Always neglect vnc before because ssh is safe and enough.
Today with nothing to do, tried vnc.
Yum install vnc server and client.
Try the default vncviewer from the menu bar. After input the server address, get complain “conncetion refused (111)”. Google for a while. Find the trick.
Edit /etc/sysconfig/vncservers, uncommet the line two lines and change the display number and myusername to the desired.
Depending on how many user or which user you put into file /etc/sysconfig/vncservers, you need to su to corresponding user shell and run vncserver, which for the first time will then ask you for the password. Otherwise, just run vncpasswd and set up the password for each server.
Restart the vncserver service. Run vncviewer and enter the site name with the display number you set in the vncservers file like: 123.45.67.89:1 or localhost:1 for local machine. Here is the problem for fedora, you won’t be able to connect to the server from remote site or machine. Actually you should stop the iptables service and no complains. You can modify the iptables policy but I don’t know how to. Since my server now is behind the router, i think it’s safe enough. Sure, in order to be safer, use ssh tunnel, which I haven’t tried.
Now is another problem, the default graphic interface vncserver supplies is twm. You need to modify the .vnc/xstartup in the corresponding home directory. Just follow the hint at the top and uncomment two lines following it and comment the bottom two lines. Now with vncviewer you got gnome-session or startkde 🙂
Another strange thing is depending on how you start the vncserver the different panel behaviors present. For instance, starting vncserver by tickling the vncserver option in service manager will give the remote machine full panel but for the local machine only default menu there. All the applets you added onto the default panel will not be shown on the local machine but on the remote one. On the contrary, if you let the vncserver start from your .bashrc file (by adding one line like: sudo service vncserver start &), you get the reversed situation. Haven’t figure it out. Temporarily prefer the latter choice.
For the above approach without ssh tunnel, you need forward 590x port from wan to lan. Wa! Now I found by using ssh tunneling, everything gets simple. Just by forwarding ssh port, usually 22, for your router and start sshd service on the host, now you don’t need to worry about forwarding 590x ports and stop the iptables service. By setting up, for example, Putty, everything detours through port 22 and becomes much securer than direct vncviewer. Finally done with it! Great 🙂