HPC/Network Access/Virtual Desktop

From CNM Wiki
Jump to navigation Jump to search

Principle of operation

VNC is a multi-platform graphical remote access mechanism. It is not as common as the X Window System that serves a similiar purpose but is more light-weight on the user side and over the network. If you find that graphical remote use over X11 is too slow, try VNC. It operates as follows:

  • You start a VNC server on a Carbon login node. This is an application process that runs under your user ID in the background and provides a virtual desktop for you.
  • You need to augment your SSH connection to forward an appropriate port.
  • You run a VNC client on your desktop machine and tell it to connect to the forwarded port. This will open the virtual desktop as a window on your actual desktop.
  • You can stop your VNC client and reconnect later.
  • When done, you kill the VNC server process on Carbon.

Operating a virtual desktop session

Start the server

  • Log in to Carbon using ssh as documented.
  • On the Carbon prompt (showing either login5 or login6 as host name), enter:
  • At the first time, you will be asked for a password which will limit access to your virtual desktop session.
Choose and remember a password of good strength, but not your login password. The VNC password storage mechanism is weak; think of it as a door to shut, keeping out unwanted guests.
  • Take note of the display number from the output of the vncserver command:
New 'login5:1 (stern)' desktop is login5:1

Starting applications specified in /home/stern/.vnc/xstartup
Log file is /home/stern/.vnc/login5:1.log
The display number is shown after the : in the virtual desktop address, the last word on the first line. Display numbers by default are chosen automatically.

Forward the server's port

Forward a network port from your machine to the same port on the Carbon login node. How to do that depends on the SSH program you use, and which port to forward depends on the display number.

For Linux and Mac
  • Press <Enter> ~ C (three keys in succession: enter, tilde, capital C). You should get a prompt like this:
  • At the prompt, enter:
-L port:localhost:port
where port = 5900 + display number (from above), for example:
ssh> -L 5901:localhost:5901
Forwarding port.
  • Press <Enter> to regain your regular prompt.
For PuTTY on Windows

Configure your PuTTY Clogin session to apply #Anticipatory port forwarding (see section below). It appears PuTTY does not support adding tunnels on the fly.

Connect with a client

On a Mac
  • Select Connect to Server… from the Finder's menu, or press Command + K.
HPC 2012-10-04 VNC Finder Connect to Server.png
  • Enter the Server Address in the form vnc://localhost:portnum/ and push Connect.
  • You will get a warning that the connection is not encrypted. The impact is fairly low as the unencrypted part of the connection runs merely between two processes on the same host (sshd and vncserver) and does not go out over the network. The main remote connection from your own desktop to clogin will continue to be encrypted over the ssh channel.
  • Enter the VNC password you chose earlier.
HPC 2012-10-04 VNC Screen Sharing warning.pngHPC 2012-10-04 VNC Screen Sharing password.png
Update 2015-07-27 – EL6 Bug
When running vncserver on CentOS 6 and using the builtin Mac Screen Sharing application, the keyboard might "hang".
Background: It appears this is a bug in the TigerVNC package that has replaced the RealVNC package in CentOS-6.
Workaround: download and use the TigerVNC application for Mac and use its VNC viewer instead of Mac's Screen Sharing.
On WIndows
  • Follow your VNC client's documentation.

Use the virtual desktop

  • Your virtual desktop will be running an xterm command line window and the Motif Window Manager. The desktop is deliberately kept simple to reduce overhead and startup times.
HPC 2012-10-04 VNC running.png HPC 2012-10-04 VNC MWM context menu.png
  • You can use the virtual desktop like a regular X11 session. Use the xterm command line to run shell commands or to start graphical applications, such as the Jmol molecular visualization application.
$ echo $DISPLAY
$ module load jmol
$ jmol
  • To open another terminal window, run the command xterm & or right-click and select New Window.

Stop the server

Stop the server when you no longer need the virtual desktop. On a Carbon login node where you started the VNC server, enter:

vncserver -kill :displaynum

All child processes that used the desktop will be killed, and VNC client connections will be severed.


Please practice good housekeeping and do not needlessly leave vncserver processes running. Stale vncserver processes (those that have not been used for days) will be killed.

