This article explains how to install and configure a VNC server on Ubuntu 20.04. We’ll also show you how to securely connect to the VNC server through an SSH tunnel.
Installing Desktop Environment
Ubuntu servers are managed from the command line and do not have a desktop environment installed by default. If you run the desktop version of Ubuntu, skip this step.
There are various desktop environments available in Ubuntu repositories. One option is to install Gnome, which is the default desktop environment in Ubuntu 20.04. Another option is to install Xfce . It is a fast, stable, and lightweight desktop environment, which makes it ideal for usage on a remote server.
In this guide, we’ll install Xfce. Enter the following commands as a user with sudo privileges :
sudo apt update
sudo apt install xfce4 xfce4-goodies
Depending on your system, downloading and installing Xfce packages may take some time.
Installing VNC Server
There are several different VNC servers available in Ubuntu repositories, such as TightVNC , TigerVNC , and x11vnc . Each VNC server has different strengths and weaknesses in terms of speed and security.
We’ll be installing TigerVNC. It is an actively maintained high-performance VNC server. Type the following command to install the package:
sudo apt install tigervnc-standalone-server
Configuring VNC Access
Once the VNC server is installed, the next step is to create the initial user configuration and set up the password.
Set the user password using the vncpasswd
command. Do not use sudo when running the command below:
vncpasswd
You will be prompted to enter and confirm the password and whether to set it as a view-only password. If you choose to set up a view-only password, the user will not be able to interact with the VNC instance with the mouse and the keyboard.
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
The password file is stored in the ~/.vnc
directory, which is created if not present.
Next, we need to configure TigerVNC to use Xfce. To do so, create the following file:
nano ~/.vnc/xstartup
#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
exec startxfce4
Save and close the file. The commands above are automatically executed whenever you start or restart the TigerVNC server.
The ~/.vnc/xstartup
file also needs to have execute permissions. Use the chmod
command to set the file permissions:
chmod u+x ~/.vnc/xstartup
If you need to pass additional options to the VNC server, create a file named config
and add one option per line. Here is an example:
geometry=1920x1080
dpi=96
You can now start the VNC server using the vncserver
command:
vncserver
New 'server2.linuxize.com:1 (linuxize)' desktop at :1 on machine server2.linuxize.com
Starting applications specified in /home/linuxize/.vnc/xstartup
Log file is /home/linuxize/.vnc/server2.linuxize.com:1.log
Use xtigervncviewer -SecurityTypes VncAuth -passwd /home/linuxize/.vnc/passwd :1 to connect to the VNC server.
Note the :1
after the hostname in the output above. This indicates the number of the display port on which the vnc server is running. In this example, the server is running on TCP port 5901
(5900+1). If you create a second instance with vncserver
it will run on the next free port i.e :2
, which means that the server is running on port 5902
(5900+2).
What is important to remember is that when working with VNC servers, :X
is a display port that refers to 5900+X
.
You can get a list of all the currently running VNC sessions by typing:
vncserver -list
TigerVNC server sessions:
X DISPLAY # RFB PORT # PROCESS ID
:1 5901 5710
Before continuing with the next step, stop the VNC instance using the vncserver
command with a -kill
option and the server number as an argument. In this example, the server is running in port 5901 (:1
), so we’ll stop it with:
vncserver -kill :1
Killing Xtigervnc process ID 5710... success!
Creating a Systemd unit file
Instead of manually starting the VNC session, let’s create a systemd unit file so that you start, stop, and restart the VNC service as needed.
Open your text editor and copy and paste the following configuration into it. Make sure to change the username on line 7 to match your username.
sudo nano /etc/systemd/system/vncserver@.service
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=simple
User=linuxize
PAMName=login
PIDFile=/home/%u/.vnc/%H%i.pid
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill :%i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver :%i -geometry 1440x900 -alwaysshared -fg
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.target
Save and close the file.
Notify systemd that a new unit file is created:
sudo systemctl daemon-reload
Enable the service to start on boot:
sudo systemctl enable vncserver@1.service
The number 1
after the @
sign defines the display port on which the VNC service will run. This means that the VNC server will listen on port 5901
, as we discussed in the previous section.
Start the VNC service by executing:
sudo systemctl start vncserver@1.service
Verify that the service is successfully started with:
sudo systemctl status vncserver@1.service
● vncserver@1.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver@.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2021-03-26 20:00:59 UTC; 3s ago
...
Connecting to VNC server
VNC is not an encrypted protocol and can be subject to packet sniffing. The recommended approach is to create an SSH tunnel and securely forward traffic from your local machine on port 5901 to the server on the same port.
Set Up SSH Tunneling on Linux and macOS
If you run Linux, macOS, or any other Unix-based operating system on your machine, you can easily create an SSH tunnel with the following command:
ssh -L 5901:127.0.0.1:5901 -N -f -l vagrant 192.168.33.10
You will be prompted to enter the user password.
Make sure to replace username
and server_ip_address
with your username and the IP address of your server.
Set Up SSH Tunneling on Windows
If you run Windows, you can set up SSH Tunneling using the PuTTY SSH client .
Open Putty and enter your server IP Address in the Host name or IP address
field.
Under the Connection
menu, box, expand SSH
, and select Tunnels
. Enter the VNC server port (5901
) in the Source Port
field and enter server_ip_address:5901
in the Destination
field and click on the Add
button as shown in the image below:
Go back to the Session
page to save the settings, so you do not need to enter them each time. To the remote server, select the saved session and click on the Open
button.
Connecting using Vncviewer
Now that the SSH tunnel is created, it is time to open your Vncviewer and to connect to the VNC Server at localhost:5901
.
You can use any VNC viewer such as TigerVNC, TightVNC, RealVNC, UltraVNC, Vinagre, and VNC Viewer for Google Chrome .
We’ll be using TigerVNC. Open the viewer, enter localhost:5901
, and click on the Connect
button.
Enter your user password when prompted, and you should see the default Xfce desktop. It will look something like this:
You can start interacting with the remote XFCE desktop from your local machine using your keyboard and mouse.