Menu
homeBrowsers

Remote computer control. Setting up UltraVnc. VNC Server or Remote Desktop on Ubuntu

VNC ( Virtual Network Computing is a remote access system that allows you to use a keyboard and mouse to interact with graphical interface remote server desktop. With its help, you can manage files, software and settings of a remote server without accessing the command line.

This manual will help you install VNC on a Ubuntu 16.04 virtual private server and set up a secure connection using an SSH tunnel. The VNC server will use TightVNC, a fast and lightweight remote control package that supports operation even on slow internet.

Requirements

  • Ubuntu 18.04 server configured with .
  • A local computer with a pre-installed VNC client that supports VNC connections over an SSH tunnel. Windows users can install TightVNC, RealVNC or UltraVNC. Mac users OS X can use the built-in Screen Sharing package or use cross-platform applications (for example, RealVNC). Linux users can choose vinagre, krdc, RealVNC, TightVNC, etc.

1: Install Desktop Environment and VNC Server

By default, Ubuntu 18.04 servers come without pre-installed graphical environment desktop and VNC server. Therefore, you first need to install these components. IN this manual Xfce and TightVNC packages are used, available in the official Ubuntu repository.

To install the specified packages on the server, update the index and enter the command:

sudo apt update
sudo apt install xfce4 xfce4-goodies

Now install TightVNC:

sudo apt install tightvncserver

To complete initial setup VNC server after installing it and choosing a strong password, use the vncserver command.

The command will prompt you to select and confirm a password:

You will require a password to access your desktops.
Password:
Verify:

The password must be six to eight characters long. Longer passwords will be automatically shortened to 8 characters.

Once you confirm your password, you will have the option to create a view-only password. Users accessing VNC using a browsing password will not be able to control VNC via mouse or keyboard. This password allows you to demonstrate VNC to other users if necessary.

The process will then complete the initial VNC setup and create configuration files.

Would you like to enter a view-only password (y/n)? n
xauth: file /home/8host/.Xauthority does not exist
New "X" desktop is your_hostname:1
Creating default startup script /home/8host/.vnc/xstartup

2: Setting up a VNC server

First you need to define the commands that the VNC server will execute when starting. These commands should be in the xstartup file in the .vnc directory, which is stored in your home directory current user. The startup script was created by the vncserver team, but it needs to be modified to work with Xfce.

When VNC first starts, it uses port 5901. VNC calls this port:1. VNC can run other instances on other ports, which will be called :2, :3, etc.

To change the VNC server settings, you need to stop the instance using port 5901.

vncserver -kill:1

The command will return the following message (PID will be different):

Killing Xtightvnc process ID 17648

Create a backup of the xstartup file:

mv ~/.vnc/xstartup ~/.vnc/xstartup.bak

Then create new file xstartup:

nano ~/.vnc/xstartup

Paste into it following commands, which will be executed automatically when the VNC server starts. Save and close the file.

~/.vnc/xstartup
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4&

With the first command, xrdb $HOME/.Xresources, the VNC server GUI reads the .Xresources file. In the .Xresources file, the user can make changes to some settings of the graphical desktop (customize terminal colors, cursor themes, fonts). The second command simply launches Xfce, which stores all the graphics software needed to manage the server.

Now you need to make the file executable:

sudo chmod +x ~/.vnc/xstartup

Restart VNC:

During startup the server will return:

New "X" desktop is your_hostname:1
Starting applications specified in /home/8host/.vnc/xstartup
Log file is /home/8host/.vnc/your_hostname:1.log

3: Secure connection to VNC

VNC does not use secure protocols when connecting. Create an SSH tunnel for secure connection to the server and then configure the VNC client to support the tunnel instead direct connection.

Create an SSH connection on your local computer, which will go to the localhost connection for VNC. You can do this on Linux or macOS via the terminal using the following command:

The -L flag specifies port bindings. In this case, we bind port 5901 of the remote connection to port 5901 on the local computer. The -C flag enables compression and the -N tells ssh what to do remote command no need. The -l option specifies the remote login name.

Don't forget to replace 8host and your_server_ip with your data.

If you are running through a graphical SSH client such as PuTTY, use your_server_ip as the IP connection in your SSH tunnel settings and set localhost:5901 as the new port.

Once the tunnel is up and running, use your VNC client to connect to localhost:5901. This will ask you for the password you chose in section 1.

After this you will see the standard Xfce screen.

