I'm running Debian/Trixie on and AMD64 system. I have a need to be able
to connect remotely to this machine.

My network already is setup for ssh from the outside to go to my main
server. From there I would normally use -L port forwarding to connect to
a computer on the LAN. However, tigervnc-standalone-server's
configuration defaults to only listening on localhost, assuming that
anyone coming in is using an SSH tunnel already.

I could punch another hole in my router's firewall to take me directly
to my workstation, and set it up as an SSH server. But I trust my LAN
and would prefer to just go through my normal SSH tunnel.

tigervnc-server has a command line option to listen to the LAN but the
Debian systemd service configuration doesn't invoke the server program directly, so I'm not sure how to get the option to the vnc server.

Any ideas?

This is the .service file:

[Unit]
Description=Remote desktop service (VNC)
After=network.target systemd-user-sessions.service

[Service]
Type=forking
ExecStart=/usr/libexec/tigervncsession-start %i PIDFile=/run/tigervncsession-%i.pid SELinuxContext=system_u:system_r:vnc_session_t:s0

[Install]
WantedBy=multi-user.target

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-08-19 22:27, Max Nikulin wrote:

On 20/08/2024 05:15, Gary Dale wrote:

tigervnc-server has a command line option to listen to the LAN but
the Debian systemd service configuration doesn't invoke the server
program directly, so I'm not sure how to get the option to the vnc
server.

[...]> This is the .service file:
[...]

ExecStart=/usr/libexec/tigervncsession-start %i

Try "systemctl cat" for the corresponding .socket file.

<https://0pointer.de/blog/projects/inetd.html>

Thanks, but I can't find a .socket file.  While
    find / -name *.service | grep vnc
locates the various .service files associated with vnc: /etc/systemd/system/multi-user.target.wants/tigervncserver@:1.service /etc/systemd/system/vncserver@.service

The same search for *.socket comes up empty.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-08-20 15:15, Greg Wooledge wrote:

On Tue, Aug 20, 2024 at 15:04:11 -0400, Gary Dale wrote:

On 2024-08-19 22:27, Max Nikulin wrote:

On 20/08/2024 05:15, Gary Dale wrote:

tigervnc-server has a command line option to listen to the LAN but
the Debian systemd service configuration doesn't invoke the server
program directly, so I'm not sure how to get the option to the vnc
server.

[...]> This is the .service file:
[...]

ExecStart=/usr/libexec/tigervncsession-start %i

Try "systemctl cat" for the corresponding .socket file.

<https://0pointer.de/blog/projects/inetd.html>

Thanks, but I can't find a .socket file.  While
    find / -name *.service | grep vnc
locates the various .service files associated with vnc:
/etc/systemd/system/multi-user.target.wants/tigervncserver@:1.service
/etc/systemd/system/vncserver@.service

The same search for *.socket comes up empty.

If you know the package name, you can get a list of files which are part
of that package. If it's installed locally, you can use dpkg -L to get
the filenames. Otherwise, you can use Debian's web site:

https://packages.debian.org/bookworm/amd64/tigervnc-standalone-server/filelist

I'm guessing that's your package name.

File list of package tigervnc-standalone-server in bookworm of architecture amd64
/etc/X11/Xtigervnc-session
/etc/tigervnc/vncserver.users
/lib/systemd/system/tigervncserver@.service
/usr/bin/Xtigervnc
/usr/bin/tigervncserver
/usr/libexec/tigervncsession-start
/usr/sbin/tigervncsession /usr/share/doc/tigervnc-standalone-server/changelog.Debian.gz /usr/share/doc/tigervnc-standalone-server/copyright /usr/share/man/man1/Xtigervnc.1.gz
/usr/share/man/man1/tigervncserver.1.gz /usr/share/man/man8/tigervncsession.8.gz

... oh wait, the package name is in the Subject. Gah, I hate it when
people hide details in the Subject header instead of the body.

Well, at least I guessed the right package name.

Look, I know the executable is vncserver. The question is how do I get
the service to specify parameters when starting the service? I can start
is from the command line as "vncserver -localhost no" but then I'd have
to use cron to set it up to run on reboot, something the systemd service already handles.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, Aug 20, 2024 at 15:28:40 -0400, Gary Dale wrote:

Look, I know the executable is vncserver. The question is how do I get the service to specify parameters when starting the service? I can start is from the command line as "vncserver -localhost no" but then I'd have to use cron to set it up to run on reboot, something the systemd service already
handles.

Are you sure you actually *want* to use systemd to start it? It doesn't
really seem like the best choice to me. For one thing, when you start
it from a user's crontab with @reboot, it runs as the correct user automatically. I don't know how systemd knows which user to start the
VNC session as.

Maybe I just don't understand the concept of a "standalone (VNC) server".

I've got some workstations with tightvncserver installed, and I've got
two sessions running on each workstation, as two separate user accounts.
Each one is started from the user's crontab file, with a customized
resolution for each human user.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, Aug 20, 2024 at 15:04:11 -0400, Gary Dale wrote:

On 2024-08-19 22:27, Max Nikulin wrote:

On 20/08/2024 05:15, Gary Dale wrote:

tigervnc-server has a command line option to listen to the LAN but
the Debian systemd service configuration doesn't invoke the server program directly, so I'm not sure how to get the option to the vnc server.

[...]> This is the .service file:
[...]

ExecStart=/usr/libexec/tigervncsession-start %i

Try "systemctl cat" for the corresponding .socket file.

<https://0pointer.de/blog/projects/inetd.html>

Thanks, but I can't find a .socket file.  While
    find / -name *.service | grep vnc
locates the various .service files associated with vnc: /etc/systemd/system/multi-user.target.wants/tigervncserver@:1.service /etc/systemd/system/vncserver@.service

The same search for *.socket comes up empty.

