Modern VNC Server and client, web based and secure
Go to file
2022-11-29 12:18:40 +00:00
.ci Fix CI to mangle rpms to produce 0.9.4 2022-08-19 13:11:15 +00:00
builder openSUSE: speed up package building and testing 2022-11-25 01:22:28 +13:00
centos 1.0.0 release 2022-11-29 12:18:40 +00:00
cmake Correct spelling of License file 2021-04-20 15:41:38 -04:00
common Accidentally accessed wrong var 2022-11-15 10:26:09 +02:00
contrib Correct spelling of License file 2021-04-20 15:41:38 -04:00
debian 1.0.0 release 2022-11-29 12:18:40 +00:00
doc update docs 2022-11-25 19:59:06 +00:00
docker Update README.md 2020-10-11 13:44:40 -04:00
kasmweb@59aec69dee update novnc ref 2022-11-28 20:38:50 +00:00
opensuse 1.0.0 release 2022-11-29 12:18:40 +00:00
oracle 1.0.0 release 2022-11-29 12:18:40 +00:00
release Config-based KasmVNC 2022-08-19 17:54:11 +00:00
spec KASM-3542 new yaml options http-header, stun server 2022-11-10 10:36:24 +00:00
tests Initial commit 2020-09-20 12:16:44 +00:00
unix update docs 2022-11-25 19:59:06 +00:00
win Add support for notifying clients about pointer movements 2021-03-29 11:27:54 +03:00
.gitignore Config-based KasmVNC 2022-08-19 17:54:11 +00:00
.gitlab-ci.yml Config-based KasmVNC 2022-08-19 17:54:11 +00:00
.gitmodules point novnc ref to tip of master 2022-11-02 13:35:06 -04:00
ACKNOWLEDGEMENTS.md Correct spelling of License file 2021-04-20 15:41:38 -04:00
BUILDING.txt Initial commit 2020-09-20 12:16:44 +00:00
CMakeLists.txt Udp 2022-07-26 10:38:14 +00:00
config.h.in Silence clang deprecated warnings on macOS 2020-09-21 13:43:22 +03:00
DEBUGGING.md Resolve KASM-2301 "Feature/ debug docs" 2022-02-23 11:23:44 +00:00
LICENSE.TXT [skip CI] updates to docs 2021-04-13 10:23:00 -04:00
Pipfile Config-based KasmVNC 2022-08-19 17:54:11 +00:00
Pipfile.lock Config-based KasmVNC 2022-08-19 17:54:11 +00:00
README.md update docs 2022-11-25 19:59:06 +00:00
run-specs Config-based KasmVNC 2022-08-19 17:54:11 +00:00

KasmVNC - Linux Web Remote Desktop

Kasm Technologies developed Kasm Workspaces, the Containerized Streaming Platform. Kasm has open-sourced the Workspace docker images, which include containerized full desktops and apps and base images intended for developers to create custimized streaming containers. These containers can be used standalone or within the Kasm Workspaces Platform which provides a full Enterprise feature set. KasmVNC is used as the streaming tech for our container images, however, you can use KasmVNC for individual servers. While the term VNC is in the name, KasmVNC is not compliant with the RFB spec and has different goals than other VNC projects:

  • Modern - KasmVNC is designed to provide a web accessible remote desktop. It comes with a web server and websocket server built in. There is no need to install other components. Simply run and navigate to your desktop's URL on the port you specify. While you can still turn on the legacy VNC port, it is disabled by default and will not work with legacy VNC clients.
  • Secure - The RFB specification (VNC) limits the password field to 8 characters, so while the client may take a longer password, only the first 8 characters are sent. KasmVNC defaults to HTTPS with HTTP Basic Auth and disables the legacy VNC authentication method which is not sufficiently secure for internet accessible systems.
  • Simple - KasmVNC aims at being simple to deploy and configure.

Documentation

Do not use the README from the master branch, unless you are compiling KasmVNC yourself from the tip of master. Use the documentation for your specific release.

For beta releases prior to version 1.0.0, use the README in this github project on the tagged commit for that release.

Installation

You must disconnect and reconnect to the server after installation, for the group membership to apply.

Debian/Ubuntu/Kali

# Please choose the package for your distro here (under Assets):
# https://github.com/kasmtech/KasmVNC/releases
wget <package_url>

sudo apt-get install ./kasmvncserver_*.deb

# Add your user to the ssl-cert group
sudo addgroup $USER ssl-cert

Oracle 8

# Please choose the package for your distro here (under Assets):
# https://github.com/kasmtech/KasmVNC/releases
wget <package_url>

# Ensure KasmVNC dependencies are available
sudo dnf config-manager --set-enabled ol8_codeready_builder
sudo dnf install oracle-epel-release-el8

sudo dnf localinstall ./kasmvncserver_*.rpm

# Add your user to the kasmvnc-cert group
sudo usermod -a -G kasmvnc-cert $USER

CentOS 7

# Please choose the package for your distro here (under Assets):
# https://github.com/kasmtech/KasmVNC/releases
wget <package_url>

# Ensure KasmVNC dependencies are available
sudo yum install epel-release

sudo yum install ./kasmvncserver_*.rpm

# Add your user to the kasmvnc-cert group
sudo usermod -a -G kasmvnc-cert $USER

Getting Started

The following examples provide basic usage of KasmVNC with the tools provided. For full documentation on all the utilities and the runtime environment, see our KasmVNC Documentation

# Start a session and be guided to setup a user and select a default desktop environment
vncserver

# Start a session with the mate desktop environment
vncserver -select-de mate

# Add a new user with read/write permissions
vncpasswd -u my_username -w -r

# Tail the logs
tail -f ~/.vnc/*.log

# Get a list of current sessions with display IDs
vncserver -list

# Kill the VNC session with display ID :2
vncserver -kill :2

Configuration

KasmVNC is configured via YAML based configurations. The server level configuration is at /etc/kasmvnc/kasmvnc.yaml. Edits to this file apply to all users. Individual users can override server global configurations by specifying them in their configuration file at ~/.vnc/kasmvnc.yaml.

