VNC and TCM

For remote command-line access to TCM, using ssh is surely the answer. The main caveat is that, if using someone else's computer, be wary of the possibility of it being compromised by key-sniffers which could record your password.

For graphical applications, there are two reasonable ways of displaying remotely X applications running on a TCM computer. The first is simply to use ssh. Provided that the computer ssh is running on itself supports X, that, or maybe typing "ssh -Y" should suffice, and graphical applications should simply work. Depending on the relative speeds of the network and the computers at each end, enabling compression, "-YC", might or might not improve performance.

The second is to use VNC. This requires a VNC client on the computer being used as a terminal, but does not require that it supports X11. The manner in which is works is very different. With ssh, X traffic is sent, encrypted, back to the computer being used as a terminal and on which the X server is run, and then windows pop up controlled by that X server, and alongside windows from applications running locally on that terminal.

With VNC a virtual X server, with no physical display attached, runs on the remote machine. This server is expected to contain a full X session complete with one's choice of window manager etc. - a complete desktop rather than just a single application. The VNC client connects to this remote virtual X server via the VNC protocol, and displays in a single window what a physical display connected to that server would have been expected to display.

Whilst ssh is generally simpler to set up, for some applications VNC has a significant performance advantage. From TCM's perspective it has two big disadvantages. Its protocol is completely unencrypted, and, by design, the remote session is very persistent, and clients can connect and disconnect at will. This is bad for us, for it leads to many forgotten sessions hanging around causing much confusion.

So this page describes one way of setting up VNC so that traffic is encrypted, and so that once the client viewer disconnects, the session is terminated. It should work with both MacOS and Linux clients. Windows is trickier, as it does not run bash scripts by default.

The Complication

Somehow we need to start a VNC server on the remote computer with sensible options and running a sensible default session, set up an ssh tunnel back to the local computer, and start a VNC viewer looking down the local end of this ssh tunnel. We need the ssh tunnel as VNC sends all traffic unencrypted, taking the view that its job is to get the graphics correct, and some third party application should worry about security. In theory one could do all of this by hand. In practice this is what scripts are made for.

TCM is Special

In very many ways. But, in this case, because the Xvnc command to start a VNC server has some unusual defaults. Those who really know what they are doing can doubtless find the underlying command and ignore TCM's wrapper script. The wrapper is designed to be compatible with our recommended client script, rvnc.

The Full Recipe

To be done once only:

• Ensure the client computer has a VNC viewer installed. (On Linux TigerVNC seems to be a good choice, and the package may be called tigervnc-viewer.)
• Ensure the client computer has a copy of TCM's rvnc script.
• Edit the first few lines of the above script to set your preferred VNC viewer and your preferred resolution.
• In TCM, type vncpasswd. Use a password of between six and eight characters. Note that this password does not need to be particularly secure, and will be stored insecurely. Do Not use your TCM password.

To be done every time you wish to connect:

• Type rvnc [email protected], adjusting userid and machine name to taste.
• Type your TCM password in response to the prompt.
• Type your VNC password (set above) in response to the prompt which follows about 2 seconds later

That's it.

Mac VNC viewers

MacOS has a built-in VNC viewer, which it calls screen sharing. I do not at all recommend it, for it seems to work poorly with standard VNC systems, and, by default, simply will not connect at all over an ssh tunnel. To cure this last problem one needs to type, once, as root:

defaults write com.apple.ScreenSharing skipLocalAddressCheck -boolean YES

However, I believe Mac users are much better trying the oddly-named chicken VNC client, or the commercial but free RealVNC client.

As X is almost unusable without a middle mouse button, as pasting becomes impossible, MacBook users will wish to attach an external mouse.

Problems

ALT does not work in Emacs

Use ESC followed by the key which would have been pressed with ALT.

ESC is absent from my keyboard

Use CTRL-[

Where are errors likely to be logged?

On the remote machine, in ${HOME}/.vnc/${DISPLAY}.log.

It's all fuzzy

Oh dear. If it looks like an over-compressed JPEG, it probably is. This is a quality setting problem on the client viewer. The client will have an option for turning this compression algorithm off.