VNC for remote access to Ubuntu with Gnome shell

VNC (or Virtual Network Computing) is a system that allows you to use graphical interface remote server. It can transmit screen updates and keyboard and mouse events over the network.

VNC is useful in situations where the server needs a graphical desktop environment.

XFCE is a lightweight graphical desktop environment. This tutorial will use XFCE because it has low system resource requirements and many users are familiar with the tool.

Note: If you wish, you can use another desktop environment (Gnome or KDE, for example).

This guide will help you prepare Debian 8, install the desktop environment XFCE table and configure VNC. Additionally, the guide shows how to create a VNC server startup script and secure it via SSH.

Requirements

Pre-configured Debian 8 (or 8.1) with root access. 512 MB of memory will be enough to run VNC and XFCE. However, depending on your plans, you may need more memory.

VNC client on your computer to be able to connect to the server. The guide uses UltraVNC in Windows system, but of course you can use any other VNC client. You can download UltraVNC from this link. OS X comes with its own VNC client, Screen Sharing.

SSH client for secure connection. On Windows, PuTTY will be used (download here). On OS X, use the built-in Terminal application.

1: Installing VNC and XFCE

First you need to install the VNC server and the XFCE desktop environment, as well as a few additional programs.

Update the server package list:

Now update the package list

apt-get -y upgrade

Install tightvncserver, XFCE4, several useful packages and icon-theme:

apt-get install xfce4 xfce4-goodies gnome-icon-theme tightvncserver

By default, the browser is not installed. You can install iceweasel ( Mozilla version Firefox for Debian) to be able to browse sites:

apt-get install iceweasel

2: Create a user for VNC

Create individual user for VNC connections. It is recommended to use sudo instead of the root user.

To add a vnc user to the server, run the command:

Create a password for the new user. For other questions, you can simply press Enter to accept the standard information.

To install sudo, use the command:

apt-get install sudo

Add the new vnc user to the sudo group, which will give it root privileges.

gpasswd -a vnc sudo

Switch to the vnc user session:

3: Start VNC Server

In a vnc user session, start the VNC server and test the connection.

When you first launch the program, you will be prompted to set a password for connecting to clients. Set a password and remember/write it down, you will need it later. You can also set a view-only password, which will allow users to see the screen but block interaction with it. Note: The password must be 6-8 characters long.

The current display number will appear on the screen:

xauth: file /home/vnc/.Xauthority does not exist
New "X" desktop is vnc:1
Creating default startup script /home/vnc/.vnc/xstartup
Starting applications specified in /home/vnc/.vnc/xstartup
Log file is /home/vnc/.vnc/vnc:1.log

By default, the first VNC connection is served on port 5901, the second on port 5902, etc.

Note: On at this stage there is no need to stop the server. The command to stop the server is given below for your reference.

To stop the VNC server, run the following command on Display 1 (port 5901):

vncserver -kill:1

where: 1 is the number of the display that needs to be stopped.

If necessary, the VNC server can be started manually. Later we will show you how to create a service for VNC.

4: Connect from the client

Now you can connect to VNC. To do this, use a local VNC client, which depends on the operating system.

On Windows you can use UltraVNC.

OS X provides a built-in Screen Sharing application for this. You can also use Safari. To do this, enter:

vnc://yourserverip:5901

For the VNC server address, enter:

yourserverip:5901

and enter the newly selected password for VNC connections.

Now you can use the remote desktop.

5: Creating a service for VNC

Now you can create a service by adding VNC to system. Services allow you to start and stop the VNC server, as well as start it automatically when the virtual server is rebooted.

Stop the current interface:

vncserver -kill:1

Create a simple script to control a VNC server.

In a vnc user session (or any other user with sudo rights), create a script file.

Paste the following code into it without changes. This script contains several parameters to start VNC.

#!/bin/bash
PATH="$PATH:/usr/bin/"
DISPLAY="1"
DEPTH="16"
GEOMETRY="1024x768"

case "$1" in
start)
/usr/bin/vncserver $(OPTIONS)
;;
stop)
/usr/bin/vncserver -kill:$(DISPLAY)
;;
restart)
$0 stop
$0 start
;;
esac
exit 0

You can modify the script slightly to adjust the VNC color depth.

In the nano text editor, press CTRL+O to save and CTRL+X to close the file.