You can access files in your home directory using a file manager or from command line.

Press CTRL + C in the terminal to close the SSH tunnel and return to the command prompt. This will also end your VNC session.

4: Create a VNC service file

Now you need to configure the VNC server as a system service.

Create a new unit file /etc/systemd/system/ [email protected]:

sudo nano /etc/systemd/system/ [email protected]

The @ symbol at the end of the file name will allow you to pass an argument that can be used in the service configuration. Using it, you can specify the VNC port that should be used when managing the service.

Add the following lines to the file. Be sure to change the User, Group, WorkingDirectory and username in the PIDFILE value.

/etc/systemd/system/ [email protected]
Description=Start TightVNC server at startup
After=syslog.target network.target
Type=forking
User=8host
Group=8host
WorkingDirectory=/home/8host
PIDFile=/home/8host/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill:%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800:%i
ExecStop=/usr/bin/vncserver -kill:%i
WantedBy=multi-user.target

The ExecStartPre command stops VNC if the service is already running. The ExecStart command starts VNC and sets the color depth to 24-bit color with a resolution of 1280x800. You can also change these settings depending on your needs.

Save and close the file.

Then let the system know about the new unit file.

sudo systemctl daemon-reload

Enable it:

sudo systemctl enable [email protected]

The number 1 following the @ determines which display number should be shown in the service, in this case it is the default value.

Stop the current VNC server instance if it is still running.

vncserver -kill:1

Now try running it like any other systemd service:

sudo systemctl start vncserver@1

To make sure the server is running, check its status:

sudo systemctl status vncserver@1

[email protected]— Start TightVNC server at startup

Loaded: loaded (/etc/systemd/system/ [email protected]; indirect; vendor preset: enabled)
Active: active (running) since Mon 2018-07-09 18:13:53 UTC; 2min 14s ago
Process: 22322 ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800:1 (code=exited, status=0/SUCCESS)
Process: 22316 ExecStartPre=/usr/bin/vncserver -kill:1 > /dev/null 2>&1 (code=exited, status=0/SUCCESS)
Main PID: 22330 (Xtightvnc)
...

The VNC service has now been added to startup.

Start the SSH tunnel again:

ssh -L 5901:127.0.0.1:5901 -C -N -l 8host your_server_ip

Create a new connection from the VNC client to localhost:5901 to test the setup.

Conclusion

Now VNC server is installed on Ubuntu 18.04 server. With it, you can manage files, programs and settings of a remote server (for example, launch a web browser remotely).

Tags: ,

Working with the VNC client. The material is aimed at inexperienced users.

1. Installing a VNC client
2. Connecting a VNC client to a remote computer
3. Disconnecting the VNC client from the remote computer
4. Tuning the VNC client
5. Common problems

To work with a remote computer via VNC, you need to run a client program (VNC viewer, VNC client) on the user’s computer. This program transmits data about keystrokes and mouse movements made by the user to a remote computer and displays information intended to be displayed on the screen.

1. Installing a VNC client
For Windows OS you can download and install the VNC client UltraVNC and TightVNC for free.

Mac OS X since version 10.5 has support for a VNC client in RemoteDesktop. For previous versions You can use VNC clients JollysFastVNC and .

For the Linux branch of Debian (Ubuntu), the VNC client is installed from the repository with the command:

Apt-get install vncviewer

For the RedHat branch (CentOS, Fedora) - with the command:

Yum install vnc

For FreeBSD, the VNC client (TightVNC) is installed from packages with the command:

Pkg_add -r tightvnc

2. Connecting a VNC client to a remote computer
To connect a VNC client to a remote computer, you need to specify its IP address or DNS name, and the display number (default, :0) or TCP port number (default, 5900). If the VNC server requires authorization, then when connecting to it, the VNC client will ask for a password. Please note that the VNC server access password is not associated with any account ( account user) on a remote computer, and serves only to restrict access to the VNC server display.

After establishing a connection and opening the screen, depending on the settings of the VNC server, user authorization may be required to virtual server or an already running work session of a user may be opened.

Since several VNC servers can be running on a computer at the same time, the parameter is used to separate them display number. For example, one VNC server may be running on display:0, another on display:1. Each display number corresponds to the TCP port number on which the VNC server accepts connections. The display port number is obtained by adding the display number to base number port - 5900. Display:0 corresponds to TCP port 5900, display:1 - port 5901.

