
192 ticate via any of the "Plain" security types (Plain, TLSPlain,
193 etc.). Specify * to allow any user to authenticate using this
194 security type. Default is to deny all users.
195
196 -pam_service name, -PAMService name
197 PAM service name to use when authentication users using any of
198 the "Plain" security types. Default is vnc.
199
200 -X509Cert path
201 Path to a X509 certificate in PEM format to be used for all X509
202 based security types (X509None, X509Vnc, etc.).
203
204 -X509Key path
205 Private key counter part to the certificate given in X509Cert.
206 Must also be in PEM format.
207
208 -GnuTLSPriority priority
209 GnuTLS priority string that controls the TLS session’s handshake
210 algorithms. See the GnuTLS manual for possible values. Default
211 is NORMAL.
212
213 -UseBlacklist
214 Temporarily reject connections from a host if it repeatedly
215 fails to authenticate. Default is on.
216
217 -BlacklistThreshold count
218 The number of unauthenticated connection attempts allowed from
219 any individual host before that host is black-listed. Default
220 is 5.
221
222 -BlacklistTimeout seconds
223 The initial timeout applied when a host is first black-listed.
224 The host cannot re-attempt a connection until the timeout
225 expires. Default is 10.
226
227 -IdleTimeout seconds
228 The number of seconds after which an idle VNC connection will be
229 dropped. Default is 0, which means that idle connections will
230 never be dropped.
231
232 -MaxDisconnectionTime seconds
233 Terminate when no client has been connected for N seconds.
234 Default is 0.
235
236 -MaxConnectionTime seconds
237 Terminate when a client has been connected for N seconds.
238 Default is 0.
239
240 -MaxIdleTime seconds
241 Terminate after N seconds of user inactivity. Default is 0.
242
243 -QueryConnect
244 Prompts the user of the desktop to explicitly accept or reject
245 incoming connections. Default is off.
246
247 The vncconfig(1) program must be running on the desktop in order
248 for QueryConnect to be supported.
249
250 -QueryConnectTimeout seconds
251 Number of seconds to show the Accept Connection dialog before
252 rejecting the connection. Default is 10.
253
254 -localhost
255 Only allow connections from the same machine. Useful if you use
256 SSH and want to stop non-SSH connections from any other hosts.
257
258 -Log logname:dest:level
259 Configures the debug log settings. dest can currently be
260 stderr, stdout or syslog, and level is between 0 and 100, 100
261 meaning most verbose output. logname is usually * meaning all,
262 but you can target a specific source file if you know the name
263 of its "LogWriter". Default is *:stderr:30.
264
265 -RemapKeys mapping
266 Sets up a keyboard mapping. mapping is a comma-separated string
267 of character mappings, each of the form char->char, or
268 char<>char, where char is a hexadecimal keysym. For example, to
269 exchange the " and @ symbols you would specify the following:
270
271 RemapKeys=0x22<>0x40
272
273 -AvoidShiftNumLock
274 Key affected by NumLock often require a fake Shift to be
275 inserted in order for the correct symbol to be generated. Turn‐
276 ing on this option avoids these extra fake Shift events but may
277 result in a slightly different symbol (e.g. a Return instead of
278 a keypad Enter).
279
280 -RawKeyboard
281 Send keyboard events straight through and avoid mapping them to
282 the current keyboard layout. This effectively makes the keyboard
283 behave according to the layout configured on the server instead
284 of the layout configured on the client. Default is off.
285
286 -AllowOverride
287 Comma separated list of parameters that can be modified using
288 VNC extension. Parameters can be modified for example using
289 vncconfig(1) program from inside a running session.
290
291 Allowing override of parameters such as PAMService or Password‐
292 File can negatively impact security if Xvnc runs under different
293 user than the programs allowed to override the parameters.
294
295 When NoClipboard parameter is set, allowing override of SendCut‐
296 Text and AcceptCutText has no effect.
297
298 Default is desktop,AcceptPointerEvents,SendCutText,AcceptCut‐
299 Text,SendPrimary,SetPrimary.
300
301
303 By configuring the inetd(1) service appropriately, Xvnc can be launched
304 on demand when a connection comes in, rather than having to be started
305 manually. When given the -inetd option, instead of listening for TCP
306 connections on a given port it uses its standard input and standard
307 output. There are two modes controlled by the wait/nowait entry in the
308 inetd.conf file.
309
310 In the nowait mode, Xvnc uses its standard input and output directly as
311 the connection to a viewer. It never has a listening socket, so cannot
312 accept further connections from viewers (it can however connect out to
313 listening viewers by use of the vncconfig program). Further viewer
314 connections to the same TCP port result in inetd spawning off a new
315 Xvnc to deal with each connection. When the connection to the viewer
316 dies, the Xvnc and any associated X clients die. This behaviour is
317 most useful when combined with the XDMCP options -query and -once. An
318 typical example in inetd.conf might be (all on one line):
319
320 5950 stream tcp nowait nobody /usr/local/bin/Xvnc Xvnc -inetd
321 -query localhost -once securitytypes=none
322
323 In this example a viewer connection to :50 will result in a new Xvnc
324 for that connection which should display the standard XDM login screen
325 on that machine. Because the user needs to login via XDM, it is usu‐
326 ally OK to accept connections without a VNC password in this case.
327
328 In the wait mode, when the first connection comes in, inetd gives the
329 listening socket to Xvnc. This means that for a given TCP port, there
330 is only ever one Xvnc at a time. Further viewer connections to the
331 same port are accepted by the same Xvnc in the normal way. Even when
332 the original connection is broken, the Xvnc will continue to run. If
333 this is used with the XDMCP options -query and -once, the Xvnc and
334 associated X clients will die when the user logs out of the X session
335 in the normal way. It is important to use a VNC password in this case.
336 A typical entry in inetd.conf might be:
337
338 5951 stream tcp wait james /usr/local/bin/Xvnc Xvnc -inetd
339 -query localhost -once passwordFile=/home/james/.vnc/passwd
340
341 In fact typically, you would have one entry for each user who uses VNC
342 regularly, each of whom has their own dedicated TCP port which they
343 use. In this example, when user "james" connects to :51, he enters his
344 VNC password, then gets the XDM login screen where he logs in in the
345 normal way. However, unlike the previous example, if he disconnects,
346 the session remains persistent, and when he reconnects he will get the
347 same session back again. When he logs out of the X session, the Xvnc
348 will die, but of course a new one will be created automatically the
349 next time he connects.
350
351
353 vncconfig(1), vncpasswd(1), vncviewer(1), vncsession(8), Xserver(1),
354 inetd(1)
355 https://www.tigervnc.org
356
357
359 Tristan Richardson, RealVNC Ltd. and others.
360
361 VNC was originally developed by the RealVNC team while at Olivetti
362 Research Ltd / AT&T Laboratories Cambridge. TightVNC additions were
363 implemented by Constantin Kaplinsky. Many other people have since par‐
364 ticipated in development, testing and support. This manual is part of
365 the TigerVNC software suite.
366
367
368
369TigerVNC Xvnc(1)