weston-vnc - Man Page

the VNC backend for Weston

Synopsis

weston --backend=vnc

Description

The VNC backend allows to run a weston environment without the need of specific graphic hardware, or input devices. Users can interact with weston only by connecting using the remote framebuffer protocol (RFB).

The VNC backend uses Neat VNC to implement the VNC part, it acts as a VNC server listening for incoming connections. It supports different encodings for encoding the graphical content, depending on what is supported by the VNC client.

The VNC backend is not multi-seat aware, so if a second client connects to the backend, the first client will be disconnected.

The VNC client has to authenticate as the user running weston. This requires a PAM configuration file /etc/pam.d/weston-remote-access.

Configuration

The VNC backend uses the following entries from weston.ini.

Section vnc

refresh-rate=rate

Specifies the desktop redraw rate in Hz. If unspecified, the default is 60Hz. Changing this may be useful if you have a faster than 60Hz display, or if you want to reduce updates to reduce network traffic.

tls-key=file

The file containing the key for doing TLS security. To have TLS security you also need to ship a file containing a certificate.

tls-cert=file

The file containing the certificate for doing TLS security. To have TLS security you also need to ship a key file.

Section output

name=vnc

The name vnc is used to identify the VNC output.

mode=widthxheight

Specifies the (initial) size for the output.

resizeable=boolean

Specifies whether the VNC client is allowed to resize the output.

Options

When the VNC backend is loaded, weston will understand the following additional command line options.

--address=address

The IP address on which the VNC backend will listen for VNC connections. By default it listens on 0.0.0.0.

--width=width

The width of the framebuffer. It defaults to 640.

--height=height

The height of the framebuffer. It defaults to 480.

--port=port

The TCP port to listen on for connections. It defaults to 5900.

--vnc-tls-key=file

The file containing the key for doing TLS security. To have TLS security you also need to ship a file containing a certificate.

--vnc-tls-cert=file

The file containing the certificate for doing TLS security. To have TLS security you also need to ship a key file.

--disable-transport-layer-security

Disable Transport Layer Security. If specified, VNC will be enabled with password-only authentication. This option is not recommended, as it creates security risk.

Generating cryptographic material for the VNC backend

You can generate a key and certificate file to use with TLS security using typical openssl invocations:

$ openssl genrsa -out tls.key 2048
Generating RSA private key, 2048 bit long modulus
[...]
$ openssl req -new -key tls.key -out tls.csr
[...]
$ openssl x509 -req -days 365 -signkey tls.key -in tls.csr -out tls.crt
[...]

You will get the tls.key and tls.crt files to use with the VNC backend.

See Also

weston(1)

Referenced By

weston(1).

2017-12-14 Weston 14.0.0