3. Disconnecting the VNC client from the remote computer
When closing the VNC client window or after leaving the environment using desktop tools, depending on the settings of the VNC server, the user's working session can close with all programs in use stopped, or continue working and be available again when connecting to the VNC server again.
4. Tuning the VNC client
A large amount of information transmitted to the screen entails increased requirements for the speed of the channel - to its bandwidth and packet transmission time. Capacity pressure leads to uncomfortable delays when big changes information shown on the screen - opening new windows, scrolling, etc. Especially long delays will occur when displaying photographs and other images or interface elements that have a large number of colors and complex shapes.

The main parameter that affects the amount of transmitted data is the encoding algorithm of the transmitted graphics. To reduce the volume and, accordingly, speed up the work, it is recommended to use the Tight, ZLib, ZRLE algorithms - in comparison with uncompressed data (Raw), they provide tens of times compression, significantly loading the processor. These coding algorithms provide comfortable work even on channels with a speed of 256-512 Kbps.

To reduce the amount of information transmitted over the network, you can also set a high compression level (Compression Level, Compression Value), low level JPEG quality(JPEG Quality) and enable the color reduction mode (-bgr233, Restricted colors). The greatest effect of them, with a noticeable decrease in image quality, is provided by the mode of reducing the number of colors - the volume of transmitted information is reduced by 1.5-3 times, respectively, the display on the screen is accelerated by 1.5-3 times.

JPEG is used by the Tight encoding algorithm to compress areas of the screen containing photographs and other complex images with a large number colors. Using Tight+JPEG reduces the amount of data transmitted by 2-5 times. Other JPEG encoding algorithms are not supported.

1. Drop-down menu “System -> Options”

The volume of transmitted data and the display speed on the channel is 1 Mbit/sec when opening the drop-down menu “System -> Parameters” (the menu is highlighted with a green dotted line in the figure):

5. Common problems
Can't connect to VNC server
Need to check:
  1. is there access to the Internet;
  2. whether the virtual server responds to pings;
  3. whether the VNC server is running on the virtual server;
  4. is there a firewall along the way that blocks access to the TCP port of the VNC server;
  5. Is the display number or TCP port of the VNC server specified correctly (port number = 5900 + display number).
Slow operation through a fairly fast channel
If the VNC client cannot agree with the VNC server on the use of a graphics encoding algorithm with data compression, the default algorithm is selected - Raw, which transfers data without compression. Also encoding without compression or with low level compression can be automatically selected by the VNC client when working via fast local network. This problem can be fixed by forcing the encoding algorithm with high level compression - ZLib, ZRLE, Tight.

However, for some combinations of client and server, this solution may not be useful due to errors in the negotiation of the encoding algorithm. For example, a TightVNC client with a RealVNC server can often only work with Raw encoding. The solution in this case is to change the VNC client or VNC server.

How to help your users access a multi-user Linux system from anywhere

VNC and X server architecture

The graphical user interface (GUI) in Linux® uses the X Window System (abbreviated X). X is an unusual GUI in several respects, in particular it is native network interface. X server, in essence, is a network server program. Network server programs provide client programs with access to local resources, and this is true for the X server as well. The peculiarity is that in the case of the X server, “local resources” are the display, keyboard and mouse with which the user works. In the most common configuration, X client programs run on the same computer as the server. Thus, LibreOffice, the GNU Image Manipulation Program (GIMP), or other programs are X clients that use X network protocols to accept data from the user and display the results on the same computer.

However, when X is used on a network, the user sits at an X server computer, and the X clients are programs that need to be run on another computer. This configuration requires a second network protocol, establishing a connection. This second protocol could be telnet, Secure Shell (SSH), or X Display Manager Control Protocol (XDMCP). The server for this remote login protocol runs on the X client computer, and the remote login client runs on the X server computer. The remote login server runs X clients, which in turn establish a connection to the X server. illustrates this interaction. Dotted arrows indicate the beginning of the session. (With XDMCP, the XDMCP client is built into the X server program.)

Figure 1: Remote Access X requires a client and server on both computers

This configuration works great on many local networks, but is not without its drawbacks. For example, it requires a two-way network protocol to be initiated, which may be prevented by a firewall or Network Address Translation (NAT) router. (SSH removes this obstacle by allowing X sessions to be tunneled.) Additionally, although X servers exist for most platforms, they are not typically installed on computers running Windows control®. For these and other reasons, many people prefer to use another protocol, Remote Frame Buffer (RFB), which is implemented in the Virtual programs Network Computing (VNC).