Avoiding multiple VNC sessions

  • Avoid concurrent VNC sessions on different hosts, or even multiple VNC sessions on the same host.
  • To inspect your current VNC processes, use the command
vncserver -l
Unfortunately, this command shows desktops on only the current node, but you may have a VNC session running on a different login node. To see a list of your current and past connections on all nodes, inspect the VNC log files:
ls -ltr ~/.vnc
This can be a bit of a jumble, as files from old connections will linger even after they were cleanly disconnected. Pay attention to the file dates.

Customizing the virtual desktop

  • Override the size and color depth of the virtual desktop by supplying options to vncserver:
vncserver -geometry 1920x1080 -depth 24
These options will raise your network bandwidth requirements. For more, see
man vncserver

Screen Sharing on the Mac

Screen Sharing, Preferences, Display (macOS 10.14).
Screen Sharing, Preferences, Quality (macOS 10.14).
  • Recent Screen Sharing versions will pass through almost all keyboard input, which effectively disables many regular OS X keyboard shortcuts, in particular those for switching applications and taking screen shots.
  • To switch from Screen Sharing to another application, click on its Dock icon.
  • To take a screen shot, select Save Screen Capture As… from the Connection menu of the Screen Sharing application menu.
  • To take screen shots more easily and use various other control options, choose Show Toolbar from the View menu of the Screen Sharing application menu.

The screen shots were taken under macOS 10.14. Other OS versions will look slightly differently.

HPC 2012-10-04 VNC in Screen Sharing Connection menu.png HPC 2012-10-04 VNC in Screen Sharing View menu.png
HPC 2012-10-04 VNC in Screen Sharing with mouse hovering over toolbar.png

Anticipatory port forwarding

The VNC server allocates its ports and displays from a pool that all users have access to on a particular machine. As a result, display numbers vary as soon as more than one user uses VNC at a given time. The procedure above sets up port forwarding for just the port that your server selected. You can avoid the step of having to manually identify and forward that port by preemptively forwarding a broader range of ports. This is not guaranteed to cover all cases but will be sufficient for most, given the fairly sporadic use of VNC. You must, however, still tell your VNC client application which displaynum (5900 + x) or :port (":x") to connect to.

Port forwarding depends on the SSH client you use.

OpenSSH (Linux, Mac)

1. Edit (or create) your file $HOME/.ssh/config.

2. Locate (or add) the section beginning with

Host clogin

3. Add the following lines.

	LocalForward  5901	localhost:5901
	LocalForward  5902	localhost:5902
	LocalForward  5903	localhost:5903
	LocalForward  5904	localhost:5904
	LocalForward  5905	localhost:5905
	LocalForward  5906	localhost:5906
	LocalForward  5907	localhost:5907
	LocalForward  5908	localhost:5908
	LocalForward  5909	localhost:5909
	LocalForward  5910	localhost:5910

The forwards will be active the next time you connect to clogin.

PuTTY (Windows)

1. Configure PuTTY port forwarding as shown in the context of remote license access. Use the port numbers as shown in the previous section. They should appear in the Forwarded ports section of the Tunnels panel as:

L5901  localhost:5901
L5902  localhost:5902

Again, these forwards will be active the next time you connect to clogin.


  • To reset your VNC password, run:
You can do so at any time, even after vncserver has started and before you reconnect.
  • To see a list of recent VNC servers that you might be running:
ls -ltr ~/.vnc/*.pid
  • Identify and inspect server log files:
ls -ltr ~/.vnc/*.log
cat ~/.vnc/$HOSTNAME:displaynum.log
  • X11-style Copy&Paste requires a 3-button mouse. Diagnose your mouse button mappings using the xev command. Move your mouse into the xev window and click the buttons. Look for events like this:
ButtonPress event, serial 31, synthetic NO, window 0x600001,
    root 0x281, subw 0x600002, time 784185758, (35,33), root:(39,55),
    state 0x0, button 3, same_screen YES
  • You can simply and unceremoniously kill all your vncservers on a given host by using the Unix kill command. For good measure, run it twice, then clean up:
kill `cat ~/.vnc/$HOSTNAME*.pid`
kill `cat ~/.vnc/$HOSTNAME*.pid`
rm ~/.vnc/$HOSTNAME*.pid