Make the file executable:

sudo chmod +x /usr/local/bin/myvncserver

This script allows you to edit settings and quickly start and stop the server.

Note: If necessary, the script can be started/stopped manually.

sudo /usr/local/bin/myvncserver start
sudo /usr/local/bin/myvncserver stop
sudo /usr/local/bin/myvncserver restart

Now we can create a file for the service to describe it and tell the machine how to start/stop/restart that service.

sudo nano /lib/systemd/system/myvncserver.service

Copy the following code to a file. This service will simply call the previously created launch script.

Description=Manage VNC Server on this droplet
Type=forking
ExecStart=/usr/local/bin/myvncserver start
ExecStop=/usr/local/bin/myvncserver stop
ExecReload=/usr/local/bin/myvncserver restart
User=vnc
WantedBy=multi-user.target

Restart systemctl and enable the service:

sudo systemctl daemon-reload
sudo systemctl enable myvncserver.service

So now the service is enabled. Use following commands to control the service using systemctl:

sudo systemctl stop myvncserver.service
sudo systemctl restart myvncserver.service

Start the VNC server as a service.

6: Securing VNC with SSH Tunneling

By default, VNC connections are not encrypted. Therefore, it is recommended to use an SSH tunnel to protect data.

To do this, you need to allow VNC to run only on the local host. Add the -localhost flag to the OPTIONS line in the script you created earlier.

Stop the VNC server:

sudo systemctl stop myvncserver.service

Edit the script:

sudo nano /usr/local/bin/myvncserver

Find this line:

. . .
OPTIONS="-depth $(DEPTH) -geometry $(GEOMETRY) :$(DISPLAY)"
. . .

And replace it:

. . .
OPTIONS="-depth $(DEPTH) -geometry $(GEOMETRY) :$(DISPLAY) -localhost"
. . .

Then start VNC:

sudo systemctl start myvncserver.service

Now you can connect to the VNC server from a remote computer.

For Windows users

To create an SSH tunnel, use PuTTY.

Open PuTTY.

In the left menu, go to the Connection->SSH->Tunnels section.

In the Add New Forwarded Port section, specify port 5901 as the Source port, and in the Destination field, specify localhost:5901. Click Add.

Then open the Session section and enter your IP address in the Host Name (or IP address) field. To connect, click Open.

Open a vnc session. Do not close the PuTTY window until the VNC connection is established.

Then use the VNC client. Just enter localhost::5901 and put the SSH connection in the background.

For OS X users

To create an SSH tunnel, enter in the terminal:

ssh vnc@your_server_ip -L 5901:localhost:5901

Authenticate. Then specify localhost:5901 for Screen Sharing.

Conclusion

You now have access to the shared remote desktop on Debian server 8, which can be used to set up a server or collaborate.

Tags: ,

Based on the name of the VNC Viewer application, many users can immediately guess what class of software it belongs to, for example, by drawing an analogy with the well-known TeamViewer package. However, ordinary users may encounter such a utility for the first time, so it is worthwhile to dwell separately on some issues related to how and what modification of the program is best to install, how to configure the application for optimal operating mode, how to use VNC Viewer, “squeezing” the maximum out of the application opportunities.

General information about VNC Viewer

To begin with, let's briefly look at what this software product is and consider what it is intended for. Based on the above analogy, we can say that a VNC client is universal application, allowing you to organize access to a remote computer in a matter of minutes.

That is this program can be classified as a class of RDP applications designed to connect to a remote desktop. However, the matter is not limited to access to remote computers, since the program itself has many additional features:

• Full control of settings without restrictions in full screen or windowed mode.
• File transfer.
• Ability to send messages via built-in chat.
• Blocking peripherals if necessary (mice, keyboards, etc.).
• Ability to access connected PCs via browser.
• Organization of connection with several terminals at the same time.

It’s immediately worth noting that Virtual Network Computing (VNC) technology has one more undeniable advantage, when compared with analogues. The fact is that it has the ability to install server and client parts (depending on what type of connection will be used in the future), plus, fine tuning Software for every installation to ensure maximum performance.