VNC is a cross-platform tool that allows remote access to Linux, UNIX®, Mac OS X, Windows and other systems from any type of client. The user sits at the client computer and accesses the remote server computer. IN Linux VNC server either mirrors the contents of the local X server screen to a remote computer, or contains its own own X server, capable of running independently of whatever controls the local screen. The result is shown in Figure 2. Again, the dotted arrow indicates the start of the session. This configuration eliminates the need for reverse network connection, and since VNC clients and servers are available for many operating systems, the same client program provides access to any server.

Figure 2. The VNC server includes an X server that can communicate with local programs via X client

The disadvantage of VNC is that RFB authentication is based on passwords without usernames. So each user must start an independent VNC server session and establish a connection to that VNC instance by specifying the correct port number. This requirement is tolerable for a single-user system, but causes extreme inconvenience when working on a multi-user computer.

To solve this problem, you can combine these two approaches: reconfigure the local XDMCP server so that it helps the X server built into VNC provide the missing multi-user authentication. (The resulting configuration is illustrated in Figure 3. The dotted arrow indicates the start of the session.) Now, when remote VNC users access the VNC server computer, they can enter usernames and access passwords for their own unique VNC sessions, so that the computer can be used for as long as any users.

Figure 3: Adding XDMCP to a VNC configuration provides increased flexibility

Setting up a VNC server

There are several ways to run VNC, including using scripts, binding VNC to your desktop environment using desktop instruments and using xinetd to listen to VNC connections. This latter approach is described here because it allows VNC to run in a way that can use an XDMCP server. Before moving on to the instructions for setting up VNC to run through xinetd, you must select a VNC server.

Selecting a VNC server

There are several VNC server programs. (See section). Some of the most popular are TightVNC, TigerVNC and RealVNC. This article uses TightVNC as an example. Unfortunately, configuration details are both server and distribution specific, so the instructions here will need to be tailored to your software.

Installing xinetd

Many distributions install the xinetd superserver by default, but not all. Because the method described here assumes the use of xinetd, you must install xinetd if it is not already installed. On most distributions, xinetd can be installed using a package manager, for example by calling apt-get install xinetd on Debian-based distributions or zypper install xinetd on openSUSE.

You may also need to configure the xinetd startup process. Typically, you can use the System V (SysV) startup script for a one-time startup:

# /etc/init.d/xinetd start

To configure xinetd to start automatically when the computer boots, you need to know how your distribution's startup scripts work. Typically this is done with a utility such as chkconfig (used on Fedora, openSUSE and related distributions), update-rc.d (used on Debian and related distributions) or rc-update (used on Gentoo), something like this:

# chkconfig xinetd on # update-rc.d xinetd enable # rc-update add xinetd default

Enter only one from these commands or find the equivalent for your distribution.

Note that xinetd may not start if it is not configured to run any services. So you may have to wait to run it until you have configured xinetd to manage your VNC server.

Setting up xinetd

Servers to be managed by xinetd place configuration files in the /etc/xinetd.d directory. Thus, to configure xinetd to manage VNC, you need to create or edit a file with the name type /etc/xinetd.d/vnc.(On some distributions, such as openSUSE, the VNC server package installs such a file.) Listing 1 shows an example.

Listing 1. Example of VNC configuration for xinetd
service vnc ( disable = no socket_type = stream protocol = tcp wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -once -query localhost -geometry 1024x768 -depth 16 type = UNLISTED port = 5900 )

This entry specifies several xinetd options, most of which should be left as is. Listed below are the settings that may need to be configured.

  • service. VNC with different parameters can be run on multiple ports, but in this case, in the first line of Listing 1, you need to give VNC a separate service name for each port.
  • server. This setting needs to be changed to point to the main VNC server binary, which is usually called Xvnc.
  • server_args. You will almost certainly want to change some of these values, as described below.
  • port. VNC uses port numbers 5900 and above. You can start the server with different meanings parameters through different ports. In this case, each instance must be assigned its own port number.

The trickiest part of setting up xinetd is setting the server arguments. You can use the arguments shown in Listing 1 as a model, changing some of them.

