Re: [AMMRL] AlmaLinux 9 VNC connectivity from Asta, Joseph via groups.io on 2025-09-17 (Email Archives for September, 2025)

From: Asta, Joseph via groups.io <joseph.asta=merck.com_at_groups.io>
Date: Wed, 17 Sep 2025 18:16:55 +0000

Dear AMMRL,

It seems that the problem with running VNC server as a system process on Alma
Linux 9 is related to the ownership of the login screen. I have not found a
way to allow system users to have permission to remotely view the login screen
on VNC. With previous versions of RedHat based Linux distributions, like CentOS 7,
the permission to have access to the login screen was handled by guessing the
authorization. The CentOS VNC start-up configuration used the expression “-auth guess.”
This does not work with Alma 9.

I have developed a way to have VNC start up during the system boot by avoiding
the login screen. The start up and configuration command for x11vnc is placed
inside of nmrsu’s .bash_profile file. The .bash_profile file, and its
contents, are executed every time there is a login to the account. Additionally,
the nmrsu user account is configured for automatic login, hence VNC server starts also.

The full workstation set up procedure is as follows:

1. Setting login to Gnome Desktop:
Select the nmrsu user on the login screen. In the lower right of the screen
select the gear icon. Select Gnome desktop
enter the login password

2. Network Settings:
Select the Network setting icon in the upper right corner. Select USB Ethernet,
Wired Settings. Turn on the slide switch for USB Ethernet. Select the gear
icon and configure the network connection. Change the host name in /etc/hostname

3. Set SELInux to disabled:
change the file /etc/selinux/config
change the line SELINUXforcing to SELINUX=disabled

4. Set Gnome Desktop to single user (this will automatically login to the nmrsu
user account on boot-up):
change /etc/gdm/custom.conf
uncomment and change the line Wayland�lse
add AutomaticLoginEnable=True
add AutomaticLogin=nmrsu

5. Set up yum (dnf) Repositories:
In order to enable repository access, teamviewer.repo needed to be disabled
on my systems.
change the setting in /etc/yum.repos.d/teamviewer.repo to enabled

6. Setup your organization’s proxy service, if required

7. Download TigerVNC viewer:
as root- dnf install tigervnc,
optional, dnf install tigervnc-server

8. Install x11vnc
As root- dnf install x11vnc

9. Change firewall settings for ssh & VNC Server:
It is recommended to download the firewall GUI, (like the one used in CentOS 7).
as root, dnf install firewall-config
or from a command line firewall-cmd --add-service=ssh --zone=public --permanent
firewall-cmd --add-service=vnc-server --zone=public --permanent

10. Start the ssh process:
systemctl enable sshd
systemctl start sshd

11. Setup communication for ssh:
In Gnome, go to Applications, Other, Settings, Sharing, turn Sharing ON, Screen
Sharing OFF, Remote Login ON.

12. Setup Screen Saver:
In Gnome, go to Applications, Other, Settings, Privacy, Screen Lock. Set Blank
Screen Delay 5 to 15 minutes, Automatic Screen Lock to "on", Automatic Screen
Lock delay to 1 hour, Show Notifications on Lock Screen to "on"

13. Setup VNC password:
As nmrsu from a command line type x11vnc -storepasswd
Type in the desired password
This will save the encrypted password in /home/nmrsu/.vnc/passwd

14. Set up VNC to automatically start at login.
In the /etc/passwd file, the default shell setting for nmrsu must be /bin/bash
(it is by default).
Add a line to the /home/nmrsu/.bash_profile file
x11vnc -rfbauth /home/nmrsu/.vnc/passwd -shared -rfbport 5900 -bg -o
%HOME/.x11vnc.log.%VNCDISPLAY -xkb -noxdamage -forever
This will start a VNC session on :0, which remotely shares the desktop, and
it will initiate the creation of a logfile in ~/.x11vnc

Configuring the screen saver is very important for network security.
Using this method limits remote VNC access to the nmrsu account. Logging out
of nmrsu will end the VNC session. Rebooting the workstation will restore
the VNC session.
It is possible to add the x11vnc startup to other user’s .bash_profile,
but switching users can only be done from the system keyboard, unless the
AutomaticLogin user is changed in /etc/gdm/custom.conf prior to reboot.

Sincerely,
Joseph Asta
Associate Director, Engineering
AR&D, Structure Elucidation - NMR
Cell: (201) 805-8201 | joseph.asta_at_merck.com

This e-mail message, together with any attachments, contains information of
Merck & Co., Inc.,Rahway, NJ, USA, and/or its affiliates, known as MSD outside
of the United States and Canada, that may be confidential, proprietary, copyrighted
and/or legally privileged. (Direct contact information for affiliates is available
at - Contact us - MSD<https://www.msd.com/contact-us/>.)
It is intended solely for the use of the individual or entity named on this
message. If you are not the intended recipient, and have received this message
in error, please notify us immediately by reply e-mail and then deleteit from
your system.

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#2823): https://urldefense.com/v3/__https://ammrl.groups=
.io/g/main/message/2823__;!!PvDODwlR4mBZyAb0!VPqmW9v7yv4WBm275mb1U8Zn3h-Sxs=
W__tF1jrR5LOAp3uFOAR6NKygEgjyg35n0B0Q0eEx2-NuMsUXg6SedHUIx079q$
Mute This Topic: https://urldefense.com/v3/__https://groups.io/mt/115156567=
/7559972__;!!PvDODwlR4mBZyAb0!VPqmW9v7yv4WBm275mb1U8Zn3h-SxsW__tF1jrR5LOAp3=
uFOAR6NKygEgjyg35n0B0Q0eEx2-NuMsUXg6SedHQzUKMqz$
Group Owner: main+owner_at_ammrl.groups.io
-=-=-=-=-=-=-=-=-=-=-=-

Received on Wed Sep 17 2025 - 11:22:41 MST

This archive was generated by hypermail 2.4.0 : Wed Oct 01 2025 - 14:23:05 MST