VNC over SSH Bastion host

You may ask why and the answer is just sometimes you have to do stupid things.

bastion == jump host

Setup a tunnel

$ ssh -f -N -p 22 -L 55901: -i customer-priv-key opc@<bastion public IP>

Run vnc server

$ vncserver 
New 'ociserver:1 (opc)' desktop is ociserver:1
Starting applications specified in /home/opc/.vnc/xstartup
Log file is /home/opc/.vnc/ociserver:1.log

Note above vncserver also has a custom startup to bypass the systemwide xinit whihc was spawning gnome desktop.

$ pwd

$ more xstartup 
#exec /etc/X11/xinit/xinitrc
xrdb $HOME/.Xresources
xsetroot -solid grey
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &


$ vncviewer localhost:55901
TigerVNC Viewer 64-bit v1.7.0
Tue Feb 20 13:14:43 2018
 DecodeManager: Detected 1 CPU core(s)
 DecodeManager: Decoding data on main thread
 CConn:       connected to host localhost port 55901
 CConnection: Server supports RFB protocol version 3.8
 CConnection: Using RFB protocol version 3.8
 CConnection: Choosing security type VeNCrypt(19)

Tue Feb 20 13:14:44 2018
 CVeNCrypt:   Choosing security type TLSVnc (258)

Tue Feb 20 13:14:51 2018
 X11PixelBuffer: Using default colormap and visual, TrueColor, depth 24.
 CConn:       Using pixel format depth 24 (32bpp) little-endian rgb888
 CConn:       Using Tight encoding
 CConn:       Enabling continuous updates

VNC Server on a minimal Solaris 10 Server

I generally prefer installing server with a very minimal footprint and just add what is necessary. Think small templates etc..

Solaris 10 can be a bit difficult to add software. More modern package management systems like IPS or APT / YUM in the Linux world makes this much easier.

Here is what I had to do to get vncserver running after a very minimal Solaris 10 install. Out of scope is getting a CD with software mounted. MY CD was mounted under /mnt so the packages were located in /mnt/Solaris_10/Product.

VNC Server and dependencies

# pkgadd -d . SUNWxvnc SUNWxwfnt SUNWxorg-xkb SUNWxwplt SUNWxorg-clientlibs SUNWxorg-server

xauth required for vncserver binary

# pkgadd -d . SUNWxwplt SUNWxwice SUNWxwrtl SUNWxwplr

Will need twm for at least a minimal window manager for a xterm. Gives twm in /usr/openwin/bin

# pkgadd -d . SUNWxwopt

Will need the path for xauth and twm to fire.

# grep PATH .profile
export PATH=/usr/bin:/usr/sbin
export PATH

For reference here is where vnc pulls xterm.

# cat .vnc/xstartup

[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
#xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
xterm -geometry 120x34+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

Solaris Server Graphics

Mostly I try to install the absolute minimum graphics software on a server.  Most installs should be possible without graphics.  For instance installing an Oracle database you can use silent mode and a response file.

Now and then you can’t get around this.  If you have the luxury of just remotely displaying a xterm back to your Unix desktop (or Windows with X-Window software like Xming etc) then that should be enough.  If you have a slow link over a WAN then displaying X remotely becomes quite impossible.  This is because of the way the X-Window system updates pixels, keyboard and mouse clicks.  In this case you can try VNC.

Note since you have installed minimal graphics software on the server you should not expect a nice GNOME type desktop awaiting you upon a successful VNC connection.

This is an example of using VNC to connect to a Solaris 11 LDOM.

Install VNC server:

# pkg search vncserver
basename file usr/bin/vncserver pkg:/x11/server/xvnc@1.1.0-

root@host11:~# pkg install pkg:/x11/server/xvnc@1.1.0-

Run VNC Server as the user you need to use:

dev1_a@host11:~$ vncserver
You will require a password to access your desktops.
New 'host11:2 (dev1)' desktop is host11:2

Creating default startup script /export/home/dev1/.vnc/xstartup
Starting applications specified in /export/home/dev1/.vnc/xstartup
Log file is /export/home/dev1/.vnc/host11:2.log

Now connect with your VNC client to host11:2.