  • -query localhost . This option specifies that the VNC X server should check the localhost system for XDMCP authentication. It can be changed if you want to use one computer as a translator to access the programs of another.
  • -geometry 1024x768 . This option sets the virtual resolution of the VNC session. Note that this resolution does not have to match that of a regular X server running on the server machine. You can create multiple entries running at different resolutions so that users can log into the VNC server at the resolution that suits their needs. local systems.
  • -depth 16 . This parameter sets the color depth. The lower the value, the faster the display updates, but on a screen with big amount colors may be distorted. Range acceptable values from 2 to 32.

There are many other options, and some of them depend on the VNC server. Refer to your VNC server documentation.

Setting up an XDMCP server

Most Linux distributions configure their XDMCP servers to only manage the local display. To enable remote access, you need to reconfigure the XDMCP server to accept access requests from a VNC server running on the same computer. The details depend on the XDMCP server. The three most commonly used on Linux are GNOME Display Manager (GDM), Light Display Manager (LightDM), and KDE Display Manager (KDM). Other XDMCP servers, such as XDM, require different settings than those described here. In any case, after reconfiguring the XDMCP server, you will have to restart it.

Editing the XDMCP Configuration File

If you are not sure which XDMCP server is being used on your system, you can determine this by viewing the process listing using the dm line, for example:

$ ps ax | grep dm 929 ? Ss 0:00 /usr/bin/kdm 962 tty7 Ss+ 0:19 /usr/bin/Xorg -br:0 vt7 -nolisten tcp -auth \ /var/lib/xdm/authdir/authfiles/A:0-pp4shb 30157 pts/3 S+ 0:00 grep --color=auto dm

The first line of this printout states that KDM is running, so in order for VNC to use XDMCP, you need to edit that server's configuration file. The configuration files of most XDMCP programs follow the same format. They contain sections with names given in square brackets, such as . The lines following the section name specify parameters using an equal sign, for example: enable=true . Table 1 lists the configuration file names, section names, and parameters that must be defined for XDMCP to work on several common Linux XDMCP servers.

Table 1. Parameters that allow XDMCP to support VNC for different XDMCP servers

The XDMCP section in the configuration file may be completely missing. If present, it may explicitly disable XMDCP support, contain commented out options, or be empty. Regardless of the initial state of the file, you must ensure that the XDMCP section is present and that support is enabled. As an example, let's look at configuring KDM to enable XDMCP:

Enable=true

Some distributions allow you to enable additional security measures that you may need to relax. One of them is a firewall. Firewall scripts are typically distribution-specific, so refer to your system's documentation for instructions on configuring a firewall. You want localhost to have access to port 177 and VNC clients to access port 5900 (or any other ports that are used for VNC).

OpenSUSE has additional file configuration, which controls some types of access, including XDMCP access: /etc/sysconfig/displaymanager. Open this file in text editor and find next line:

DISPLAYMANAGER_REMOTE_ACCESS="no"

Change the value of this parameter to "yes" . If you leave "no" , the XDMCP server login window will not be displayed when connecting to a VNC server. In most distributions this change Not required: This file only uses openSUSE.

Restarting the XDMCP server

Once the XDMCP server is configured to support remote connections, it must be restarted. On distributions that start X via a SysV init file, such as Debian and Gentoo, this can be done using the restart option:

# /etc/init.d/gdm restart

On a system that uses runlevel to run X, such as Fedora or openSUSE, you need to go to runlevel text mode(usually 3) and then return to the GUI level (usually 5):

# telinit 3 # telinit 5

Keep in mind that either approach logs you out of X, so save any work you've done in your X session before continuing.

Testing and Debugging

You can now log in from a remote computer using a VNC client. Most Linux distributions include the vncviewer command, so you can type:

vncviewer

To login remotename via VNC. If VNC is configured and working correctly, the result will be something like Figure 4. If you set up multiple VNC sessions on different ports, you can specify the VNC session number by passing it as part of the hostname. Enter:

vncviewer:3

To log into session 3 (via port 5903).

Figure 4. When configured to work with XDMCP, VNC provides the usual Linux prompt

If you do not see the XDMCP login screen when you run this test, you will need to debug. Below are some recommendations.

  • If vncviewer reports that the connection was refused, it most likely means that the superserver on the VNC server machine is not configured properly. Check xinetd configuration and try restarting the superserver. It is also possible that the firewall is blocking access to the VNC server computer.
  • If the VNC client starts and connects to the server, but you only see gray screen with a cursor that can be moved, the problem is most likely with the XDMCP server configuration. Check the settings above and restart the XDMCP server.
  • Review the event log files as you would normally do when debugging. You may need to search for all log files in the /var/log directory using links to your xinetd, XDMCP server, and VNC server.

