Provided by: tigervnc-standalone-server_1.14.1+dfsg-1_amd64 bug

NAME

       Xtigervnc - the X VNC server

SYNOPSIS

       Xtigervnc [options] :display#

DESCRIPTION

       Xtigervnc  is  the  X VNC (Virtual Network Computing) server.  It is based on a standard X
       server, but it has a "virtual" screen rather than a physical one.  X applications  display
       themselves on it as if it were a normal X display, but they can only be accessed via a VNC
       viewer - see xtigervncviewer(1).

       So Xtigervnc is really two servers in one. To the applications it is an X server,  and  to
       the  remote  VNC  users  it  is  a VNC server. By convention we have arranged that the VNC
       server display number will be the same as the X server display number, which means you can
       use eg. snoopy:2 to refer to display 2 on machine "snoopy" in both the X world and the VNC
       world.

       The best way of starting Xtigervnc is via tigervncsession.  This sets up  the  environment
       appropriately and starts a desktop environment. See the manual page for tigervncsession(8)
       for more information.

OPTIONS

       Xtigervnc takes lots of options - running Xtigervnc -help gives a list.  Many of these are
       standard X server options, which are described in the Xserver(1) manual page.  In addition
       to options which can only be set via the command-line, there are also  "parameters"  which
       can be set both via the command-line and through the tigervncconfig(1) program.

       -geometry widthxheight
              Specify the size of the desktop to be created. Default is 1024x768.

       -depth depth
              Specify  the pixel depth in bits of the desktop to be created. Default is 24, other
              possible values are 16 and 32. Anything else is likely to cause  strange  behaviour
              by applications and may prevent the server from starting at all.

       -pixelformat format
              Specify pixel format for server to use (BGRnnn or RGBnnn). The default for depth 16
              is RGB565 and for depth 24 and 32 is RGB888.

       -rendernode path
              DRM render node to use for DRI3 GPU acceleration. Specify an empty path to  disable
              DRI3. Default is auto which makes Xtigervnc pick a suitable available render node.

       -interface IP address
              Listen on interface. By default Xtigervnc listens on all available interfaces.

       -inetd This  significantly  changes  Xtigervnc's behaviour so that it can be launched from
              inetd.  See the section below on usage with inetd.

       -help  List all the options and parameters

PARAMETERS

       VNC parameters can be set both via the  command-line  and  through  the  tigervncconfig(1)
       program, and with a VNC-enabled Xorg server via Options entries in the xorg.conf file.

       Parameters  can  be  turned  on with -param or off with -param=0.  Parameters which take a
       value can be specified as -param value.  Other valid forms  are  param=value  -param=value
       --param=value.  Parameter names are case-insensitive.

       -desktop desktop-name
              Each  desktop  has  a  name  which  may  be displayed by the viewer. It defaults to
              "<user>@<hostname>".

       -rfbport port
              Specifies the TCP port on which Xtigervnc listens for connections from viewers (the
              protocol  used  in  VNC is called RFB - "remote framebuffer").  The default is 5900
              plus the display number. Specify -1 to disable listening on a TCP port.

       -UseIPv4
              Use IPv4 for incoming and outgoing connections. Default is on.

       -UseIPv6
              Use IPv6 for incoming and outgoing connections. Default is on.

       -rfbunixpath path
              Specifies the path  of  a  Unix  domain  socket  on  which  Xtigervnc  listens  for
              connections from viewers.

       -rfbunixmode mode
              Specifies the mode of the Unix domain socket.  The default is 0600.

       -rfbauth passwd-file, -PasswordFile passwd-file
              Password  file for VNC authentication.  There is no default, you should specify the
              password  file  explicitly.    Password   file   should   be   created   with   the
              tigervncpasswd(1)  utility.   The file is accessed each time a connection comes in,
              so it can be changed on the fly.

       -AcceptCutText
              Accept clipboard updates from clients. Default is on.

       -MaxCutText bytes
              The maximum size of a clipboard  update  that  will  be  accepted  from  a  client.
              Default is 262144.

       -SendCutText
              Send clipboard changes to clients. Default is on.

       -SendPrimary
              Send  the  primary  selection and cut buffer to the server as well as the clipboard
              selection. Default is on.

       -AcceptPointerEvents
              Accept pointer movement and button events from clients. Default is on.

       -AcceptKeyEvents
              Accept key press and release events from clients. Default is on.

       -AcceptSetDesktopSize
              Accept requests to resize the size of the desktop. Default is on.

       -DisconnectClients
              Disconnect existing clients if an incoming connection is non-shared. Default is on.
              If  DisconnectClients  is  false,  then a new non-shared connection will be refused
              while there is a client active.  When combined with NeverShared this means only one
              client is allowed at a time.

