A graphical desktop sharing system called Virtual Network Computing (VNC) enables you to remotely operate another computer using your keyboard and mouse.
A free and open-source replacement for the Microsoft remote desktop protocol is available (RDP).
The installation and configuration of a VNC server on Ubuntu 20.04 are covered in this article.
Additionally, we'll demonstrate how to establish a secure SSH tunnel connection to the VNC server.
Installing Desktop Environment
Ubuntu servers don't come with a desktop environment pre-installed and are operated via the command line.
You can skip this step if you use Ubuntu on your desktop.
The Ubuntu repository contain a variety of desktop environments.
Installing Gnome, the default desktop environment in Ubuntu 20.04, is one choice.
Installing Xfce is an additional choice.
It is the best desktop environment for use on a remote server since it is quick, reliable, and lightweight.
Installing Xfce is covered in this guide.
the following commands should be entered by a user with sudo privilege:
sudo apt update
sudo apt install xfce4 xfce4-goodies
It could take some time to download and install the Xfce packages, depending on your machine.
Installing VNC Server
Ubuntu repositories have a variety of VNC servers, including TightVNC, TigerVNC, and x11vnc.
Each VNC server has unique performance and security advantages and disadvantages.
sudo apt install tigervnc-standalone-server
Configuring VNC Access
The initial user configuration and password setup are done once the VNC server has been installed.
The vncpasswd command can be used to change the user password.
Run the following command without using sudo:
vncpasswd
You will be asked to enter your password, confirm it, and decide if you want to make it a view-only password.
The user won't be able to use the mouse or keyboard to communicate with the VNC instance if you opt to put up a view-only password:
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
The password file is stored in the ~/.vnc directory, which is created if not present.
Next, we need to configure TigerVNC to use Xfce. To do so, create the following file:
nano ~/.vnc/xstartup
#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
exec startxfce4
Save and close the file. The commands above are automatically executed whenever you start or restart the TigerVNC server.
The ~/.vnc/xstartup file also needs to have execute permissions. Use the chmod command to set the file permissions:
chmod u+x ~/.vnc/xstartup
Create a file called config and add one option each line if you need to give the VNC server more choices.
Here's an illustration: Edit ~/.vnc/config
geometry=1920x1080
dpi=96
You can now start the VNC server using the vncserver command:
vncserver
Output:
New 'server2.linuxize.com:1 (linuxize)' desktop at :1 on machine server2.linuxize.com
Starting applications specified in /home/linuxize/.vnc/xstartup
Log file is /home/linuxize/.vnc/server2.linuxize.com:1.log
Use xtigervncviewer -SecurityTypes VncAuth -passwd /home/linuxize/.vnc/passwd :1 to connect to the VNC server.
In the output above, take note of the:1 after the hostname.
This displays the display port number where the vnc server is currently running.
The server is operating in this instance on TCP port 5901 (5900+1).
The server is currently operating on port 5902 (5900+2) since if you use vncserver to start a second instance, it will run on the next available port, i.e.
When working with VNC servers, it's crucial to keep in mind that :X is a display port that stands for 5900+X.
You may receive a list of all the VNC sessions that are active right now by typing:
vncserver -list
Output:
TigerVNC server sessions:
X DISPLAY # RFB PORT # PROCESS ID
:1 5901 5710
Before continuing with the next step, stop the VNC instance using the vncserver command with a -kill option and the server number as an argument. In this example, the server is running in port 5901 (:1), so we’ll stop it with:
vncserver -kill :1
Output:
Killing Xtigervnc process ID 5710... success!
Creating a Systemd unit file
Let's write a systemd unit file to automate starting, stopping, and restarting the VNC service rather than manually beginning the session.
Copy and paste the following configuration into your text editor once it is open.
Please ensure that the username on line 7 corresponds to your username.
sudo nano /etc/systemd/system/vncserver@.service
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=simple
User=linux
PAMName=login
PIDFile=/home/%u/.vnc/%H%i.pid
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill :%i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver :%i -geometry 1440x900 -alwaysshared -fg
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.target
Save and close the file.
Notify systemd that a new unit file is created:
sudo systemctl daemon-reload
Enable the service to start on boot:
sudo systemctl enable vncserver@1.service
The number 1 after the @ sign defines the display port on which the VNC service will run. This means that the VNC server will listen on port 5901, as we discussed in the previous section.
Start the VNC service by executing:
sudo systemctl start vncserver@1.service
Verify that the service is successfully started with:
sudo systemctl status vncserver@1.service
Output:
● vncserver@1.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver@.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2021-03-26 20:00:59 UTC; 3s ago
...
Connecting to VNC server
Since VNC is not an encrypted protocol, packet sniffing is possible.
Creating an SSH tunnel and securely forwarding traffic from your local workstation on port 5901 to the server is the suggested course of action.
Set Up SSH Tunneling on Linux and macOS
You may quickly construct an SSH tunnel on your computer with the following command if you use Linux, macOS, or any other Unix-based operating system:
ssh -L 5901:127.0.0.1:5901 -N -f -l vagrant 192.168.33.10
The user password must be entered when requested.
Make sure you substitute your username and server's IP address for username and server ip address, respectively.
Set Up SSH Tunneling on Windows
The PuTTY SSH client can be used to configure SSH tunneling on Windows systems.
Launch Putty and type the IP address of your server in the Host name or IP address field.
Under the Connection menu, box, expand SSH, and select Tunnels. Enter the VNC server port (5901) in the Source Port field and enter server_ip_address:5901 in the Destination field and click on the Add button as shown in the image below:
Go back to the Session page to save the settings, so you do not need to enter them each time. To the remote server, select the saved session and click on the Open button.
Connecting using Vncviewer
It's time to open your VNC viewer and connect to the VNC Server at localhost:5901 now that the SSH tunnel has been formed.
Any VNC viewer is acceptable, including Vinagre, TigerVNC, TightVNC, RealVNC, UltraVNC, and VNC Viewer for Google Chrome.
TigerVNC will be used here. Click the Connect button after opening the viewer and entering localhost:5901.
Enter your user password when prompted, and you should see the default Xfce desktop. It will look something like this:
From your local computer, you can begin interacting with the remote XFCE desktop using your keyboard and mouse.
Conclusion
On Ubuntu 20.04, we demonstrated how to set up and configure a VNC server.
Use the vncpasswd command to set up the basic settings and the password in order to configure your VNC server to launch a display for more than one user.
Additionally, a new service file with a different port must be created.
If you have any questions, don't hesitate to leave a remark.
Top comments (0)