DOKK / manpages / debian 11 / tigervnc-scraping-server / X0tigervnc.1.en
X0tigervnc(1) TigerVNC Manual X0tigervnc(1)

X0tigervnc - TigerVNC Server for X displays

X0tigervnc [options]
X0tigervnc -version

X0tigervnc is a TigerVNC Server which makes any X display remotely accessible via VNC, TigerVNC or compatible viewers. Unlike Xtigervnc(1), it does not create a virtual display. Instead, it just shares an existing X server (typically, that one connected to the physical screen).

XDamage will be used if the existing X server supports it. Otherwise X0tigervnc will fall back to polling the screen for changes.

X0tigervnc interprets the command line as a list of parameters with optional values. Running X0tigervnc -h will show a list of all valid parameters with short descriptions. All parameters are optional, but normally you would have to use the PasswordFile parameter (see its description below).

There are several forms of specifying parameters in the command line (here we use `SomeParameter' as an example parameter name):

Enable the parameter, turn the feature on. This form can be used with parameters that simply enable or disable some feature.
Disable the parameter, turn the feature off.
Assign the specified value to the parameter. The leading dash can be omitted, or it can be doubled if desired (like in GNU-style long options).

Parameter names are case-insensitive, their order in the command line can be arbitrary.

The X display name. If not specified, it defaults to the value of the DISPLAY environment variable.
Specifies the TCP port on which X0tigervnc listens for connections from viewers (the protocol used in VNC is called RFB - "remote framebuffer"). The default port is 5900.
Use IPv4 for incoming and outgoing connections. Default is on.
Use IPv6 for incoming and outgoing connections. Default is on.
Specifies the path of a Unix domain socket on which X0tigervnc listens for connections from viewers, instead of listening on a TCP port.
Specifies the mode of the Unix domain socket. The default is 0600.
Configures the debug log settings. dest can currently be stderr, stdout or syslog, and level is between 0 and 100, 100 meaning most verbose output. logname is usually * meaning all, but you can target a specific source file if you know the name of its "LogWriter". Default is *:stderr:30.
This parameter allows one to specify a file name with IP access control rules. The file should include one rule per line, and the rule format is one of the following: +address/prefix (accept connections from the specified address group), -address/prefix (reject connections) or ?address/prefix (query the local user). The first rule matching the IP address determines the action to be performed. Rules that include only an action sign (+, - or ?) will match any IP address. Prefix is optional and is specified as a number of bits (e.g. /24). Default is to accept connections from any IP address.
Specify which security scheme to use for incoming connections. Valid values are a comma separated list of None, VncAuth, Plain, TLSNone, TLSVnc, TLSPlain, X509None, X509Vnc and X509Plain. Default is VncAuth,TLSVnc.
Password file for VNC authentication. There is no default, you should specify the password file explicitly. Password file should be created with the tigervncpasswd(1) utility. The file is accessed each time a connection comes in, so it can be changed on the fly.
Obfuscated binary encoding of the password which clients must supply to access the server. Using this parameter is insecure, use PasswordFile parameter instead.
A comma separated list of user names that are allowed to authenticate via any of the "Plain" security types (Plain, TLSPlain, etc.). Specify * to allow any user to authenticate using this security type. Default is to deny all users.
PAM service name to use when authentication users using any of the "Plain" security types. Default is vnc.
Path to a X509 certificate in PEM format to be used for all X509 based security types (X509None, X509Vnc, etc.).
Private key counter part to the certificate given in X509Cert. Must also be in PEM format.
GnuTLS priority string that controls the TLS session’s handshake algorithms. See the GnuTLS manual for possible values. Default is NORMAL.
Temporarily reject connections from a host if it repeatedly fails to authenticate. Default is on.
The number of unauthenticated connection attempts allowed from any individual host before that host is black-listed. Default is 5.
The initial timeout applied when a host is first black-listed. The host cannot re-attempt a connection until the timeout expires. Default is 10.
Prompts the user of the desktop to explicitly accept or reject incoming connections. Default is off.
Number of seconds to show the Accept Connection dialog before rejecting the connection. Default is 10.
Only allow connections from the same machine. Useful if you use SSH and want to stop non-SSH connections from any other hosts.
Always treat incoming connections as shared, regardless of the client-specified setting. Default is off.
Never treat incoming connections as shared, regardless of the client-specified setting. Default is off.
Disconnect existing clients if an incoming connection is non-shared. Default is on. If DisconnectClients is false, then a new non-shared connection will be refused while there is a client active. When combined with NeverShared this means only one client is allowed at a time.
Accept key press and release events from clients. Default is on.
Accept pointer press and release events from clients. Default is on.
Accept requests to resize the size of the desktop. Default is on.
Sets up a keyboard mapping. mapping is a comma-separated string of character mappings, each of the form char->char, or char<>char, where char is a hexadecimal keysym. For example, to exchange the " and @ symbols you would specify the following:

RemapKeys=0x22<>0x40
Send keyboard events straight through and avoid mapping them to the current keyboard layout. This effectively makes the keyboard behave according to the layout configured on the server instead of the layout configured on the client. Default is off.
Always use protocol version 3.3 for backwards compatibility with badly-behaved clients. Default is off.
This option specifies the screen area that will be shown to VNC clients. The format is widthxheight+xoffset+yoffset , where `+' signs can be replaced with `-' signs to specify offsets from the right and/or from the bottom of the screen. Offsets are optional, +0+0 is assumed by default (top left corner). If the argument is empty, full screen is shown to VNC clients (this is the default).
Maximum percentage of CPU time to be consumed when polling the screen. Default is 35.
Milliseconds per one polling cycle. Actual interval may be dynamically adjusted to satisfy MaxProcessorUsage setting. Default is 30.
The maximum number of updates per second sent to each client. If the screen updates any faster then those changes will be aggregated and sent in a single update to the client. Note that this only controls the maximum rate and a client may get a lower rate when resources are limited. Default is 60.
Perform pixel comparison on framebuffer to reduce unnecessary updates. Can be either 0 (off), 1 (always) or 2 (auto). Default is 2.
Use MIT-SHM extension if available. Using that extension accelerates reading the screen. Default is on.
Zlib compression level for ZRLE encoding (it does not affect Tight encoding). Acceptable values are between 0 and 9. Default is to use the standard compression level provided by the zlib(3) compression library.
Use improved compression algorithm for Hextile encoding which achieves better compression ratios by the cost of using slightly more CPU time. Default is on.
The number of seconds after which an idle VNC connection will be dropped. Default is 0, which means that idle connections will never be dropped.
Terminate when no client has been connected for N seconds. Default is 0.
Terminate when a client has been connected for N seconds. Default is 0.
Terminate after N seconds of user inactivity. Default is 0.
Time in milliseconds to wait for a viewer which is blocking the server. This is necessary because the server is single-threaded and sometimes blocks until the viewer has finished sending or receiving a message - note that this does not mean an update will be aborted after this time. Default is 20000 (20 seconds).
Currently unused.

Xtigervnc(1), tigervncpasswd(1),
https://www.tigervnc.org/

Constantin Kaplinsky and others.

VNC was originally developed by the RealVNC team while at Olivetti Research Ltd / AT&T Laboratories Cambridge. TightVNC additions were implemented by Constantin Kaplinsky. Many other people have since participated in development, testing and support. This manual is part of the TigerVNC software suite.

TigerVNC