Features of choosing an installation distribution

Before proceeding with the installation, you need to decide on the choice of modification of the VNC client that you intend to install. Firstly, the program itself is cross-platform and can be installed on almost all known desktop and mobile operating systems. Secondly, for the same Windows OS you can find versions of the program RealVNC, TightVNC, UltraVNC and a lightweight modification of UltraVNC SC (all versions are compatible with each other, but some functions may not be available), for Mac OS X - Chicken and JollysFastVNC. Thirdly, you should decide on the type of client to be installed (the server part is used to organize connections from the central machine to child terminals, and the client part is used to connect from child machines to the central server).

Fourthly, directly on official resource developer, you can select your preferred VNC Viewer installer file format for Windows (EXE, MSI) or download the distribution package as a packaged ZIP archive. The last point is at the request of the user.

Installing VNC Viewer

Now let's move directly to the installation of the selected software product. Note that for almost all modifications the installation process looks the same.

To start the installation in Windows versions 7 and higher, the VNC client installer file is launched exclusively with administrator privileges (in RMB menu select run as administrator). There is nothing unusual in the installation process itself.

The user needs to select his preferred language, accept the terms and conditions license agreement, specify the installation path (you don’t have to change it), add an icon to the “Desktop” at one stage, and then simply click the start installation button.

First launch of the application

Let's assume that the program is installed and the user is launching it for the first time. Initially, VNC Viewer settings are not very complicated. At the first start, a window will be shown in which you can select the desired action. But we will proceed from the fact that we need to make the connection ourselves.

How to use VNC Viewer?

First, through the file menu, select the New Connection item, and then enter the IP address in the new window remote terminal or the full name of the computer (the address can be found on the connected machine using the properties of the Internet connection or the command line by entering the ipconfig command, and the computer name can be viewed in the system properties). After this, a password request window will appear in which you need to enter the desired combination. If the combination matches the password set on the remote computer, the remote “Desktop” will appear.

We figured out how to use VNC Viewer to create a connection. Now a few words about the preferred settings.

If you look carefully at the connection creation window, you will find a tab for experts. If in these settings you select, for example, your preferred compression algorithms for transmitted and received data, you can significantly reduce the load on CPU and optimize application Virtual technologies Network Computing even for networks with throughput at 256 kbit/s. For graphics, it is recommended to set a high compression level (Compression Level) with minimal quality (JPEG Quality), and, as an additional optimization, activate a reduction in the number of colors (Restricted Colors or bgr233).

Also, it's worth noting that a single terminal can use a connection to multiple machines based on the 5900 base port via the display option. By default, the main display is set to "0", and for all others it is incremented ("1", "2", etc.). Accordingly, the port will change (5901, 5902, etc.), which will need to be specified after the address separated by a colon (for example, 192.168.0.5:5901). In the case of dynamic (rather than static) addresses, you can additionally use obtaining dynamic DNS, for example, based on DynDNS. You can set this setting on your router or register on the service portal on the Internet. In this case, the service will transmit installed client all information related to changing the IP of the connected computer.

Possible malfunctions in the program

Basically, failures can only be due to the fact that at the moment there is simply no Internet connection on the computer or the corresponding port used by the program by default is occupied. Sometimes you may notice blocking by antiviruses and firewalls. But these problems can be solved quite simply.

Some common troubleshooting methods

Among the main methods for eliminating possible failures when trying to establish a connection, we recommend the following:

• Enter installed program to the list of applications that are allowed to use the Internet connection in Windows Firewall.
• Create new rules for port 5900 for outgoing and incoming connections.
• If the previous solution does not help, forward port 5900 on your router.
• Add the program to the antivirus exclusion list.
• Check that the instructions are correct static address and password for accessing the remote terminal.

Results

That's briefly all that concerns the question of how to use VNC Viewer. As you can see, there is nothing particularly complicated here. In conclusion, it is worth noting that in some cases it is advisable to use non-passwords that are set directly in operating systems oh, and log in to the registration record in the client itself in advance, having previously created it on a special resource. In this case, you will not depend on Windows accounts.

How to help your users access a multi-user Linux system from anywhere

VNC and X server architecture

The graphical user interface (GUI) in Linux® uses the X Window System (abbreviated X). X is an unusual GUI in several respects, notably because it is natively a network interface. X server, in essence, is a program network server. Network server programs provide client programs with access to local resources, and this is true for the X server as well. The peculiarity is that in the case of the X server, “local resources” are the display, keyboard and mouse with which the user works. In the most common configuration, X client programs run on the same computer as the server. Thus, LibreOffice, the GNU Image Manipulation Program (GIMP), or other programs are X clients that use X network protocols to accept data from the user and display the results on the same computer.