The following configuration shows all default settings. Many of the encoding settings can be overridden by the client, unless the runtime_configuration.allow_client_to_override_kasm_server_settings setting is set tot false. By default the client is allowed to modify encoding settings.

For a full description of each setting see the configuration reference.

desktop:
  resolution:
    width: 1024
    height: 768
  allow_resize: true
  pixel_depth: 24

network:
  protocol: http
  interface: 0.0.0.0
  websocket_port: auto
  use_ipv4: true
  use_ipv6: true
  udp:
    public_ip: auto
    port: auto
    stun_server: auto
  ssl:
    pem_certificate: /etc/ssl/certs/ssl-cert-snakeoil.pem
    pem_key: /etc/ssl/private/ssl-cert-snakeoil.key
    require_ssl: true

user_session:
  new_session_disconnects_existing_exclusive_session: false
  concurrent_connections_prompt: false
  concurrent_connections_prompt_timeout: 10
  idle_timeout: never

keyboard:
  remap_keys:
  ignore_numlock: false
  raw_keyboard: false

pointer:
  enabled: true

runtime_configuration:
  allow_client_to_override_kasm_server_settings: true
  allow_override_standard_vnc_server_settings: true
  allow_override_list:
    - pointer.enabled
    - data_loss_prevention.clipboard.server_to_client.enabled
    - data_loss_prevention.clipboard.client_to_server.enabled
    - data_loss_prevention.clipboard.server_to_client.primary_clipboard_enabled

logging:
  log_writer_name: all
  log_dest: logfile
  level: 30

security:
  brute_force_protection:
    blacklist_threshold: 5
    blacklist_timeout: 10

data_loss_prevention:
  visible_region:
    # top: 10
    # left: 10
    # right: 40
    # bottom: 40
    concealed_region:
      allow_click_down: false
      allow_click_release: false
  clipboard:
    delay_between_operations: none
    allow_mimetypes:
      - chromium/x-web-custom-data
      - text/html
      - image/png
    server_to_client:
      enabled: true
      size: unlimited
      primary_clipboard_enabled: false
    client_to_server:
      enabled: true
      size: unlimited
  keyboard:
    enabled: true
    rate_limit: unlimited
  logging:
    level: off

encoding:
  max_frame_rate: 60
  full_frame_updates: none
  rect_encoding_mode:
    min_quality: 7
    max_quality: 8
    consider_lossless_quality: 10
    rectangle_compress_threads: auto

  video_encoding_mode:
    jpeg_quality: -1
    webp_quality: -1
    max_resolution:
      width: 1920
      height: 1080
    enter_video_encoding_mode:
      time_threshold: 5
      area_threshold: 45%
    exit_video_encoding_mode:
      time_threshold: 3
    logging:
      level: off
    scaling_algorithm: progressive_bilinear

  compare_framebuffer: auto
  zrle_zlib_level: auto
  hextile_improved_compression: true

server:
  http:
    headers:
      - Cross-Origin-Embedder-Policy=require-corp
      - Cross-Origin-Opener-Policy=same-origin
    httpd_directory: /usr/share/kasmvnc/www
  advanced:
    x_font_path: auto
    kasm_password_file: ${HOME}/.kasmpasswd
    x_authority_file: auto
  auto_shutdown:
    no_user_session_timeout: never
    active_user_session_timeout: never
    inactive_user_session_timeout: never

command_line:
  prompt: true

New Features!

  • Webp image compression for better bandwidth usage
  • Automatic mixing of webp and jpeg based on CPU availability on server
  • Multi-threaded image encoding for smoother frame rate for servers with more cores
  • WebRTC UDP Transit
  • Lossless QOI Image format for Local LAN
  • Full screen video detection, goes into configurable video mode for better full screen videoo playback performance.
  • Dynamic jpeg/webp image coompression quality settings based on screen change rates
  • Seemless clipboard support (on Chromium based browsers)
  • Binary clipboard support for text, images, and formatted text (on Chromium based browsers)
  • Allow client to set/change most configuration settings
  • Data Loss Prevention features
    • Key stroke logging
    • Clipboard logging
    • Max clipboard transfer size up and down
    • Min time between clipboard operations required
    • Keyboard input rate limit
    • Screen region selection
  • Deb packages for Debian, Ubuntu, and Kali Linux included in release.
  • RPM packages for CentOS, Oracle, OpenSUSE, Fedora. RPM packages are currently not updatable and not released, though you can build and install them. See build documentation.
  • Web API added for remotely controlling and getting information from KasmVNC
  • Multi-User support with permissions that can be changed via the API
  • Web UI uses a webpack for faster load times.
  • Network and CPU bottleneck statistics
  • Relative cursor support (game pointer mode)
  • Cursor lock
  • IME support for languages with extended characters
  • Better mobile support

Future Goals:

  • H264 encoding

Compiling From Source

See the builder/README.md. We containerize our build systems to ensure highly repeatable builds.

License and Acknowledgements

See the LICENSE.TXT and ACKNOWLEDGEMENTS.MD