vncserver setup on Ubuntu 12.04 and 14.04

This example uses the Free TightVNC server.

sudo apt-get install tightvncserver
nano ~/.vnc/xstartup

and for Ubuntu 14.04,

sudo apt-get install xfce4
sudo apt-get remove xscreensaver xscreensaver-data

Here is an example of a working ~/.vnc/xstartup on Ubuntu 12.04 with TightVNC 1.3.9


#!/bin/sh
gnome-session --session=ubuntu-2d

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop"
x-window-manager

For Ubuntu 14.04, here is the ~/.vnc/xstartup that worked for me:

#!/bin/sh
unset SESSION_MANAGER
startxfce4 &

#[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
#[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
# neither /etc/vnc/xstartup or ~/.Xresources were on my system, so these two lines above do nothing.
xsetroot -solid grey

then I type

chmod +x ~/.vnc/xstartup

You can leave your VNC desktop running — it is not the same as your local desktop. It is a little tricky to use your local desktop reliably–I have done so with X11VNC, but it can be more trouble than it is worth! It’s MUCH easier to startup a new separate desktop session with vncserver or x11vnc

To start/restart VNC server (don’t have to do this often)

vncserver :1 -geometry 1200x800 -depth 24 -localhost

to kill a frozen/undesired desktop: logout, and do:

vncserver -kill :1

To connect, on my laptop I have the Bash script:

#!/bin/bash
ssh -f -L 5901:localhost:5901 user@IPaddress sleep 1;
ssvncviewer -user user localhost::5901

You must be sure that ports 5900-5999 are NOT exposed to outside world–VNC is NOT secure by itself! You must tunnel with SSH. You can see which ports are exposed to outside world by typing:
sudo ufw status
You should see only port 22 and any other ports only if you know what they are for.

You can connect by port forwarding via SSH and using RealVNC, SSVNCviewer, Remmina, etc. etc.

The default XFCE4 desktop may be missing menu icons (you see black squares or red X’s). Try Settings>Appearance
Style: Xfce-4.6
Icons: ubuntu-mono-light
Fonts: turn hinting on if you want

Intel AMT / vPro full remote KVM control without proprietary RealVNC Viewer Plus

Here is how to have full remote KVM control of your PC without the proprietary RealVNC Viewer Plus software.

Note: if you already have PCs in the field without these changes, you can change the settings remotely–but as always, exercise great care, as a wrong checkbox hit can necessitate a field trip to the PC to correct–in my case, it might be thousands of miles and a dog sled ride away!!

  1. Download the free, open-source Intel Open Manageability Toolkit http://opentools.homeip.net/open-manageability to your local (home office) PC and install it on your home office PC
  2. Open the “Manageability Commander Tool” and click File > Add > Add Intel AMT computer and type the IP address and vPro username (typically “admin”) and password (you will have had to have set this up previously)
  3. Click the little plus sign by Network and click on your AMT PC’s name–then in the Connection tab, click Connect. This will take about 5-10 seconds to connect–if UNsuccessful, the button will fall back to saying Connect. If successful, the button will change to say Disconnect.
  4. Go to the Remote Control tab and wait about 10 seconds for the “remote desktop” items to change from “unknown” to the actual state. If Remote Desktop Settings is “Disabled”, click the little box to its right to open a new window. Change the settings to look as follows–note, for Strong Password, it must be exactly 8 characters, including at least one number, one symbol, and one capital letter. (actually that’s a pretty weak password, but it’s Intel’s choice..)
  5. Click OK and then go back to the Connection tab and click Disconnect. Don’t mess around with any of the other settings unless you know exactly what you’re doing and are willing to drive out to the remote PC to fix it if you mess something up!  Close the Manageability Commander program.
  6. Now you should be able to connect using a standard VNC program. You’ll notice I used “localhost” since I SSH into the remote PC first–DO NOT expose this VNC port 5900 to the internet or you are likely to get hacked!

If you use a Windows PC to connect, note that you can use Cygwin at one or both ends to create an SSH server and/or client necessary for secure port forwarding. Please use SSH public key authentication as it is vast orders of magnitude more secure than keyboard passwords.

Intel AMT / vPro KVM: Port forwarding necessary

NOTE: when setting up your remote PC, consider enabling standard VNC (if you’re behind a hardware firewall) that will remove the need for proprietary RealVNC Viewer Plus–all you will need is one of the many free open VNC programs to have full remote control. See:

http://blogs.bu.edu/mhirsch/?p=622

For those installations behind a firewall, here are the ports you need to forward (say, via SSH) to use Intel AMT KVM:
5900
16992 (HTTP remote web UI)
16994 (KVM traffic)
Tested with Intel AMT version 8

If you use TLS, you may need to forward additional ports, such as
16993 (HTTPS remote web UI)

In any case, before making a major system decision, do your homework.

Reference:

http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/DOCS/Implementation%20and%20Reference%20Guide/default.htm?turl=WordDocuments%2Fmanageabilityports.htm

http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/WordDocuments/manageabilityports.htm