1X0VNCSERVER(1) TigerVNC Manual X0VNCSERVER(1)
2
6 x0vncserver - TigerVNC Server for X displays
7
9 x0vncserver [options]
10 x0vncserver -version
11
13 x0vncserver is a TigerVNC Server which makes any X display remotely ac‐
14 cessible via VNC, TigerVNC or compatible viewers. Unlike Xvnc(1), it
15 does not create a virtual display. Instead, it just shares an existing
16 X server (typically, that one connected to the physical screen).
17 XDamage will be used if the existing X server supports it. Otherwise
19 x0vncserver will fall back to polling the screen for changes.
20
23 x0vncserver interprets the command line as a list of parameters with
24 optional values. Running x0vncserver -h will show a list of all valid
25 parameters with short descriptions. All parameters are optional, but
26 normally you would have to use the PasswordFile parameter (see its de‐
27 scription below).
28 There are several forms of specifying parameters in the command line
30 (here we use `SomeParameter' as an example parameter name):
31 -SomeParameter
34 Enable the parameter, turn the feature on. This form can be
35 used with parameters that simply enable or disable some feature.
36 -SomeParameter=0
38 Disable the parameter, turn the feature off.
39 -SomeParameter=value
41 Assign the specified value to the parameter. The leading dash
42 can be omitted, or it can be doubled if desired (like in GNU-
43 style long options).
44 Parameter names are case-insensitive, their order in the command line
46 can be arbitrary.
47
50 -desktop desktop-name
51 Each desktop has a name which may be displayed by the viewer. It
52 defaults to "<user>@<hostname>".
53 -display display
55 The X display name. If not specified, it defaults to the value
56 of the DISPLAY environment variable.
57 -rfbport port
59 Specifies the TCP port on which x0vncserver listens for connec‐
60 tions from viewers (the protocol used in VNC is called RFB -
61 "remote framebuffer"). The default port is 5900. Specify -1 to
62 disable listening on a TCP port.
63 -UseIPv4
65 Use IPv4 for incoming and outgoing connections. Default is on.
66 -UseIPv6
68 Use IPv6 for incoming and outgoing connections. Default is on.
69 -rfbunixpath path
71 Specifies the path of a Unix domain socket on which x0vncserver
72 listens for connections from viewers.
73 -rfbunixmode mode
75 Specifies the mode of the Unix domain socket. The default is
76 0600.
77 -Log logname:dest:level
79 Configures the debug log settings. dest can currently be
80 stderr, stdout or syslog, and level is between 0 and 100, 100
81 meaning most verbose output. logname is usually * meaning all,
82 but you can target a specific source file if you know the name
83 of its "LogWriter". Default is *:stderr:30.
84 -HostsFile filename
86 This parameter allows to specify a file name with IP access con‐
87 trol rules. The file should include one rule per line, and the
88 rule format is one of the following: +address/prefix (accept
89 connections from the specified address group), -address/prefix
90 (reject connections) or ?address/prefix (query the local user).
91 The first rule matching the IP address determines the action to
92 be performed. Rules that include only an action sign (+, - or
93 ?) will match any IP address. Prefix is optional and is speci‐
94 fied as a number of bits (e.g. /24). Default is to accept con‐
95 nections from any IP address.
96 -SecurityTypes sec-types
98 Specify which security scheme to use for incoming connections.
99 Valid values are a comma separated list of None, VncAuth, Plain,
100 TLSNone, TLSVnc, TLSPlain, X509None, X509Vnc, X509Plain, RA2,
101 RA2ne, RA2_256 and RA2ne_256. Default is TLSVnc,VncAuth.
102 -rfbauth passwd-file, -PasswordFile passwd-file
104 Password file for VNC authentication. There is no default, you
105 should specify the password file explicitly. Password file
106 should be created with the vncpasswd(1) utility. The file is
107 accessed each time a connection comes in, so it can be changed
108 on the fly.
109 -Password password
111 Obfuscated binary encoding of the password which clients must
112 supply to access the server. Using this parameter is insecure,
113 use PasswordFile parameter instead.
114 -PlainUsers user-list
116 A comma separated list of user names that are allowed to authen‐
117 ticate via any of the "Plain" security types (Plain, TLSPlain,
118 etc.). Specify * to allow any user to authenticate using this
119 security type. Default is to deny all users.
120 -pam_service name, -PAMService name
122 PAM service name to use when authentication users using any of
123 the "Plain" security types. Default is vnc.
124 -X509Cert path
126 Path to a X509 certificate in PEM format to be used for all X509
127 based security types (X509None, X509Vnc, etc.).
128 -X509Key path
130 Private key counter part to the certificate given in X509Cert.
131 Must also be in PEM format.
132 -GnuTLSPriority priority
134 GnuTLS priority string that controls the TLS session’s handshake
135 algorithms. See the GnuTLS manual for possible values. Default
136 is NORMAL.
137 -RSAKey path
139 Path to the RSA key for the RSA-AES security types (RA2, RA2ne,
140 RA2_256 and RA2ne_256) in PEM format.
141 -RequireUsername
143 Require username for the RSA-AES security types. Default is off.
144 -UseBlacklist
146 Temporarily reject connections from a host if it repeatedly
147 fails to authenticate. Default is on.
