Virtual Network Computing, or VNC, is a connection system that will allow you to use your keyboard and mouse to interact with a graphical desktop environment on some remote server. It makes managing files, software, and settings on a remote server easier for end users who are not yet comfortable and efficient with the command line.
Lets begin up with the set up of a VNC server on an Ubuntu version 18.04 server and learn how to connect to it securely through an SSH tunnel. You’ll use TightVNC, a very fast and lightweight remote control package. This choice will confirm that our VNC connection will be smooth and not unstable even working on slower internet connections.
By default, an Ubuntu 18.04 server will not come with a graphical desktop environment or a VNC server installed, so we’ll have to install those. Specifically, we will install packages for the latest Xfce desktop environment and the TightVNC package available in the official repository of Ubuntu .
On your server, first update your list of packages:
$sudo apt update
Now install the Xfce desktop environment on the server:
$sudo apt install tightvncserver
Once that installation gets completed, install the TightVNC server:
$sudo apt install tightvncserver
To complete the VNC server’s initial configuration after we have installed it, use the vncserver
command to set up a very secure password and create the initial configuration files:
$vncserver
You’ll now be induced to enter and verify a password to access the machine remotely.The password must be between six to eight characters long. Passwords more than 8 characters will get truncated automatically.Once you are done verifying the password, you’ll have the option to also create a a view-only password. Users who log in with the view-only password,then will not be able to control the VNC instance with their mouse or keyboard. The process then creates the necessary default configuration files and also the connection information for the server.
The VNC server needs to know which commands has to be executed when it starts up. Specifically, VNC needs to know which graphical desktop it would have to connect to.
Such commands are there in the configuration file basically called xstartup
in the .vnc
folder under your home directory. The startup script was created when you ran the vncserver
in the above step, but we’ll create our own to launch the Xfce desktop.
When VNC is first set up, it launches a default server instance on default port 5901
. This port is called a display port, and is also referred to by VNC as :1
. VNC can also launch multiple instances on other display ports, like :2
, :3
, and so on.
Because we are going to be changing how the VNC server is configured, first stop the VNC server instance that is already running on port 5901
with the following command:
$vncserver -kill :1
Before you modify the xstartup
file, you should back up the original:
$mv ~/.vnc/xstartup ~/.vnc/xstartup.bak
Now creating a new xstartup
file and open it in your text editor:
$nano ~/.vnc/xstartup
Commands in this file get executed automatically whenever you start or restart the VNC server. We need VNC to start our desktop environment if it’s not already started yet. Add these commands to the file:
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &
The command in the following file on the first of, xrdb $HOME/.Xresources
, tells VNC’s GUI framework to read the user's belonging to the server .Xresources
file. .Xresources
is where a user can make changes to patiicular settings of their graphical desktop, like terminal colors, cursor themes, and font rendering. The second command notifies the server to launch the Xfce, which is where you will find all of the graphical software that you will need to comfortably manage your server.
To ensure that the VNC server will be able to use this new startup file properly, we’ll first need to make it executable.
$sudo chmod +x ~/.vnc/xstartup
Now, restartg nfthe VNC server.
$vncserver
VNC itself doesn’t use secure protocols when making a connection. We’ll use an SSH tunnel to connect ensure security to our server, and then tell our VNC client to use that SSH tunnel rather than making a direct connection.
Now Create an SSH connection on your local system that securely forwards to the localhost
connection for VNC. You can do this via the terminal on Linux with the following command:
$ssh -L 5901:127.0.0.1:5901 -C -N -l sammy your_server_ip
The -L
switch is specifying port bindings. In this case we’re binding port 5901
of the remote connection to port 5901
on your local machinee or system. The -C
switch enables th compression, while the -N
switch tells ssh
that we don’t nede to execute a remote command. The -l
switch specifies the login name.
If you are utilizing a graphical SSH client, like PuTTY, use your_server_ip
as the connection IP, and set localhost:5901
as a new forwarded port in the settings of the program’s SSH tunnel .
Once you have yout tunnel running, use a VNC client to connect to the localhost:5901
. You’ll be prompted to authenticate using the password to have previously set .
Once you are connected, you’ll finally see the default Xfce desktop.
Next, we’ll set up the VNC server as a systemd service so we can start, stop, and restart it as requred, like any other service. This will also ensure that VNC also starts up when your server reboots.
First, create a new unit file called /etc/systemd/system/[email protected]
using any of your text editor:
$sudo nano /etc/systemd/system/[email protected]
Add these lines to the file.
[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target
[Service]
Type=forking
User=sammy
Group=sammy
WorkingDirectory=/home/sammy
PIDFile=/home/sammy/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :%i
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.target
Save and close the file.
Next, make the system aware that we have new unit file.
$sudo systemctl daemon-reload
Enable then the unit file.
$sudo systemctl enable [email protected]
Stop the current instance of the VNC server if it’s still in running mode.
$vncserver -kill :1
Then start it the same way as you would start any other systemd service.
$sudo systemctl start vncserver@1
You can verify that it started or not with this command:
$sudo systemctl status vncserver@1
Your VNC server will now be available when you reboot your machine.
Start your SSH tunnel now again:
$ssh -L 5901:127.0.0.1:5901 -C -N -l sammy your_server_ip
Then make sure to make a new connection using your VNC client software to localhost:5901
to connect to your machine..