VNC Security Issues

RFB is not a secure protocol; Most VNC clients and servers do not encrypt their data. (VNC encrypts its own passwords, but the approach described here does not use these passwords.) Be careful when choosing how and where to install VNC. If you want to use VNC in unsecured network, three options are possible:

  • use virtual private network(VPN);
  • tunnel protocol via SSH;
  • Use a VNC option that supports encryption, such as TigerVNC with Transport Layer Security encryption capability.

When you enable VNC login windows as described in this article, external world At least two ports are opened (VNC and XDMCP). Both ports can be restricted by firewall rules to minimize the risk of abuse. Note that the XDMCP port (UDP 177) should only be open to localhost, so the firewall rule for it can be quite restrictive.

Conclusion

In general, connecting VNC and XDMCP is a useful method of providing remote login with a graphical user interface for multi-user Linux computers. This method has advantages over directly applying XDMCP in a cross-platform environment or when there are problems caused by a firewall or NAT. On multi-user computers, it is preferable to the more common direct VNC connection methods. There are safety issues to consider when using this method. Be prepared to set up firewall rules to limit unwanted outside access, and use encryption if data is traveling over an untrusted network.

Although the Raspberry Pi works great with a monitor or TV using an HDMI cable, situations often arise when a monitor is not needed and it is quite enough to view the desktop remotely from another computer. In this case, VNC will help us. By the way, most tasks, such as programming or configuration, can be solved remotely operating system.
What do we need?

It is assumed that the Raspberry Pi has an operating system installed ( special version Linux Debian distribution), and Windows 7 is installed on the remote computer. To do this, you need to install some kind of VNC client for Windows, for example UltraVNC - it is quite convenient and free.
UltraVNC download page

Once the VNC server is configured and running, the UltraVNC client will be enough to connect remotely to the Raspberry Pi. However, if we also configure VNC remotely, we will additionally need SSH client- free PuTTY program.
PuTTY download page

The last thing we need is the IP address of your Raspberry Pi. If it is assigned a static address, then this is enough. If you know how to look up the IP address on your router, then that will also be enough. If the address is not known and there is no way to look it up, then you will need a program to scan IP addresses on the network. Advanced IP Scanner is quite suitable for this; it will scan the local network and show a list of all devices indicating the IP address of each. Most often, determining the address of the Raspberry Pi is not difficult; in the list it has the name “raspberrypi” or similar.
Advanced IP Scanner download page

In the case of a router, most often it is enough to view the list of connected devices; Raspberry Pi can be identified in the same way as described above. Unfortunately, it is not possible to describe how to do this in more detail within the framework of this article - all routers are slightly different from each other.

Launching SSH on Raspberry Pi

Let's start with what SSH is. This is a program that can be run in the operating room Linux system and allows you to remotely access the console (command line) of the Raspberry Pi. With its help, you can run any program or execute a command on the command line remotely using the SSH client - PuTTY.

By default, the SSH server is disabled in Raspbian, so you will need to start it first. To do this, you will have to connect the Raspberry Pi to a monitor or TV and connect it to USB keyboard. There are two ways to start an SSH server. A simpler one is to use the raspi-config program. To do this, you need to type the command and select “ ssh Enable or disable ssh server» in the proposed menu:

Another way is to enter the command sudo /etc/init.d/ssh start as below:

The difference is that in the first method, using the raspi-config program, we not only start the SSH server, but also add it to the autostart of the operating system, which may not be very good if the SSH server is not needed all the time. In the second case, we run it only until the next reboot.

Finally, we'll describe a way to run an SSH server without using a monitor or keyboard. To do this, you need to remove the SD card with Rasbian installed, insert it into the card reader and connect it to a computer running Windows.
The Raspberry Pi SD card has a small partition formatted in the Fat32 system that Windows understands. This section contains some configuration files. The contents of the SD card look like this:

In order to ensure that the SSH server starts, you need to rename the boot_enable_ssh.rc file to boot.rc:

Now all you have to do is insert the SD card back into the Raspberry Pi and turn it on. The SSH server will be started!