       -NeverShared
              Never  treat  incoming  connections  as  shared, regardless of the client-specified
              setting. Default is off.

       -AlwaysShared
              Always treat incoming connections as shared,  regardless  of  the  client-specified
              setting. Default is off.

       -Protocol3.3
              Always  use  protocol  version  3.3  for backwards compatibility with badly-behaved
              clients. Default is off.

       -FrameRate fps
              The maximum number of updates per second sent to each client. If the screen updates
              any faster then those changes will be aggregated and sent in a single update to the
              client. Note that this only controls the maximum rate and a client may get a  lower
              rate when resources are limited. Default is 60.

       -CompareFB mode
              Perform  pixel  comparison  on  framebuffer  to  reduce unnecessary updates. Can be
              either 0 (off), 1 (always) or 2 (auto). Default is 2.

       -ImprovedHextile
              Use improved compression algorithm  for  Hextile  encoding  which  achieves  better
              compression ratios by the cost of using slightly more CPU time.  Default is on.

       -SecurityTypes sec-types
              Specify  which security scheme to use for incoming connections.  Valid values are a
              comma separated list of None, VncAuth, Plain, TLSNone, TLSVnc, TLSPlain,  X509None,
              X509Vnc, X509Plain, RA2, RA2ne, RA2_256 and RA2ne_256.  Default is TLSVnc,VncAuth.

       -Password password
              Obfuscated  binary encoding of the password which clients must supply to access the
              server.  Using this parameter is insecure, use PasswordFile parameter instead.

       -PlainUsers user-list
              A comma separated list of user names that are allowed to authenticate  via  any  of
              the  "Plain" security types (Plain, TLSPlain, etc.). Specify * to allow any user to
              authenticate using this security type. Specify %u to allow the user of  the  server
              process. Default is to deny all users.

       -pam_service name, -PAMService name
              PAM service name to use when authentication users using any of the "Plain" security
              types. Default is vnc.

       -X509Cert path
              Path to a X509 certificate in PEM format to be used for  all  X509  based  security
              types (X509None, X509Vnc, etc.).

       -X509Key path
              Private  key counter part to the certificate given in X509Cert. Must also be in PEM
              format.

       -GnuTLSPriority priority
              GnuTLS priority string that controls the TLS session’s handshake  algorithms.   See
              the GnuTLS manual for possible values. For GnuTLS < 3.6.3 the default value will be
              NORMAL to use upstream default. For newer versions  of  GnuTLS  system-wide  crypto
              policy will be used.

       -RSAKey path
              Path  to  the  RSA  key  for  the  RSA-AES  security types (RA2, RA2ne, RA2_256 and
              RA2ne_256) in PEM format.

       -RequireUsername
              Require username for the RSA-AES security types. Default is off.

       -UseBlacklist
              Temporarily reject connections from a host if it repeatedly fails to  authenticate.
              Default is on.

       -BlacklistThreshold count
              The  number of unauthenticated connection attempts allowed from any individual host
              before that host is black-listed.  Default is 5.

       -BlacklistTimeout seconds
              The initial timeout applied when a host is first black-listed.  The host cannot re-
              attempt a connection until the timeout expires.  Default is 10.

       -IdleTimeout seconds
              The  number of seconds after which an idle VNC connection will be dropped.  Default
              is 0, which means that idle connections will never be dropped.

       -MaxDisconnectionTime seconds
              Terminate when no client has been connected for N seconds.  Default is 0.

       -MaxConnectionTime seconds
              Terminate when a client has been connected for N seconds.  Default is 0.

       -MaxIdleTime seconds
              Terminate after N seconds of user inactivity.  Default is 0.

       -QueryConnect
              Prompts  the  user  of  the  desktop  to  explicitly  accept  or  reject   incoming
              connections. Default is off.

              The  tigervncconfig(1)  program  must  be  running  on  the  desktop  in  order for
              QueryConnect to be supported.

       -QueryConnectTimeout seconds
              Number of seconds to  show  the  Accept  Connection  dialog  before  rejecting  the
              connection.  Default is 10.

       -localhost
              Only  allow  connections  from  the same machine. Useful if you use SSH and want to
              stop non-SSH connections from any other hosts.

       -Log logname:dest:level
              Configures the debug log settings.  dest can currently be stderr, stdout or syslog,
              and  level  is  between  0  and  100,  100 meaning most verbose output.  logname is
              usually * meaning all, but you can target a specific source file if  you  know  the
              name of its "LogWriter".  Default is *:stderr:30.

       -RemapKeys mapping
              Sets  up  a  keyboard  mapping.   mapping  is a comma-separated string of character
              mappings, each of the form char->char, or char<>char, where char is  a  hexadecimal
              keysym.  For  example,  to  exchange  the  "  and  @  symbols you would specify the
              following:

                 RemapKeys=0x22<>0x40

       -AvoidShiftNumLock
              Key affected by NumLock often require a fake Shift to be inserted in order for  the
              correct  symbol  to  be  generated.  Turning on this option avoids these extra fake
              Shift events but may result in a slightly different symbol (e.g. a  Return  instead
              of a keypad Enter).

       -RawKeyboard
              Send  keyboard  events  straight  through  and  avoid  mapping  them to the current
              keyboard layout. This effectively makes the keyboard behave according to the layout
              configured on the server instead of the layout configured on the client. Default is
              off.

       -AllowOverride
              Comma separated list of parameters  that  can  be  modified  using  VNC  extension.
              Parameters  can be modified for example using tigervncconfig(1) program from inside
              a running session.

              Allowing override of parameters such as PAMService or PasswordFile  can  negatively
              impact security if Xtigervnc runs under different user than the programs allowed to
              override the parameters.

              When  NoClipboard  parameter  is  set,  allowing  override   of   SendCutText   and
              AcceptCutText has no effect.

              Default                                                                          is
              desktop,AcceptPointerEvents,SendCutText,AcceptCutText,SendPrimary,SetPrimary.

USAGE WITH INETD

       By configuring the inetd(1) service appropriately, Xtigervnc can  be  launched  on  demand
       when  a  connection  comes  in, rather than having to be started manually.  When given the
       -inetd option, instead of listening for TCP connections  on  a  given  port  it  uses  its
       standard  input  and  standard  output.  There are two modes controlled by the wait/nowait
       entry in the inetd.conf file.

       In the nowait mode,  Xtigervnc  uses  its  standard  input  and  output  directly  as  the
       connection  to  a  viewer.   It  never  has  a  listening socket, so cannot accept further
       connections from viewers (it can however connect out to listening viewers by  use  of  the
       tigervncconfig  program).  Further viewer connections to the same TCP port result in inetd
       spawning off a new Xtigervnc to deal with each connection.  When  the  connection  to  the
       viewer  dies,  the  Xtigervnc  and  any  associated X clients die.  This behaviour is most
       useful when combined with the XDMCP options -query  and  -once.   An  typical  example  in
       inetd.conf might be (all on one line):

       5950    stream    tcp  nowait  nobody   /usr/local/bin/Xtigervnc  Xtigervnc  -inetd -query
       localhost -once securitytypes=none

       In this example a viewer connection to :50  will  result  in  a  new  Xtigervnc  for  that
       connection  which  should  display the standard XDM login screen on that machine.  Because
       the user needs to login via XDM, it is usually OK to  accept  connections  without  a  VNC
       password in this case.

       In  the wait mode, when the first connection comes in, inetd gives the listening socket to
       Xtigervnc.  This means that for a given TCP port, there is only ever one  Xtigervnc  at  a
       time.   Further  viewer connections to the same port are accepted by the same Xtigervnc in
       the normal way.  Even when the original connection is broken, the Xtigervnc will  continue
       to  run.   If  this  is  used  with  the XDMCP options -query and -once, the Xtigervnc and
       associated X clients will die when the user logs out of the X session in the  normal  way.
       It  is  important to use a VNC password in this case.  A typical entry in inetd.conf might
       be:

       5951   stream   tcp wait    james      /usr/local/bin/Xtigervnc  Xtigervnc  -inetd  -query
       localhost -once passwordFile=/home/james/.config/tigervnc/passwd

       In  fact typically, you would have one entry for each user who uses VNC regularly, each of
       whom has their own dedicated TCP port which they use.  In this example, when user  "james"
       connects  to :51, he enters his VNC password, then gets the XDM login screen where he logs
       in in the normal way.  However, unlike  the  previous  example,  if  he  disconnects,  the
       session  remains  persistent,  and  when  he  reconnects he will get the same session back
       again.  When he logs out of the X session, the Xtigervnc will die, but of course a new one
       will be created automatically the next time he connects.

SEE ALSO

       tigervncconfig(1),  tigervncpasswd(1), xtigervncviewer(1), tigervncsession(8), Xserver(1),
       inetd(1)
       https://www.tigervnc.org

AUTHOR

       Tristan Richardson, RealVNC Ltd. and others.

       VNC was originally developed by the RealVNC team while at Olivetti  Research  Ltd  /  AT&T
       Laboratories Cambridge.  TightVNC additions were implemented by Constantin Kaplinsky. Many
       other people have since participated in development, testing and support. This  manual  is
       part of the TigerVNC software suite.