I configured the remote server according to the instructions in:
I would like to start a one time session for a specific user.
As a viewer I use remmina.
When I want to connect, it always asks me to enter certificate authentication files. How do I have to configure Xvnc that it doesn’t ask for the certificates? I just would like to use username and password to login.
Educated guess is that it is set in /usr/lib/systemd/system/xvnc@.service. Try “systemctl edit /usr/lib/systemd/system/xvnc@.service” and change ExecStart command to use suitable authentication options.
What Display Manager are you using?
I’ve posted a rough draft of what I intend to finish some day that attempts to fill in what I consider the holes in the openSUSE official documentation…
In the following section I describe what may be a clue to resolving your problem…
Note that as a rough draft I’m referring to something called XMCCP when it’s likely that should be XMPP
https://en.opensuse.org/User:Tsu2/remote_administration_VNC#Security
You might find something in your DM’s configuration,
You might find something in /etc/sysconfig/
TSU
I’m using: systemctl restart xdm.service
If I run: “systemctl edit /usr/lib/systemd/system/xvnc@.service” I get the following message:
SRV-WEB-01:~ # systemctl edit /usr/lib/systemd/system/xvnc@.service
No files found for usr-lib-systemd-system-xvnc\x40.service.mount.
Run 'systemctl edit --force --full usr-lib-systemd-system-xvnc\x40.service.mount' to create a new unit.
This how my /usr/lib/systemd/system/xvnc@.service looks like:
[Unit]
Description=Xvnc Server
[Service]
ExecStart=/usr/lib/vnc/with-vnc-key.sh /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM
User=vnc
StandardInput=socket
StandardOutput=socket
StandardError=syslog
An what would be suitable authentication option if I just want to use the username and the password?
Can I edit /usr/lib/systemd/system/xvnc@.service with the vi?
If I run: “systemctl start xvnc.socket” followed by: “systemctl list-units --all xvnc” I get the following output:
SRV-WEB-01:~ # systemctl list-units --all xvnc
0 loaded units listed.
To show all installed unit files use 'systemctl list-unit-files'
It looks like it doesn’t start the xvnc.socket
Sorry, it should have been just “systemctl edit --full xvnc@.service”.
[Service] ExecStart=/usr/lib/vnc/with-vnc-key.sh /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM
Here are your certficicates.
An what would be suitable authentication option if I just want to use the username and the password?
It really depends on what you want. See “man Xvnc”. The TLSPlain is using operating system to check passwords, TLSVnc is using password file. The following works for me using my OS user to log in:
[Unit]Description=Xvnc Server
[Service]
ExecStart=/usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes TLSPlain -PlainUsers * -log *:syslog:30 -extension MIT-SHM
User=vnc
StandardInput=socket
StandardOutput=socket
StandardError=syslog
Can I edit /usr/lib/systemd/system/xvnc@.service with the vi?
You should not edit files in /usr/lib. You can copy it in /etc/systemd/system and edit there (that is what command above effectively does). Do not forget to run “systemctl daemon-reload” or reboot after you copied file so systemd can pick up new definition.
Which is absolutely correct - there is no unit with name xvnc. Unit name is xvnc.socket or you need to use wildcards like xvnc*.
It looks like it doesn’t start the xvnc.socket
Of course it does, otherwise you would not get certificate prompt.
I configured it like this. Now it connects and I can enter the username and the password, but the I only get a black screen instead of the desktop and after a while the session closes.
Your display manager must allow XDMCP queries. What display manager are you using? Did you reboot after enabling remote administration?
I use this command to start xdm
systemctl restart xdm.service
Do I have to configure xvnc that it uses xdm?
That does not answer my question - what display manager are you using?
Do I have to configure xvnc that it uses xdm?
I do not understand this question. Xvnc service as shipped by openSUSE does use display manager queries - this is -query option.
Is that correct?
SRV-WEB-01: # update-alternatives --config default-displaymanager
There are 4 choices for the alternative default-displaymanager (providing /usr/lib/X11/displaymanagers/default-displaymanager).
Selection Path Priority Status
------------------------------------------------------------
0 /usr/lib/X11/displaymanagers/sddm 25 auto mode
1 /usr/lib/X11/displaymanagers/console 5 manual mode
2 /usr/lib/X11/displaymanagers/lightdm 15 manual mode
3 /usr/lib/X11/displaymanagers/sddm 25 manual mode
* 4 /usr/lib/X11/displaymanagers/xdm 10 manual mode
Press <enter> to keep the current choice
[li], or type selection number[/li]```And does it listen for XDMCP?
ss -ulnp | grep 177
I’m a bit confused by your output.
I can see that you likely are configured to use xdm but if you use the tool you just ran to set your DM, that should also appear as your “auto mode” setting.
How are you setting your DM?
TSU
I’m setting it with this command:
update-alternatives --config default-displaymanager
Although xdm should be supported,
Try setting LightDM, it’s more commonly used.
TSU