Installing and Configuring VNC on Ubuntu 18.04

Introduction

Virtual Network Computing, or VNC, is a connection system that will allow you to use your keyboard and mouse to interact with a graphical desktop environment on some remote server. It makes managing files, software, and settings on a remote server easier for end users who are not yet comfortable and efficient with the command line.

Lets begin up with the set up of  a VNC server on an Ubuntu version 18.04 server and  learn  how to connect to it securely through an SSH tunnel. You’ll use TightVNC, a very fast and lightweight remote control package. This choice will confirm that our VNC connection will be smooth and not unstable even working on slower internet connections. 

Step 1 — Install the Desktop Environment and VNC Server

By default, an Ubuntu 18.04 server will not come with a graphical desktop environment or a VNC server installed, so we’ll have  to install those. Specifically, we will install packages for the latest Xfce desktop environment and the TightVNC package available in the official repository of Ubuntu .

On your server, first update your list of packages:

$sudo apt update 

Now install the Xfce desktop environment on the server:

$sudo apt install tightvncserver

 

Once that installation gets completed, install the TightVNC server:

$sudo apt install tightvncserver

To complete the VNC server’s initial configuration after we have installed it, use the vncserver command to set up a very secure password and create the initial configuration files:

$vncserver

You’ll now be induced to enter and verify a password to access the machine remotely.The password must be between six to eight characters long. Passwords more than 8 characters will get truncated automatically.Once you are done verifying the password, you’ll have the option to also create a a view-only password. Users who log in with the view-only password,then will not be able to control the VNC instance with their mouse or keyboard. The process then creates the necessary default configuration files and also the connection information for the server.

Step 2 — Configuring the VNC Server

The VNC server needs to know which commands has to be executed when it starts up. Specifically, VNC needs to know which graphical desktop it would have to connect to.

Such commands are there in the configuration file basically called xstartup in the .vnc folder under your home directory. The startup script was created when you ran the vncserver in the above step, but we’ll create our own to launch the Xfce desktop.

When VNC is first set up, it launches a default server instance on default port 5901. This port is called a display port, and is also referred to by VNC as :1. VNC can also launch multiple instances on other display ports, like :2, :3, and so on.

Because we are going to be changing how the VNC server is configured, first stop the VNC server instance that is already running on port 5901 with the following command:

$vncserver -kill :1

Before you modify the xstartup file, you should back up the original:

$mv ~/.vnc/xstartup ~/.vnc/xstartup.bak

Now creating a new xstartup file and open it in your text editor:

$nano ~/.vnc/xstartup

Commands in this file get executed automatically whenever you start or restart the VNC server. We need VNC to start our desktop environment if it’s not already started yet. Add these commands to the file:

#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &

The  command in the following file on the first of, xrdb $HOME/.Xresources, tells VNC’s GUI framework to read the user's belonging to the server  .Xresources file. .Xresources is where a user can make changes to patiicular settings of their graphical desktop, like terminal colors, cursor themes, and font rendering. The second command notifies the server to launch the Xfce, which is where you will find all of the graphical software that you will need to comfortably manage your server.

To ensure that the VNC server will be able to use this new startup file properly, we’ll first need to make it executable.

$sudo chmod +x ~/.vnc/xstartup

Now, restartg nfthe VNC server.

$vncserver

 

 

Step 3 — Connecting the VNC Desktop Securely

VNC itself doesn’t use secure protocols when making a connection. We’ll use an SSH tunnel to connect ensure security to our server, and then tell our VNC client to use that SSH tunnel rather than making a direct connection.

Now Create an SSH connection on your local system that securely forwards to the localhost connection for VNC. You can do this via the terminal on Linux with the following command:

$ssh -L 5901:127.0.0.1:5901 -C -N -l sammy your_server_ip 

The -L switch is specifying port bindings. In this case we’re binding port 5901 of the remote connection to port 5901 on your local machinee or system. The -C switch enables th compression, while the -N switch tells ssh that we don’t nede to execute a remote command. The -l switch specifies the  login name.

If you are utilizing a graphical SSH client, like PuTTY, use your_server_ip as the connection IP, and set localhost:5901 as a new forwarded port in the settings of the  program’s SSH tunnel .

Once you have yout tunnel  running, use a VNC client to connect to the localhost:5901. You’ll be prompted to authenticate using the password to have previously set .

Once you are connected, you’ll finally see the default Xfce desktop. 

Step 4 — Run VNC -Virtual Network Computing as of a System Service

Next, we’ll set up the VNC server as a systemd service so we can start, stop, and restart it as requred, like any other service. This will also ensure that VNC also starts up when your server reboots.

First, create a new unit file called /etc/systemd/system/[email protected] using any of your  text editor:

$sudo nano /etc/systemd/system/[email protected]

Add these lines to the file.

[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target

[Service]
Type=forking
User=sammy
Group=sammy
WorkingDirectory=/home/sammy

PIDFile=/home/sammy/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :%i
ExecStop=/usr/bin/vncserver -kill :%i

[Install]
WantedBy=multi-user.target

 

Save and close the file.

Next, make the system aware that we have new unit file.

$sudo systemctl daemon-reload

 

Enable then the unit file.

$sudo systemctl enable [email protected]

Stop the current instance of the VNC server if it’s still in  running mode.

$vncserver -kill :1

 

Then start it the same way as you would start any other systemd service.

$sudo systemctl start vncserver@1

You can verify that it started or not with this command:

$sudo systemctl status vncserver@1

 

Your VNC server will now be available when you reboot your machine.

Start your SSH tunnel now again:

$ssh -L 5901:127.0.0.1:5901 -C -N -l sammy your_server_ip

Then make sure to make a new connection using your VNC client software to localhost:5901 to connect to your machine..