148 -BlacklistThreshold count
150 The number of unauthenticated connection attempts allowed from
151 any individual host before that host is black-listed. Default
152 is 5.
153 -BlacklistTimeout seconds
155 The initial timeout applied when a host is first black-listed.
156 The host cannot re-attempt a connection until the timeout ex‐
157 pires. Default is 10.
158 -QueryConnect
160 Prompts the user of the desktop to explicitly accept or reject
161 incoming connections. Default is off.
162 -QueryConnectTimeout seconds
164 Number of seconds to show the Accept Connection dialog before
165 rejecting the connection. Default is 10.
166 -localhost
168 Only allow connections from the same machine. Useful if you use
169 SSH and want to stop non-SSH connections from any other hosts.
170 -interface IP address
172 Listen on interface. By default x0vncserver listens on all
173 available interfaces.
174 -AlwaysShared
176 Always treat incoming connections as shared, regardless of the
177 client-specified setting. Default is off.
178 -NeverShared
180 Never treat incoming connections as shared, regardless of the
181 client-specified setting. Default is off.
182 -DisconnectClients
184 Disconnect existing clients if an incoming connection is non-
185 shared. Default is on. If DisconnectClients is false, then a new
186 non-shared connection will be refused while there is a client
187 active. When combined with NeverShared this means only one
188 client is allowed at a time.
189 -AcceptKeyEvents
191 Accept key press and release events from clients. Default is on.
192 -AcceptPointerEvents
194 Accept pointer press and release events from clients. Default is
195 on.
196 -AcceptSetDesktopSize
198 Accept requests to resize the size of the desktop. Default is
199 on.
200 -RemapKeys mapping
202 Sets up a keyboard mapping. mapping is a comma-separated string
203 of character mappings, each of the form char->char, or
204 char<>char, where char is a hexadecimal keysym. For example, to
205 exchange the " and @ symbols you would specify the following:
206 RemapKeys=0x22<>0x40
208 -RawKeyboard
210 Send keyboard events straight through and avoid mapping them to
211 the current keyboard layout. This effectively makes the keyboard
212 behave according to the layout configured on the server instead
213 of the layout configured on the client. Default is off.
214 -Protocol3.3
216 Always use protocol version 3.3 for backwards compatibility with
217 badly-behaved clients. Default is off.
218 -Geometry geometry
220 This option specifies the screen area that will be shown to VNC
221 clients. The format is widthxheight+xoffset+yoffset , where `+'
222 signs can be replaced with `-' signs to specify offsets from the
223 right and/or from the bottom of the screen. Offsets are op‐
224 tional, +0+0 is assumed by default (top left corner). If the
225 argument is empty, full screen is shown to VNC clients (this is
226 the default).
227 -MaxProcessorUsage percent
229 Maximum percentage of CPU time to be consumed when polling the
230 screen. Default is 35.
231 -PollingCycle milliseconds
233 Milliseconds per one polling cycle. Actual interval may be dy‐
234 namically adjusted to satisfy MaxProcessorUsage setting. De‐
235 fault is 30.
236 -FrameRate fps
238 The maximum number of updates per second sent to each client. If
239 the screen updates any faster then those changes will be aggre‐
240 gated and sent in a single update to the client. Note that this
241 only controls the maximum rate and a client may get a lower rate
242 when resources are limited. Default is 60.
243 -CompareFB mode
245 Perform pixel comparison on framebuffer to reduce unnecessary
246 updates. Can be either 0 (off), 1 (always) or 2 (auto). Default
247 is 2.
248 -UseSHM
250 Use MIT-SHM extension if available. Using that extension accel‐
251 erates reading the screen. Default is on.
252 -ZlibLevel level
254 Zlib compression level for ZRLE encoding (it does not affect
255 Tight encoding). Acceptable values are between 0 and 9. De‐
256 fault is to use the standard compression level provided by the
257 zlib(3) compression library.
258 -ImprovedHextile
260 Use improved compression algorithm for Hextile encoding which
261 achieves better compression ratios by the cost of using slightly
262 more CPU time. Default is on.
263 -IdleTimeout seconds
265 The number of seconds after which an idle VNC connection will be
266 dropped. Default is 0, which means that idle connections will
267 never be dropped.
268 -MaxDisconnectionTime seconds
270 Terminate when no client has been connected for N seconds. De‐
271 fault is 0.
272 -MaxConnectionTime seconds
274 Terminate when a client has been connected for N seconds. De‐
275 fault is 0.
276 -MaxIdleTime seconds
278 Terminate after N seconds of user inactivity. Default is 0.
279
282 Xvnc(1), vncpasswd(1),
283 https://www.tigervnc.org/
284
287 Constantin Kaplinsky and others.
288 VNC was originally developed by the RealVNC team while at Olivetti Re‐
290 search Ltd / AT&T Laboratories Cambridge. TightVNC additions were im‐
291 plemented by Constantin Kaplinsky. Many other people have since partic‐
292 ipated in development, testing and support. This manual is part of the
293 TigerVNC software suite.
294TigerVNC X0VNCSERVER(1)