However, when X is used on a network, the user sits at an X server computer, and the X clients are programs that need to be run on another computer. This configuration requires a second network protocol, establishing a connection. This second protocol could be telnet, Secure Shell (SSH) or X Display Manager Control Protocol (XDMCP). The server for this remote login protocol runs on the X client computer, and the remote login client runs on the X server computer. The remote login server runs X clients, which in turn establish a connection to the X server. illustrates this interaction. Dotted arrows indicate the beginning of the session. (With XDMCP, the XDMCP client is built into the X server program.)

Figure 1. For remote access X requires client and server on both computers

This configuration works great in many local networks, but is not without its shortcomings. For example, it requires a two-way network protocol to be initiated, which may be prevented by a firewall or Network Address Translation (NAT) router. (SSH removes this obstacle by allowing X sessions to be tunneled.) Additionally, although X servers exist for most platforms, they are not typically installed on computers running Windows control®. For these and other reasons, many people prefer to use another protocol, Remote Frame Buffer (RFB), which is implemented in the Virtual programs Network Computing (VNC).

VNC is a cross-platform tool that allows remote access to Linux, UNIX®, Mac OS X, Windows and other systems from any type of client. The user sits at a client computer and accesses a remote server computer. IN Linux VNC server either mirrors the contents of the local X server screen to a remote computer, or contains its own own X server, capable of running independently of whatever controls the local screen. The result is shown in Figure 2. Again, the dotted arrow indicates the start of the session. This configuration eliminates the need for a reverse network connection, and since VNC clients and servers are available for many operating systems, the same client program provides access to any server.

Figure 2. The VNC server includes an X server that can communicate with local programs via X client

The disadvantage of VNC is that RFB authentication is based on passwords without usernames. So each user must start an independent VNC server session and establish a connection to that VNC instance by specifying correct number port. This requirement is tolerable for a single-user system, but causes extreme inconvenience when working on a multi-user computer.

To solve this problem, you can combine these two approaches: reconfigure the local XDMCP server so that it helps the X server built into VNC provide the missing multi-user authentication. (The resulting configuration is illustrated in Figure 3. The dotted arrow indicates the start of the session.) Now, when remote VNC users access the VNC server computer, they can enter usernames and access passwords for their own unique VNC sessions, so that the computer can be used for as long as any users.

Figure 3: Adding XDMCP to a VNC configuration provides increased flexibility

Setting up a VNC server

There are several ways to run VNC, including using scripts, binding VNC to your desktop environment using desktop instruments and using xinetd to listen to VNC connections. This latter approach is described here because it allows VNC to run in a way that can use an XDMCP server. Before moving on to the instructions for setting up VNC to run through xinetd, you must select a VNC server.

Selecting a VNC server

There are several VNC server programs. (See section). Some of the most popular are TightVNC, TigerVNC and RealVNC. This article uses TightVNC as an example. Unfortunately, configuration details are both server and distribution specific, so the instructions here will need to be tailored to your software.

Installing xinetd

Many distributions install the xinetd superserver by default, but not all. Because the method described here assumes the use of xinetd, you must install xinetd if it is not already installed. On most distributions, xinetd can be installed using a package manager, for example by calling apt-get install xinetd on distributions on Debian based or zypper install xinetd in openSUSE.

You may also need to configure the xinetd startup process. Typically, you can use the System V (SysV) startup script for a one-time startup:

# /etc/init.d/xinetd start

For settings automatic start xinetd, when booting a computer, requires knowledge of the operating methods of startup scripts for your distribution. Typically this is done with a utility such as chkconfig (used on Fedora, openSUSE and related distributions), update-rc.d (used on Debian and related distributions) or rc-update (used on Gentoo), something like this:

# chkconfig xinetd on # update-rc.d xinetd enable # rc-update add xinetd default

Enter only one from these commands or find the equivalent for your distribution.

Note that xinetd may not start if it is not configured to run any services. So you may have to wait to run it until you have configured xinetd to manage your VNC server.

Setting up xinetd

Servers to be managed by xinetd place configuration files in the /etc/xinetd.d directory. Thus, to configure xinetd to manage VNC, you need to create or edit a file with the name type /etc/xinetd.d/vnc.(On some distributions, such as openSUSE, the VNC server package installs such a file.) Listing 1 shows an example.