Connect via SSH

As mentioned above, in order to connect to the Raspberry Pi remotely using VNC, you must first start the VNC server. Below we show how to perform this procedure also remotely. To do this you will need an SSH client - PuTTY. After downloading the PuTTY program, you just need to run the resulting file; no installation is required. The following window will open:

In the Host Name field, enter the IP address found at the beginning. Then click the Open button. Once PuTTY connects to SSH server, a terminal window will open and prompt for credentials (user pi with default password raspberry):

Once the correct credentials have been entered, a command prompt will appear. Here you can enter any Raspberry Pi command:

Setting up a VNC server via SSH

Now that the connection is established, you need to start the VNC server. If you are starting the server for the first time, then most likely you need to complete the installation first. It is assumed that the Raspberry Pi has Internet access, since it will be needed to install the VNC server. To do this, run the command:
sudo apt-get install tightvncserver
As stated above, PuTTY executes the commands entered directly on the Raspberry Pi, so the command entered above will install the VNC server on your computer.
Please note that during installation you will be asked whether to install the program without verification (Install these packages without verification?). You will need to answer “y” to this question.

After the installation is complete, the VNC server needs to be started. To do this use the command vncserver:1 -geometry 1280×800 -depth 16 -pixelformat rgb565

This command started the VNC server! IN in this case, this means that a virtual X session (a virtual representation of the Raspberry Pi desktop) is running, exactly the same as the startx command when booting with a connected monitor. Now, when you launch the VNC client and connect, you will be connected to this particular virtual desktop.

Most an important part of this command - parameter :1 . It specifies the port number on which the VNC process will be launched. The port number can be anything, but you need to remember it, you will need it when connecting. Another important parameter, this is the resolution (in this case size) of the virtual desktop. You can specify it in any way, but you should not specify more than real resolution the computer from which remote access is carried out.

When you start VNC for the first time, the server will ask you to enter a password. This password will be needed when connecting to a remote desktop.

The second password the VNC server will ask for is a view-only password. If you enter this password when connecting, you will be able to see the virtual desktop, but the keyboard and mouse will be disabled.

Connect using UltraVNC

After starting the VNC server, the last thing to do is connect to it remotely. Launch UtlraVNC, enter the IP address, port number (1) and click the Connect button.
And now - everything is ready!

Important note! Image remote desk may differ depending on what credentials vncserver was launched under. When running under the credentials of an ordinary user, i.e. as stated above, the desktop will look as usual. On the other hand, when running vncserver as root using the sudo command, the desktop will look like the image below. By the way, the same applies to the startx command when working with the Raspberry Pi directly (locally).

Present to your attention new course from the team The Codeby- "Penetration testing of Web Applications from scratch." General theory, working environment preparation, passive fuzzing and fingerprinting, Active fuzzing, Vulnerabilities, Post-exploitation, Tools, Social Engeneering and much more.


Virtual Network Computing (VNC) allows for shared access to other remote users to the localhost desktop environment over the network. To provide access to the desktop, a VNC server must be running on the local host, and deleted users connect to the VNC server using some VNC viewer client.

In this tutorial I will explain how to set up a VNC server on Linux. For this I will be using vino, a VNC server software for the GNOME desktop environment.

To install the VNC server vino on a machine with Debian, Ubuntu or Linux Mint:

$ sudo apt-get install vino

To install the vino VNC server on a machine with Fedora, CentOS or RHEL:

$ sudo yum install vino

After installation, you can run vino and enable the VNC server by entering the vino-preferences command.

$vino-preferences

The above command will open the vino settings window to access the desktop as shown below. In the window where “Sharing” is located, check the box to allow other users to see your desktop. You can also set a VNC password. When the settings are done, this window can be closed.

In theory, the vino-preferences utility itself should start the VNC server. If the VNC server is not running for some reason, you can start the VNC server manually as follows.

$ /usr/lib/vino/vino-server &

On latest Linux Mint with the Cinnamon desktop is known to have no vino-preferences. To enable VNC server configuration in Mint on the Cinnamon desktop, use dconf-editor instead, as described here.

You can check if vino is running by typing the following command.

$ sudo netstat -pl | grep vino tcp 0 0 *:5900 *:* LISTEN 3246/vino-server tcp6 0 0 [::]:5800 [::]:* LISTEN 3246/vino-server tcp6 0 0 [::]:5900 [:: ]:* LISTEN 3246/vino-server

As you can see above, vino-server is running on TCP port with numbers 5800 and 5900. You can use any software with VNC client function to connect to the VNC server.

If the VNC server is configured so that you must confirm every VNC access to your desktop, then you will see the following pop-up message every time a VNC connection request is received. Only after you enable VNC will the VNC client be able to access your desktop.