The tutorial will consist of the following sections:
- What is VNC
- Installing the desktop environment
- Installing the VNC server
- Configure the VNC server
- Run VNC as a system service
- Connecting to the VNC server
VNC or Virtual Network Computing is a graphical desktop sharing system that allows users to control the desktop interface of a computer remotely through another computer or mobile device. With VNC you can interact with a remote server using your keyboard and mouse.
The user will have complete access to operate a full desktop environment making it easier to manage files, software, and configuration settings on the server. When you have access to a GUI of a server than the command line, it’s always much easier for developers who are not yet comfortable with the commands.
Note: The Ubuntu server and Ubuntu cloud editions do not contain a graphical user interface (GUI). Therefore we will first install a GUI before heading to the VNC server installation. However, due to the installation of the GUI, the server will utilize more resources than the original version.
- An Ubuntu 18.04 server with a user with Sudo privileges (not root user).
- A local computer with VNC client installed:
As mentioned earlier, Ubuntu does not have a graphical desktop environment or a VNC server installed by default. To go forward with the installation process, we will install a desktop environment (DE) that is lightweight and ideal for a remote server.
Our choice of DE will be the Xfce as it is available from the official Ubuntu repository. Since it is lightweight and fast, the connection will be smooth and stable even on slower internet connections.
- Once you connect to the server, you should first update your list of packages:
sudo apt update
- The next step is to install the Xfce along with some enhancements for the desktop environment:
sudo apt install xfce4 xfce4-goodies
Note that during the installation process, you will be prompted to choose a default display manager. In this tutorial, the choice does not play a big role so you can pick whichever one you prefer.
Depending on your system, it may take a couple of minutes.
There are a different number of VNC server packages available in Ubuntu repositories. To name a few we have TightVNC, TigerVNC, and x11vnc. Each server has its own strengths and weaknesses however for this tutorial we will be installing TigerVNC as it is an actively maintained VNC server.
TigerVNC adds encryption for all supported operating systems and focuses on performance and on remote display functionalities.
- You can install the TigerVNC server by entering the following command:
sudo apt install tigervnc-standalone-server tigervnc-common
- Once the server is installed, you should add a VNC access password and create the initial configuration file. In order to set the password, enter the following:
Note: Do not use the sudo command when running the vncserver command!
You will be prompted to add and verify a password to access the machine remotely. The required password must be between six and eight characters long. Anything longer than 8 characters will be shortened automatically.
- Now you will be prompted with “Would you like to enter a view-only password (y/n)?” Here enter n and press enter.
The reason is that users who log in with the view-only password will not be able to control the VNC instances with the keyboard and mouse. Since you will need to interact with the server, we will choose n.
Once you go forward from this step, the system will create the default configuration file and connection information for the server. Now let me go through the configuration file details.
It launches a default server instance on port 5901 (5900 +1) which is known as the display port. This is referred to by VNC as :1. You can see this after the hostname (pay attention to the red box). If you create a second instance with vncserver it will run on the next free port :2, which is 5902 (5900 +2). VNC can create multiple instances on other display ports with :3 referring to 5903, :4 referring to 5904, and so on. The main thing to note here is that when working with VNC servers :X is a display port that refers to the 5900 + X.
Now your VNC server is installed and running successfully. Now we will need to configure the server to launch Xfce and provide access to the server via the graphical interface.
Even though the VNC server is running, it needs to know which commands to execute when it starts up. Since we will connect remotely, VNC needs to know which graphical environment it should connect to.
During the initial startup, the VNC server runs the commands that are located in a configuration file called xstartup in the .vnc folder (in your home directory). The startup script was created when we entered the vncserver command but now we will create our own to launch the Xfce desktop environment.
Before we go-ahead to change the VNC server configurations, we should stop any VNC server instances that are running. We can stop the previous VNC instance that is running on port 5901 (:1) using the following command:
vncserver –kill :1
You will see an output as follows, however with a different PID:
- Now let’s go ahead and configure TigerVNC to use Xfce. First create the following file:
Enter the following in the text editor:
- Save and close the file (Ctrl + x, y, Enter). The commands above will be automatically executed whenever the TigerVNC server will be started or restarted.
- Now we need to provide the file with execute permissions. To make sure that the VNC server will be able to use this new startup file properly, enter the following command:
chmod u+x ~/.vnc/xstartup
We’re almost done! In this step, we are going to set the VNC server to run as a system service. By setting the VNC server to run as a system service you can start, stop and restart the VNC service as needed just like other system services.
First, we need to create a new unit file as follows:
sudo nano /etc/systemd/system/vncserver@.service
Now copy-paste the following text into the text editor. Make sure to change the username to match your username.
Description=Remote desktop service (VNC)
ExecStartPre=/bin/sh –c ‘/usr/bin/vncserver –kill :%i > /dev/null 2>&1 || :’
ExecStart=/usr/bin/vncserver :%i –geometry 1440x900 –alwaysshared –fg
ExecStop=/usr/bin/vncserver –kill :%i
- Save and close the file
- Notify systemd that we created a new unit file by entering:
sudo systemctl daemon-reload
- Now we can enable the unit file using the following command:
sudo systemctl enable firstname.lastname@example.org
The number 1 after the @ sign defines the display port on which the VNC service will run. This means that the VNC server will listen on port 5901, as we discussed in the previous section.
- Stop the current instance of VNC server if it is still running:
vncserver -kill :1
- Start the VNC service by executing:
sudo systemctl start email@example.com
- Verify if it is running successfully by:
sudo systemctl status firstname.lastname@example.org
If you will get and output as follows, then the service is running perfectly.
email@example.com - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver@.service; indirect; vendor preset: enabled)
Active: active (running) since Thu 2021-02-22 19:05:54 UTC; 4s ago
Process: 9893 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill :1 > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
Main PID: 28968 (vncserver)
Tasks: 0 (limit: 507)
‣ 28968 /usr/bin/perl /usr/bin/vncserver :1 -geometry 1440x900 -alwaysshared –fg
VNC itself does not provide any security protocols when connecting which can lead to packet sniffing and other cyber-attacks. In order to avoid any type of security breach, we will create an SSH tunnel that will securely forward the traffic from the local machine to the server using port 5901.
Set up SSH tunneling on Linux and macOS
Enter the following command to create an SSH tunnel:
ssh -L 5901:127.0.0.1:5901 -N -f -l username server_ip_address
Don’t forget to change the username and server_ip_address with your username and the IP address of your server.
At this point, you will be prompted to enter the user password. Enter the password and press enter.
Set up SSH tunneling on Windows
In Windows, you can set the SSH tunnel by using the PuTTY SSH client. When you open PuTTY enter the server IP address in the Host Name (or IP address) section:
On the left-hand menu, you will see SSH under Connections. Expand it and select Tunnels.
- Enter the source port as 5901
- Enter the destination as follows - server_ip_address:5901
- Click on Add
Now go back to the Session page to save the data and click on the Open button. This will open the connection where you will be prompted to enter the VNC password.
Once you are connected, you will see the default Xfce desktop interface.
By now, you have successfully installed and configured a VNC server that is up and running on your Ubuntu 18.04 (or 20.04) server. You can now easily manage your server files, software, and configurations from the comfort of your local desktop machine.
If you want to get your hands on a high-performing server, check our VPS solutions. With 1Gbits VPS servers we provide VNC access by default and the server will be provisioned in less than 30 seconds.
If you have any questions, feel free to leave a comment below.