Listing 1. Example of VNC configuration for xinetd

service vnc ( disable = no socket_type = stream protocol = tcp wait = no user = nobody server = /usr/bin/Xvnc server_args = -inetd -once -query localhost -geometry 1024x768 -depth 16 type = UNLISTED port = 5900 )

This entry specifies several xinetd options, most of which should be left as is. Listed below are the settings that may need to be configured.

• service. VNC with different parameters can be run on multiple ports, but in this case, in the first line of Listing 1, you need to give VNC a separate service name for each port.
• server. This parameter needs to be changed to point to the main binary file VNC server, which is usually called Xvnc.
• server_args. You will almost certainly want to change some of these values, as described below.
• port. VNC uses port numbers 5900 and above. You can start the server with different meanings parameters through different ports. In this case, each instance must be assigned its own port number.

The trickiest part of setting up xinetd is setting the server arguments. You can use the arguments shown in Listing 1 as a model, changing some of them.

• -query localhost . This option specifies that the VNC X server should check the localhost system for XDMCP authentication. It can be changed if you want to use one computer as a translator to access the programs of another.
• -geometry 1024x768 . This option sets the virtual resolution of the VNC session. Note that this resolution does not have to match that of a regular X server running on the server machine. You can create multiple entries running at different resolutions so that users can log into the VNC server at the resolution that suits their needs. local systems.
• -depth 16 . This parameter sets the color depth. The lower the value, the faster the display updates, but on a screen with big amount colors may be distorted. Range acceptable values from 2 to 32.

There are many other options, and some of them depend on the VNC server. Refer to your VNC server documentation.

Setting up an XDMCP server

Most Linux distributions configure their XDMCP servers to only manage the local display. To enable remote access, you need to reconfigure the XDMCP server to accept access requests from a VNC server running on the same computer. The details depend on the XDMCP server. The three most commonly used on Linux are GNOME Display Manager (GDM), Light Display Manager (LightDM), and KDE Display Manager (KDM). Other XDMCP servers, such as XDM, require different settings than those described here. In any case, after reconfiguring the XDMCP server, you will have to restart it.

Editing the XDMCP Configuration File

If you are not sure which XDMCP server is being used on your system, you can determine this by viewing the process listing using the dm line, for example:

$ ps ax | grep dm 929 ? Ss 0:00 /usr/bin/kdm 962 tty7 Ss+ 0:19 /usr/bin/Xorg -br:0 vt7 -nolisten tcp -auth \ /var/lib/xdm/authdir/authfiles/A:0-pp4shb 30157 pts/3 S+ 0:00 grep --color=auto dm

The first line of this printout states that KDM is running, so in order for VNC to use XDMCP, you need to edit that server's configuration file. The configuration files of most XDMCP programs follow the same format. They contain sections with names given in square brackets, such as . The lines following the section name specify parameters using an equal sign, for example: enable=true . Table 1 lists the configuration file names, section names, and parameters that must be defined for XDMCP to work on several common Linux XDMCP servers.

Table 1. Parameters that allow XDMCP to support VNC for different XDMCP servers

The XDMCP section in the configuration file may be completely missing. If present, it may explicitly disable XMDCP support, contain commented out options, or be empty. Regardless initial state file, you must make sure that the XDMCP section is present and that support is enabled. As an example, let's look at configuring KDM to enable XDMCP:

Enable=true

Some distributions allow you to enable additional security measures that you may need to relax. One of them is a firewall. Firewall scripts are usually distribution-specific, so for configuration instructions firewall refer to the documentation for your system. You need localhost to have access to port 177, and VNC clients to access port 5900 (or any other ports that are used for VNC).

OpenSUSE has additional file configuration, which controls some types of access, including XDMCP access: /etc/sysconfig/displaymanager. Open this file in a text editor and find the following line:

DISPLAYMANAGER_REMOTE_ACCESS="no"

Change the value of this parameter to "yes" . If you leave "no" , the XDMCP server login window will not be displayed when connecting to a VNC server. In most distributions this change Not required: This file only uses openSUSE.

