DEV Community

Cover image for Install and Configure VNC on Ubuntu 20.04

Posted on

Install and Configure VNC on Ubuntu 20.04

A graphical desktop sharing system called Virtual Network Computing (VNC) enables you to remotely operate another computer using your keyboard and mouse.
A free and open-source replacement for the Microsoft remote desktop protocol is available (RDP).

The installation and configuration of a VNC server on Ubuntu 20.04 are covered in this article.
Additionally, we'll demonstrate how to establish a secure SSH tunnel connection to the VNC server.

Installing Desktop Environment
Ubuntu servers don't come with a desktop environment pre-installed and are operated via the command line.
You can skip this step if you use Ubuntu on your desktop.

The Ubuntu repository contain a variety of desktop environments.
Installing Gnome, the default desktop environment in Ubuntu 20.04, is one choice.
Installing Xfce is an additional choice.
It is the best desktop environment for use on a remote server since it is quick, reliable, and lightweight.

Installing Xfce is covered in this guide.
the following commands should be entered by a user with sudo privilege:

sudo apt update
sudo apt install xfce4 xfce4-goodies

It could take some time to download and install the Xfce packages, depending on your machine.

Installing VNC Server
Ubuntu repositories have a variety of VNC servers, including TightVNC, TigerVNC, and x11vnc.
Each VNC server has unique performance and security advantages and disadvantages.

sudo apt install tigervnc-standalone-server

Configuring VNC Access
The initial user configuration and password setup are done once the VNC server has been installed.

The vncpasswd command can be used to change the user password.
Run the following command without using sudo:


You will be asked to enter your password, confirm it, and decide if you want to make it a view-only password.
The user won't be able to use the mouse or keyboard to communicate with the VNC instance if you opt to put up a view-only password:

Would you like to enter a view-only password (y/n)? n

Enter fullscreen mode Exit fullscreen mode

The password file is stored in the ~/.vnc directory, which is created if not present.

Next, we need to configure TigerVNC to use Xfce. To do so, create the following file:

nano ~/.vnc/xstartup

exec startxfce4 
Enter fullscreen mode Exit fullscreen mode

Save and close the file. The commands above are automatically executed whenever you start or restart the TigerVNC server.

The ~/.vnc/xstartup file also needs to have execute permissions. Use the chmod command to set the file permissions:

chmod u+x ~/.vnc/xstartup

Create a file called config and add one option each line if you need to give the VNC server more choices.
Here's an illustration: Edit ~/.vnc/config


Enter fullscreen mode Exit fullscreen mode

You can now start the VNC server using the vncserver command:


New ' (linuxize)' desktop at :1 on machine

Starting applications specified in /home/linuxize/.vnc/xstartup
Log file is /home/linuxize/.vnc/

Use xtigervncviewer -SecurityTypes VncAuth -passwd /home/linuxize/.vnc/passwd :1 to connect to the VNC server.

Enter fullscreen mode Exit fullscreen mode

In the output above, take note of the:1 after the hostname.
This displays the display port number where the vnc server is currently running.
The server is operating in this instance on TCP port 5901 (5900+1).
The server is currently operating on port 5902 (5900+2) since if you use vncserver to start a second instance, it will run on the next available port, i.e.

When working with VNC servers, it's crucial to keep in mind that :X is a display port that stands for 5900+X.

You may receive a list of all the VNC sessions that are active right now by typing:

vncserver -list

TigerVNC server sessions:

:1            5901          5710

Enter fullscreen mode Exit fullscreen mode

Before continuing with the next step, stop the VNC instance using the vncserver command with a -kill option and the server number as an argument. In this example, the server is running in port 5901 (:1), so we’ll stop it with:

vncserver -kill :1

Killing Xtigervnc process ID 5710... success!

Enter fullscreen mode Exit fullscreen mode

Creating a Systemd unit file
Let's write a systemd unit file to automate starting, stopping, and restarting the VNC service rather than manually beginning the session.

Copy and paste the following configuration into your text editor once it is open.
Please ensure that the username on line 7 corresponds to your username.

sudo nano /etc/systemd/system/vncserver@.service

Description=Remote desktop service (VNC)

ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill :%i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver :%i -geometry 1440x900 -alwaysshared -fg
ExecStop=/usr/bin/vncserver -kill :%i

Enter fullscreen mode Exit fullscreen mode

Save and close the file.
Notify systemd that a new unit file is created:

sudo systemctl daemon-reload

Enable the service to start on boot:

sudo systemctl enable vncserver@1.service

The number 1 after the @ sign defines the display port on which the VNC service will run. This means that the VNC server will listen on port 5901, as we discussed in the previous section.

Start the VNC service by executing:

sudo systemctl start vncserver@1.service

Verify that the service is successfully started with:

sudo systemctl status vncserver@1.service

● vncserver@1.service - Remote desktop service (VNC)
     Loaded: loaded (/etc/systemd/system/vncserver@.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2021-03-26 20:00:59 UTC; 3s ago
Enter fullscreen mode Exit fullscreen mode

Connecting to VNC server
Since VNC is not an encrypted protocol, packet sniffing is possible.
Creating an SSH tunnel and securely forwarding traffic from your local workstation on port 5901 to the server is the suggested course of action.

Set Up SSH Tunneling on Linux and macOS
You may quickly construct an SSH tunnel on your computer with the following command if you use Linux, macOS, or any other Unix-based operating system:

ssh -L 5901: -N -f -l vagrant

The user password must be entered when requested.

Make sure you substitute your username and server's IP address for username and server ip address, respectively.

Set Up SSH Tunneling on Windows
The PuTTY SSH client can be used to configure SSH tunneling on Windows systems.

Launch Putty and type the IP address of your server in the Host name or IP address field.

Image description

Under the Connection menu, box, expand SSH, and select Tunnels. Enter the VNC server port (5901) in the Source Port field and enter server_ip_address:5901 in the Destination field and click on the Add button as shown in the image below:

Image description

Go back to the Session page to save the settings, so you do not need to enter them each time. To the remote server, select the saved session and click on the Open button.

Connecting using Vncviewer
It's time to open your VNC viewer and connect to the VNC Server at localhost:5901 now that the SSH tunnel has been formed.

Any VNC viewer is acceptable, including Vinagre, TigerVNC, TightVNC, RealVNC, UltraVNC, and VNC Viewer for Google Chrome.

TigerVNC will be used here. Click the Connect button after opening the viewer and entering localhost:5901.

Image description

Enter your user password when prompted, and you should see the default Xfce desktop. It will look something like this:

Image description

From your local computer, you can begin interacting with the remote XFCE desktop using your keyboard and mouse.

On Ubuntu 20.04, we demonstrated how to set up and configure a VNC server.

Use the vncpasswd command to set up the basic settings and the password in order to configure your VNC server to launch a display for more than one user.
Additionally, a new service file with a different port must be created.

If you have any questions, don't hesitate to leave a remark.

Top comments (0)