Introduction: VNC (Virtual Network Computing) is a convenient connection system that enables users to interact with a remote server's graphical desktop environment using their mouse and keyboard. This is especially useful for those who are not yet comfortable with the command line and find it challenging to manage files, software, and settings on a remote server.
This guide will provide step-by-step instructions on setting up a VNC server with TightVNC on an Ubuntu 20.04 server. You will also learn how to connect to it securely through an SSH tunnel and interact with your server via a graphical desktop environment using a VNC client program on your local machine.
Before you begin with the VNC installation process, make sure you have the following prerequisites:
- An Ubuntu 20.04 server with a non-root administrative user and UFW firewall configured. You can follow our initial server setup guide for Ubuntu 20.04 to set up the server.
- A local computer with a VNC client installed that supports connections over SSH tunnels. TightVNC, RealVNC, or UltraVNC can be used on Windows, while on macOS, you can use the built-in Screen Sharing program or cross-platform apps such as RealVNC. For Linux, you can choose from several options like vinagre, krdc, RealVNC, or TightVNC.
In order to proceed with using a graphical desktop environment and a VNC server on an Ubuntu 20.04 server, you will need to install them first since they are not included by default. You have various options to choose from when it comes to selecting a VNC server and desktop environment. For this particular guide, you will install the Xfce desktop environment, which is the latest version, and the TightVNC package available in the official Ubuntu repository. These packages are popular for their lightweight and fast performance, ensuring that the VNC connection remains stable and smooth even on slow internet connections.
Once you have connected to your server through SSH, the next step is to update the package list by executing the following command:
sudo apt update
Now, proceed with installing the Xfce desktop environment and xfce4-goodies package, which comes with a few desktop environment enhancements, by running the following command:
sudo apt install xfce4 xfce4-goodies
While installing these packages, you may be required to select a default display manager for Xfce. Since you will only be using Xfce while connecting with a VNC client, and you will already be logged in as your non-root Ubuntu user during Xfce sessions, your choice of display manager will not be significant for this tutorial. You can select either one and press ENTER.
Once the Xfce installation is complete, you can proceed to install the TightVNC server by running the following command:
sudo apt install tightvncserver
In order to install a graphical desktop environment and VNC server on an Ubuntu 20.04 server, you need to first update your package list and then install the Xfce desktop environment and the TightVNC package.
The Xfce and TightVNC packages are lightweight and fast, which is ideal for a stable VNC connection on slower internet connections. To set up a VNC access password, create the initial configuration files, and start a VNC server instance, you can run the "vncserver" command and enter a password of 6 to 8 characters in length.
Additionally, you have the option to create a view-only password, which is not required. The VNC server can launch multiple instances on different display ports, such as :2 and :3. If you ever need to change your password or add a view-only password, you can use the "vncpasswd" command.
Next, you need to configure the VNC server by specifying which commands to execute when it starts up. This can be done in the xstartup configuration file, located in the .vnc folder under your home directory.
To modify the VNC server configuration, the running instance on port 5901 needs to be stopped using the command "vncserver -kill :1". Prior to modifying the xstartup file, it's advisable to back up the original using "mv ~/.vnc/xstartup ~/.vnc/xstartup.bak". Create a new xstartup file and add the following lines to it using a text editor like nano:
The first line is a shebang that specifies the interpreter to be used to execute the file's contents as commands. In this case, Bash is used to execute the subsequent commands in the file.
To modify the VNC server configuration, you must first stop the running instance on port 5901 with the command vncserver -kill :1. Before modifying the xstartup file, it is essential to back up the original version with the command mv ~/.vnc/xstartup ~/.vnc/xstartup.bak. You can then create a new xstartup file with the nano text editor and add the necessary commands to configure the VNC server to launch Xfce and read the user's .Xresources file. Saving and closing the file, you must make it executable with the command chmod +x ~/.vnc/xstartup before restarting the VNC server with the command vncserver -localhost.
Note that the -localhost option is included in the command to restrict VNC server connections to the loopback interface of your server. To add an extra layer of security to VNC, you'll need to establish an SSH tunnel between your local machine and your server, so VNC will only allow connections from users who already have SSH access to your server.
After configuring the VNC server and establishing an SSH tunnel, you'll receive output indicating that a new 'X' desktop has been created with the hostname and display number. The output also specifies the path to the xstartup file that was executed during the server startup, and the path to the log file for this particular instance. With this configuration in place, you're now able to connect to the VNC server from your local machine.
In order to connect to your VNC server securely, you need to establish an SSH tunnel and instruct your VNC client to connect through that tunnel instead of a direct connection. This is because VNC does not use secure protocols for connections.