Restarting the XDMCP server

When the XDMCP server is configured to support remote connections, it needs to be restarted. On distributions that start X via a SysV init file, such as Debian and Gentoo, this can be done using the restart option:

# /etc/init.d/gdm restart

On a system that uses runlevel to run X, such as Fedora or openSUSE, you need to go to runlevel text mode(usually 3) and then back to the GUI level (usually 5):

# telinit 3 # telinit 5

Keep in mind that either approach logs you out of X, so save any work you've done in your X session before continuing.

Testing and Debugging

You can now log in with remote computer using a VNC client. Most Linux distributions include the vncviewer command, so you can type:

vncviewer

To login remotename via VNC. If VNC is configured and working correctly, the result will be something like Figure 4. If you set up multiple VNC sessions on different ports, you can specify the VNC session number by passing it as part of the hostname. Enter:

vncviewer:3

To log into session 3 (via port 5903).

Figure 4. When configured to work with XDMCP, VNC provides the usual Linux prompt

If you do not see the XDMCP login screen when you run this test, you will need to debug. Below are some recommendations.

• If vncviewer reports that the connection was refused, it most likely means that the superserver on the VNC server machine is not configured properly. Check xinetd configuration and try restarting the superserver. It is also possible that the firewall is blocking access to the VNC server computer.
• If the VNC client starts and connects to the server, but you only see a gray screen with a cursor that can be moved, the problem is most likely with the XDMCP server configuration. Check the settings above and restart the XDMCP server.
• Review the event log files as you would normally do when debugging. You may need to search for all log files in the /var/log directory using links to your xinetd, XDMCP server, and VNC server.

VNC Security Issues

RFB is not a secure protocol; Most VNC clients and servers do not encrypt their data. (VNC encrypts its own passwords, but the approach described here does not use these passwords.) Be careful when choosing how and where to install VNC. If you want to use VNC on an unsecured network, there are three options:

• use virtual private network(VPN);
• tunnel protocol via SSH;
• Use a VNC option that supports encryption, such as TigerVNC with Transport Layer Security encryption capability.

When you enable VNC login windows as described in this article, external world At least two ports are opened (VNC and XDMCP). Both ports can be restricted by firewall rules to minimize the risk of abuse. Note that the XDMCP port (UDP 177) should only be open to localhost, so the firewall rule for it can be quite restrictive.

Conclusion

In general, VNC and XDMCP connection is a useful method of providing remote GUI login for multi-user Linux computers. This method has advantages over directly applying XDMCP in a cross-platform environment or when there are problems caused by a firewall or NAT. On multi-user computers it is preferable to more common methods direct connection VNC. There are safety issues to consider when using this method. Be prepared to set up firewall rules to limit unwanted outside access, and use encryption if data is traveling over an untrusted network.

|

VNC (Virtual Network Computing) is a remote access system that allows you to use a keyboard and mouse to interact with a graphical desktop interface on a remote server. With its help, you can manage files, software and settings of a remote server without accessing the command line.

This guide will help you install VNC on an Ubuntu 16.04 virtual private server and set up a secure connection using an SSH tunnel. The VNC server will use TightVNC, a fast and lightweight package remote control, which supports operation even with slow Internet.

Requirements

• Configured Ubuntu 16.04 server (refer to for this).
• Non-root user with sudo access.
• A local computer with a pre-installed VNC client that supports VNC connections over an SSH tunnel. Windows users can install TightVNC, RealVNC or UltraVNC. Mac users OS X can use the built-in Screen Sharing package or use cross-platform applications (for example, RealVNC). Linux users can choose vinagre, krdc, RealVNC, TightVNC, etc.

1: Install Desktop Environment and VNC Server

By default, Ubuntu 16.04 servers come without pre-installed graphical environment desktop and VNC server. Therefore, you first need to install these components. This tutorial uses the Xfce and TightVNC packages available in the official Ubuntu repository.

To install the specified packages on the server, enter:

sudo apt install xfce4 xfce4-goodies tightvncserver

To complete the initial setup of the VNC server after installing it and selecting strong password, use the vncserver command.

The command will ask you to select and confirm a password, as well as a viewing password (optional). Users who access VNC using a browsing password will not be able to control VNC using a mouse or keyboard. This password allows you to demonstrate VNC to other users if necessary.

The vncserver command will complete the initial VNC setup and will create configuration files.

2: Setting up a VNC server

First you need to define the commands that the VNC server will execute when starting. These commands should be in the xstartup file in the .vnc directory, which is stored in your home directory current user. The startup script was created by the vncserver team, but it needs to be modified to work with Xfce.

