Introduction
VNC is short for Virtual Network Computing. It’s a simple way to share a graphical desktop environment. For example, if you install VNC on your hosted server, you could connect to its graphical desktop environment remotely.
Installing TightVNC Server
Before installation update packages:
sudo apt update && sudo apt upgrade
The graphical environment is not installed by default, so we need to install a graphical shell and TightVNC Server itself at the same time:
apt install xfce4 xfce4-goodies tightvncserver
Configuring TightVNC Server
When starting the TightVNC server for the first time, it will create the necessary files and prompt you to set a password:
vncserver
If you want to restrict remote desktop control, select a read-only password (optional). Now, we need to stop our TightVNC session to adjust settings:
vncserver -kill :2
The number :2 recognize your DisplayPort, which you should see after running the vncserver command. To open the TightVNC config file, use:
nano ~/.vnc/xstartup
Make sure DisplayPort is correct and add the following line to the end:
startxfce4
Now, start the server:
vncserver
Setting up autorun
If you want to set autorun for the TightVNC server:
nano /etc/systemd/system/vncserver.service
Insert the following config there:
[Unit]
Description=TightVNC server
After=syslog.target network.target
[Service]
Type=forking
User=root
PAMName=login
PIDFile=/root/.vnc/%H:2.pid
ExecStartPre=-/usr/bin/vncserver -kill :2 > /dev/null 2>&1
ExecStart=/usr/bin/vncserver
ExecStop=/usr/bin/vncserver -kill :2
[Install]
WantedBy=multi-user.target
Use your DisplayPort accordingly.
Reload systems:
sudo systemctl daemon-reload
Enable autorun of the TightVNC server and start it:
systemctl enable --now vncserver
Now the VNC is installed and configured to start at boot.
Preparation for enabling SSH tunnel
SSH tunneling is a method that routes network traffic from your application to a remote server. Starting from installing and upgrading all necessary dependencies for correct implementation:
apt update && apt install xfce4 xfce4-goodies tightvncserver
Set a password for correct work:
vncserver
We also need to close all running TightVNC sessions:
vncserver -kill :2
Start a session listening only for internal connections. After opening the SSH tunnel, this will be our connection:
vncserver -localhost
Open TightVNC service configuration:
nano /etc/systemd/system/vncserver.service
Find the ExecStart parameter and make it look like:
ExecStart=/usr/bin/vncserver -localhost
Reload the system:
systemctl daemon-reload
Start the service again:
systemctl enable --now vncserver
Creating an SSH Tunnel
The following command must be run on the client computer from which you are connecting to the VNC server:
ssh -L 5902:localhost:5902 -N -l username VNC_server_IP
-L - specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. You are using a port
5902on the localhost to be sent to the server on port5902;-N - specifies only to forward ports, not execute the command;
-l - specifies the username to create the tunnel.
We use the port 5902 since our DisplayPort is :2
It is seen in the screenshot after running the command vncserver
Replace username and VNC_server_IP with your own parameters. If you connect using an SSH key, do not forget to add the -i parameter, as you would with a standard SSH connection.
Using Putty to create an SSH tunnel
Use normal connection parameters in Putty.
Besides these, add some additional settings. Go to Connection -> SSH -> Tunnels, enter 5902 in the Source port and localhost:5902 in the Destination.
Firewall
If your server has a firewall enabled, you need to open the appropriate ports. VNC typically runs on port 5900. For example, if your DisplayPort is :1, you will need to open the port 5901. Since our DisplayPort is :2, we need to open the port 5902:
ufw allow 5902/tcp
To check the UFW firewall status, use:
sudo ufw status
You’ve successfully set up a VNC server.