If you know the package name, you can get a list of files which are part
of that package. If it's installed locally, you can use dpkg -L to get
the filenames. Otherwise, you can use Debian's web site:

https://packages.debian.org/bookworm/amd64/tigervnc-standalone-server/filelist

I'm guessing that's your package name.


File list of package tigervnc-standalone-server in bookworm of architecture amd64
/etc/X11/Xtigervnc-session
/etc/tigervnc/vncserver.users
/lib/systemd/system/tigervncserver@.service
/usr/bin/Xtigervnc
/usr/bin/tigervncserver
/usr/libexec/tigervncsession-start
/usr/sbin/tigervncsession /usr/share/doc/tigervnc-standalone-server/changelog.Debian.gz /usr/share/doc/tigervnc-standalone-server/copyright /usr/share/man/man1/Xtigervnc.1.gz
/usr/share/man/man1/tigervncserver.1.gz /usr/share/man/man8/tigervncsession.8.gz


... oh wait, the package name is in the Subject. Gah, I hate it when
people hide details in the Subject header instead of the body.

Well, at least I guessed the right package name.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-08-20 15:41, Greg Wooledge wrote:

On Tue, Aug 20, 2024 at 15:28:40 -0400, Gary Dale wrote:

Look, I know the executable is vncserver. The question is how do I get the >> service to specify parameters when starting the service? I can start is from >> the command line as "vncserver -localhost no" but then I'd have to use cron >> to set it up to run on reboot, something the systemd service already
handles.

Are you sure you actually *want* to use systemd to start it? It doesn't really seem like the best choice to me. For one thing, when you start
it from a user's crontab with @reboot, it runs as the correct user automatically. I don't know how systemd knows which user to start the
VNC session as.

Maybe I just don't understand the concept of a "standalone (VNC) server".

I've got some workstations with tightvncserver installed, and I've got
two sessions running on each workstation, as two separate user accounts.
Each one is started from the user's crontab file, with a customized resolution for each human user.

That puts an interesting twist on it. I just rebooted and the service
doesn't actually appear to restart. It shows as dead.

$ systemctl status tigervncserver@:1.service
â—‹ tigervncserver@:1.service - Remote desktop service (VNC)
     Loaded: loaded (/usr/lib/systemd/system/tigervncserver@.service; enabled; preset: enabled)
     Active: inactive (dead) since Tue 2024-08-20 15:52:31 EDT; 1min 4s ago
   Duration: 56ms
 Invocation: d3a35f8b59284ff6b4bbf1e97ac13570
    Process: 1522 ExecStart=/usr/libexec/tigervncsession-start :1 (code=exited, status=0/SUCCESS)
   Main PID: 1539 (code=exited, status=0/SUCCESS)
   Mem peak: 2.8M
        CPU: 13ms

However I can run vncviewer localhost:5901 and connect as my user. I'm
seeing a black screen but that's a separate issue, I think.

Strangely, I am now getting a connection from my laptop. So now I just
have to resolve the black screen issue. Apparently the default
configuration requires a strong enough encryption to allow non-local connections. I'm not sure why I wasn't connecting yesterday, but it's
working now.

As for the user under systemd, I think that is determined by the
connection. There is also a file (/etc/tigervnc/vncserver.users) that
links the connection to the user name. I only need to enable the actual connection service for each user.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-08-20 16:42, Gary Dale wrote:

On 2024-08-20 15:41, Greg Wooledge wrote:

On Tue, Aug 20, 2024 at 15:28:40 -0400, Gary Dale wrote:

Look, I know the executable is vncserver. The question is how do I
get the
service to specify parameters when starting the service? I can start
is from
the command line as "vncserver -localhost no" but then I'd have to
use cron
to set it up to run on reboot, something the systemd service already
handles.

Are you sure you actually *want* to use systemd to start it?  It doesn't
really seem like the best choice to me.  For one thing, when you start
it from a user's crontab with @reboot, it runs as the correct user
automatically.  I don't know how systemd knows which user to start the
VNC session as.

Maybe I just don't understand the concept of a "standalone (VNC)
server".

I've got some workstations with tightvncserver installed, and I've got
two sessions running on each workstation, as two separate user accounts.
Each one is started from the user's crontab file, with a customized
resolution for each human user.

That puts an interesting twist on it. I just rebooted and the service
doesn't actually appear to restart. It shows as dead.

$ systemctl status tigervncserver@:1.service
â—‹ tigervncserver@:1.service - Remote desktop service (VNC)
     Loaded: loaded (/usr/lib/systemd/system/tigervncserver@.service; enabled; preset: enabled)
     Active: inactive (dead) since Tue 2024-08-20 15:52:31 EDT; 1min
4s ago
   Duration: 56ms
 Invocation: d3a35f8b59284ff6b4bbf1e97ac13570
    Process: 1522 ExecStart=/usr/libexec/tigervncsession-start :1 (code=exited, status=0/SUCCESS)
   Main PID: 1539 (code=exited, status=0/SUCCESS)
   Mem peak: 2.8M
        CPU: 13ms

However I can run vncviewer localhost:5901 and connect as my user. I'm
seeing a black screen but that's a separate issue, I think.

Strangely, I am now getting a connection from my laptop. So now I just
have to resolve the black screen issue. Apparently the default
configuration requires a strong enough encryption to allow non-local connections. I'm not sure why I wasn't connecting yesterday, but it's
working now.

As for the user under systemd, I think that is determined by the
connection. There is also a file (/etc/tigervnc/vncserver.users) that
links the connection to the user name. I only need to enable the
actual connection service for each user.

Ended up using krfb instead. Seems to work better and does what I want
simply and easily!

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)