55ccb6
# The vncserver service unit file
55ccb6
#
55ccb6
# Quick HowTo:
55ccb6
# 1. Copy this file to /etc/systemd/system/xvnc@.service
55ccb6
# 2. Copy xvnc.socket to /etc/systemd/system/xvnc.socket
55ccb6
# 3. Run `systemctl daemon-reload`
55ccb6
# 4. Run `systemctl enable xvnc.socket`
55ccb6
#
55ccb6
# DO NOT RUN THIS SERVICE if your local area network is
55ccb6
# untrusted!  For a secure way of using VNC, you should
55ccb6
# limit connections to the local host and then tunnel from
55ccb6
# the machine you want to view VNC on (host A) to the machine
55ccb6
# whose VNC output you want to view (host B)
55ccb6
#
55ccb6
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
55ccb6
#
55ccb6
# this will open a connection on port 590N of your hostA to hostB's port 590M
55ccb6
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
55ccb6
# See the ssh man page for details on port forwarding)
55ccb6
#
55ccb6
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
55ccb6
# the help of ssh, you end up seeing what hostB makes available on port 590M
55ccb6
#
55ccb6
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
55ccb6
#
55ccb6
# Use "-localhost" to prevent remote VNC clients connecting except when
55ccb6
# doing so through a secure tunnel.  See the "-via" option in the
55ccb6
# `man vncviewer' manual page.
55ccb6
55ccb6
55ccb6
[Unit]
55ccb6
Description=XVNC Per-Connection Daemon
55ccb6
55ccb6
[Service]
55ccb6
ExecStart=-/usr/bin/Xvnc -inetd -query localhost -geometry 1024x768 -depth 24 -once -SecurityTypes=None
55ccb6
User=nobody
55ccb6
StandardInput=socket
55ccb6
StandardError=syslog