To create an SSH connection that securely forwards to the localhost connection for VNC, you can use the following ssh command in your local terminal on Linux or macOS:
ssh -L 59000:localhost:5901 -C -N -l sammy your_server_ip
Here's what the options in this command mean:
-L 59000:localhost:5901: forwards the given port on the local machine (59000) to the given host and port on the destination server (localhost:5901, which means port 5901 on the destination server defined as your_server_ip).
-C: enables compression, which can help minimize resource consumption and speed things up.
-N: tells ssh that you don't want to execute any remote commands, which is useful when you only want to forward ports.
-l sammy your_server_ip: specifies the user you want to log in as and the server's IP address. Make sure to replace sammy and your_server_ip with your non-root user's name and your server's IP address, respectively.
Note that this command establishes an SSH tunnel that forwards information from port 5901 on your VNC server to port 59000 on your local machine via port 22 on each machine, which is the default port for SSH. If you followed the Initial Server Setup guide for Ubuntu 20.04, you will have added a UFW rule to allow connections to your server over OpenSSH.
Establishing an SSH tunnel is more secure than opening up your server's firewall to allow connections to port 5901, which would allow anyone to access your server over VNC. By connecting through an SSH tunnel, you limit VNC access to machines that already have SSH access to the server.
If you are using PuTTY to connect to your server, you can create an SSH tunnel by right-clicking on the top bar of the terminal window and selecting the "Change Settings..." option.
To create an SSH tunnel using PuTTY, you can follow these steps:
- Launch PuTTY and open a session to your server.
- In the PuTTY Configuration window, locate the Connection branch in the tree menu on the left-hand side.
- Expand the SSH branch and click on Tunnels.
- On the Options controlling SSH port forwarding screen, enter 59000 as the Source Port.
- Enter localhost:5901 as the Destination.
- Click on the Add button to add this tunnel to the list of forwarded ports.
- Save your settings and then connect to your server as you normally would.
By creating this SSH tunnel, you'll be able to securely connect to your VNC server from your local machine without exposing it to the internet.
To connect to the VNC server securely, you need to create an SSH tunnel that forwards information from port 5901 on your VNC server to port 59000 on your local machine via port 22 on each machine, the default port for SSH. You can do this via the terminal on Linux or macOS by running an SSH command that securely forwards to the localhost connection for VNC. The SSH command looks like this:
ssh -L 59000:localhost:5901 -C -N -l sammy your_server_ip
The -L switch specifies that the given port on the local computer (59000) is to be forwarded to the given host and port on the destination server (localhost:5901). The -C flag enables compression, which can help minimize resource consumption and speed things up. The -N option tells SSH that you don’t want to execute any remote commands. The -l switch lets you specify the user you want to log in as once you connect to the server.
Once the tunnel is running, use a VNC client to connect to localhost:59000. You'll be prompted to authenticate using the password you set in Step 1. After you are connected, you'll see the default Xfce desktop, and you can access files in your home directory with the file manager or from the command line. To stop the SSH tunnel and disconnect your VNC session, press CTRL+C in your local terminal.
If you're using PuTTY to connect to your server, you can create an SSH tunnel by finding the Connection branch in the tree menu on the left-hand side of the PuTTY Reconfiguration window. Expand the SSH branch and click on Tunnels. On the Options controlling SSH port forwarding screen, enter 59000 as the Source Port and localhost:5901 as the Destination. Then click the Add button, and then the Apply button to implement the tunnel.
In this tutorial, we will discuss how to run VNC as a systemd service, which allows you to start, stop, and restart it as needed. This also ensures that VNC starts automatically when your server boots up. To begin, you'll need to create a new unit file called /etc/systemd/system/[email protected]. The @ symbol at the end of the name allows you to pass in an argument to specify the VNC display port you want to use when managing the service.
After creating the unit file, add the necessary lines, including the User, Group, WorkingDirectory, and PIDFILE values, ensuring that they match your username. Note that the ExecStartPre command stops VNC if it's already running, and the ExecStart command starts VNC and sets the color depth to 24-bit color with a resolution of 1280x800.
Save and close the file, then make the system aware of the new unit file with the sudo systemctl daemon-reload command. Enable the unit file by running sudo systemctl enable [email protected], where the 1 following the @ sign signifies which display number the service should appear over.
To start the VNC server, stop any current instances running with vncserver -kill :1, then start it as you would any other systemd service with sudo systemctl start [email protected]. Verify that it started correctly with sudo systemctl status [email protected].
Finally, to reconnect to the VNC server, start your SSH tunnel again and make a new connection using your VNC client software to localhost:59000. By following these steps, you can run VNC as a systemd service and manage it like any other service.
In conclusion, you have successfully set up a secured VNC server on your Ubuntu 20.04 server, which enables you to manage files, software, and settings using a user-friendly graphical interface, as well as run graphical software like web browsers remotely. If you're looking to host an Ubuntu virtual machine, you can quickly and easily do so with Cryptovise. This hosting service is user-friendly and powerful enough for fast-growing applications or businesses.