Skip to content

Latest commit

 

History

History
41 lines (34 loc) · 2.1 KB

vnc.md

File metadata and controls

41 lines (34 loc) · 2.1 KB

VNC

As an alternative to the web interface, you can use VNC with various desktop clients. The main advantage of VNC over the browser is the ability to expand the image to the full screen, as well as complete interception of all keyboard keys. In some cases, VNC will be more responsive than the browser, especially on weak computers.

Please note: we strongly adivse against using VNC in untrusted networks! (i.e. Internet, public WiFi and similar networks)

The current VNC implementation uses either weak TLS encryption or no encryption at all (depending on your client). In the latter case, your password will be transmitted over the network in plain text. Unfortunately, this is the reality of the VNC protocol.

Enabling VNC on the Pi-KVM side

  1. Switch Pi-KVM filesystem to read-write mode using command rw.

  2. Optional: Change client's keyboard layout if you're using an non-US keyboard. To do this edit file /etc/kvmd/override.yaml

    (remove {} before adding lines):

    vnc:
        keymap: /usr/share/kvmd/keymaps/ru

    All available keymaps are located in /usr/share/kvmd/keymaps:

    VNC keymaps

  3. Optional: Some VNC clients (for example TightVNC) can't use user/password authentication. In this case you can enable passhrases mode in /etc/kvmd/override.yaml:

    vnc:
        auth:
            vncauth:
                enabled: true

    To set passphrases edit file /etc/kvmd/vncpasswd.

  4. Enable kvmd-vnc daemon. VNC will be available on the port 5900: systemctl enable --now kvmd-vnc.

  5. Switch filesystem back to read-only: ro.

Configuring the client

We recommend TigerVNC for a better experience. Here are our recommended settings for TigerVNC:

  • Compression tab:
    • Choose Tight encoding as preferred and color-level Full.
    • Disable automatic quality adjust settings Auto Select.
    • Enable Allow JPEG compression.
  • Security tab:
    • Enable None and Anonymous TLS encryption.
    • Enable Username and password authentication.