How do I run GUI apps remotely with VNC?
Virtual Network Computing (VNC) allows you to use GUI applications over a remote connection. If you only have one application to run, consider using X11 forwarding, instead.
Initial VNC Server Configuration
Before using VNC on SEAS servers for the first time, you must configure an initial VNC password. Connect to eniac.seas.upenn.edu using ssh.
Penn VPN software is required for all SSH connections from networks that are outside of PennNet.
Before connecting to a machine on PennNet via SSH from an external network, you must install and run the University Client VPN software:
Windows users will need a VNC client and a capable SSH application like Putty or MobaXterm (which also includes VNC and tools for creating SSH tunnels). Adapt the instructions below as needed for your environment.
On Linux or MacOS, open a terminal and type:
In your session on ENIAC, type this command:
Please set a strong password that is not the same as your PennKey password. Your session should look something like this (but with the actual account name and display number):
$ vncpasswd Password: Verify: Would you like to enter a view-only password (y/n)? n $ exit logout Connection to eniac.seas.upenn.edu closed.
VNC is now configured for your SEAS account on any SEAS machine that mounts your home directory (ENIAC, Biglab, Speclab, and other linux machines managed by CETS). You can reset your VNC password at any time by repeating these steps.
Start the VNC Server on the Remote Machine
Now that you have configured VNC for your SEAS account, start vncserver on
the desired machine by running the command remotely with ssh, which will return
you to your local terminal. The
-autokill option will ensure that
vncserver closes when you log out of your remote desktop session.
To start the VNC server on Eniac:
ssh eniac.seas.upenn.edu vncserver -autokill
To start the VNC server on Biglab:
ssh biglab.seas.upenn.edu vncserver -autokill
To start the VNC server on Speclab:
ssh speclab.seas.upenn.edu vncserver -autokill
Your session should look something like this (but with the actual hostname, account name and display number):
$ ssh biglab.seas.upenn.edu vncserver -autokill New 'big03:5 (bfranklin)' desktop is big03:5 Starting applications specified in /home1/b/bfranklin/.vnc/xstartup Log file is /home1/b/bfranklin/.vnc/big03:5.log
This shows the actual hostname (important for Biglab and Speclab)
and the display number, which you will use for your connection in the following
steps. The display number is added to 5900 to get the actual port. In this
example, the display number is 5, so vncserver is now listening on port 5905 of
Create SSH Tunnel
Direct connections to the VNC server are blocked by the SEAS firewall, so it is necessary to tunnel VNC over SSH for a secure connection. Using the example above, run this command on your local machine (the computer you're connecting from):
ssh -L 5905:localhost:5905 -N -f big03.seas.upenn.edu
This creates a secure persistent connection between your computer and the remote computer.
Connect VNC Client
Now you can connect to the already running instance of VNC that you started on the server by using the local side of the SSH tunnel you created:
Or, on MacOS, use the native VNC client (which may result in a suboptimal experience):
When prompted, provide the password you set in your initial VNC configuration. A new window will appear, allowing you to run GUI programs on the remote machine.
End VNC Session
When are you are finished, log out of the remote desktop. If you started
vncserver with the
-autokill option, it should stop running on the
remote machine. Otherwise, run this command in your local terminal to shut down
vncserver (using the hostname and display number from your actual session):
ssh big03.seas.upenn.edu "vncserver -kill :5"
You can verify that you haven't left vncserver running with this command:
ssh big03.seas.upenn.edu "vncserver -list"
Close SSH Tunnel
The SSH tunnel will remain in place until it is reset or closed. To manually close the tunnel, first find its pid number using this command on your local machine:
ps -e -o pid,user,command | grep :localhost:
Here is an example of the output:
$ ps -e -o pid,user,command | grep :localhost: 12214 bfranklin ssh -L 5905:localhost:5905 -N -f big03.seas.upenn.edu 12307 bfranklin grep :localhost:
To close the SSH tunnel, kill the process using the pid number discovered in the previous step: