X

Best Practices from Oracle Development's A‑Team

Using VNC securely in the Oracle Cloud

Roland Koenn
Consulting Solution Architect

Introduction

Having access to a VM in the Cloud via VNC can be very useful in many situations – e.g. most customers want to install software using GUI based installer, e.g. Oracle Database etc. Using VNC the installation can continue, even without being connected. The easiest way to achieve this with a reliable and secure mechanism is to use VNC via a SSH Tunnel. In this example a simple Oracle Compute Cloud VM is used to configure a Gnome Desktop & VNC Server. It has been created as shown in the tutorial here. Most other VMs in the Oracle Cloud that run Oracle Linux can be configured in the same way, e.g. DBaaS VMs.

This tutorial is for Oracle Cloud Infrastructure - Classic. For Oracle Cloud Infrastructure please visit: https://cloud.oracle.com/iaas/whitepapers/run_graphical_apps_securely_on_oci.pdf

 

vnc

Configure SSH Tunnel

The SSH Tunnel is established using the Putty Tool – alternatives will be discussed later in this tutorial. Use the public IP address of the created VM and give it the session a name.

image2

Next expand the session tree on the left hand side and select the category “Data” in the “Connection” branch. Per default Oracle Cloud VMs are configured with the user opc. For easier login enter “opc” in the Auto-login username field.

image3

Expand the “SSH” branch and select “Tunnels”. Here enter 5901 as source port and the Public IP of the VM in the format 1.1.1.1:5901. Here 5901 is the destination port. Click add.
All VNC traffic is routed through this SSH tunnel on Port 22, hence no additional port needs to be opened via Security Lists. See this MOS Note should you want to use iptables Doc ID 2102424.1.

image4

Next navigate to “Auth” in the “SSH” branch and point to the private key that has the authentication information as provided during the provisioning of the VM. See this tutorial, if you are unsure which key to use: SSH Keys

image5

Finally navigate back to the “Session” category. Press the “Save” Button and then press “Open” to establish the connection.

image6

Configure VNC Server

If everything is configured correctly you will be greeted by the usual prompt.

image7

Install the GNOME desktop via yum. To achieve this switch to the root user and then use the groupinstall function for Oracle Linux 6:

sudo su -
yum -y groupinstall "Desktop"

For Oracle Linux 7 use:

sudo su - yum groups install "Server with GUI" --skip-broken

If you have issue with yum – follow this simple tutorial. If you have problems try to disable or remove all existing yum repositories by running:

rm -rf /etc/yum.repos.d/* yum clean all

Then rerun the steps in the tutorial.

image8

Alternatively KDE desktop can be installed on OL6 using:

yum -y groupinstall kde-desktop

image9

Make sure that there are no errors and look for the “Complete!” message once everything is installed.

image10

Install additional tools to help with your activities, like a browser (here Firefox) or even an Office Suite. Make sure to install the mesa-libGL package to avoid a number of known issues. Most importantly install “tigervnc-server” to allow access to the desktop.

yum -y install tigervnc-server
yum -y install firefox
yum -y install mesa-libGL
yum -y groupinstall "General Purpose Desktop"

image11

After all packages are installed simply issue:

vncserver

This will start the VNC server with the default settings, e.g. port 5901 for display :1 etc. These settings can be changed in the configuration file: /home/opc/.vnc/xstartup.

Should you want to use iptables for a direct connection to the VM later, also run:

iptables -I INPUT -m state --state NEW -p tcp --destination-port 5901 -j ACCEPT 

Connect to the VNC Server

Next start your local VNC viewer on your local client. The SSH tunnel redirects the VNC output of your VM to your localhost on port 5901. Hence enter localhost:5901 in the VNC Server field and press “Connect”.

image13

The first time you connect you will be issued a warning, that the connection is not encrypted. As we are using a SSH tunnel to encrypt the traffic this warning can be ignored.

image14

Enter the password you have selected for the VNC Server.

image15

This will connect you to the Desktop. This Desktop will be active, even if you disconnect the Putty Session – this allows to resume work comfortably.

image16

To stop the VNC Server simply connect via putty or open a terminal and enter:

vncserver –kill :1

If you prefer to have a different resolution simply start the vncserver using the geometry flag and the prefered resolution.

vncserver –kill :1
vncserver -geometry 1600x1200 

Note that the Desktop has a timeout, after which the screen locks and you have to authenticate via password, to set the password run:

sudo passwd opc

 

Further Reading

Configure tigervnc-server on Oracle Linux 7 (Doc ID 2102424.1)

Access VNC Server Through A Web Browser (Doc ID 1555696.1)

 
                                         
  
                    
          
        
              
       

                                
                                                                

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha