Skip to main content

Commands Cheatsheet

Start VNC

x11vnc -shared -forever -noxdamage -localhost -noxrecord -nopw -many -loop -display :0

Start noVNC (with ssl)

 novnc --listen 443 --cert /etc/letsencrypt/live/suda.formatc.hr/fullchain.pem --key /etc/letsencrypt/live/suda.formatc.hr/privkey.pem

Control novnc service

sudo systemctl start/stop/restart/... novnc

Control x11vnc service

sudo systemctl start/stop/restart/... x11vnc

Renew Let's encrypt certificate

certbot certonly --standalone -d suda.formatc.hr

Enabling low level ports for a particular process

setcap cap_net_bind_service=+ep /usr/bin/novnc

Adding a restricted user

#add user
useradd -m $USERNAME

#Create the script named /usr/local/bin/rbash that contains the following:
#!/bin/bash
/bin/bash --restricted

#Make it executable 
chmod +r /usr/local/bin/rbash

#add /usr/local/bin/rbash to /etch/shells

#Change shell to the restricted shell 
chsh -s "/usr/local/bin/rbash" suda

Editing noVNC code

Files are in /usr/share/webapps/novnc (don't edit this!!)
Put your files wherever you want and run novnc with

 novnc --listen 443 --cert /etc/letsencrypt/live/suda.formatc.hr/fullchain.pem --key /etc/letsencrypt/live/suda.formatc.hr/privkey.pem --web ./index.html

(meaning current directory index.html file is what it serves to the client connecting via the browser)