When VNC first starts, it uses port 5901. VNC calls this port:1. VNC can run other instances on other ports, which will be called :2, :3, etc.

To change the VNC server settings, you need to stop the instance using port 5901.

vncserver -kill:1

The command will return the following message (PID will be different):

Killing Xtightvnc process ID 17648

Create backup copy xstartup file:

mv ~/.vnc/xstartup ~/.vnc/xstartup.bak

Then create a new xstartup file:

nano ~/.vnc/xstartup

Paste the following commands into it, which will be executed automatically when the VNC server starts. Save and close the file.

~/.vnc/xstartup
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4&

With the first command, xrdb $HOME/.Xresources, the VNC server GUI reads the .Xresources file. In the .Xresources file, the user can make changes to some settings of the graphical desktop (customize terminal colors, cursor themes, fonts). The second command simply launches Xfce, which is where all the graphics are stored software, necessary to manage the server.

Now you need to transfer the rights to the file:

sudo chmod +x ~/.vnc/xstartup

Restart VNC:

During startup the server will return:

New "X" desktop is your_server_name.com:1
Starting applications specified in /home/8host/.vnc/xstartup
Log file is /home/8host/.vnc/liniverse.com:1.log

3: Testing the VNC Desktop

Now you need to make sure that the VNC server is configured correctly.

Create an SSH connection on your local computer, redirected to the VNC server's localhost. For this you can use Linux terminal or OS X.

ssh -L 5901:127.0.0.1:5901 -N -f -l username server_ip_address

Note: Replace user and server_ip_address with a username with sudo access and your IP address.

If you are using graphical SSH client(e.g. PuTTY), use server_ip_address as the connection IP address and then specify localhost:5901 in the SSH tunnel settings.

You can now use the VNC client to connect to the server. To do this you need to pass authentication. Enter the password set in section 1.

After this, the standard Xfce desktop will appear on the screen.

You can access files in your home directory using a file manager or the command line.

4: Create a VNC service file

Now you need to configure the VNC server as a system service.

Create a new file /etc/systemd/system/ [email protected]:

sudo nano /etc/systemd/system/ [email protected]

Copy and paste the following code into it:

/etc/systemd/system/ [email protected]
Description=Start TightVNC server at startup
After=syslog.target network.target
Type=forking
User=8host
PAMName=login
PIDFile=/home/8host/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill:%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800:%i
ExecStop=/usr/bin/vncserver -kill:%i
WantedBy=multi-user.target

Note: Enter your username instead of 8host.

Save and close the file.

Restart the daemon:

sudo systemctl daemon-reload

Include the new file:

sudo systemctl enable [email protected]

Stop the current VNC server instance if it is still running:

vncserver -kill:1

Now try running it like any other systemd service:

sudo systemctl start vncserver@1

To make sure the server is running, check its status:

sudo systemctl status vncserver@1

If the server is running, the command will return:

[email protected]- TightVNC server on Ubuntu 16.04
Loaded: loaded (/etc/systemd/system/ [email protected]; enabled; vendor preset: enabled)
Active: active (running) since Mon 2016-04-25 03:21:34 EDT; 6s ago
Process: 2924 ExecStop=/usr/bin/vncserver -kill:%i (code=exited, status=0/SUCCESS)
...
systemd: Starting TightVNC server on Ubuntu 16.04...

systemd: pam_unix(login:session): session opened for user finid by (uid=0)
systemd: Started TightVNC server on Ubuntu 16.04.

Conclusion

The Ubuntu 16.04 server now has a secure VNC server installed. It can be used to manage files, programs and settings of a remote server.

Tags: ,

VNC (Virtual Network Computing) is a remote access system that allows you to use a keyboard and mouse to interact with a graphical desktop interface on a remote server. With its help, you can manage files, software and settings of a remote server without accessing the command line.

This manual will help you install VNC on a Ubuntu 16.04 virtual private server and set up a secure connection using an SSH tunnel. The VNC server will use TightVNC, a fast and lightweight remote control package that supports operation even on slow internet.

Requirements

• Ubuntu 18.04 server configured with .
• A local computer with a pre-installed VNC client that supports VNC connections over an SSH tunnel. Windows users can install TightVNC, RealVNC or UltraVNC. Mac OS X users can use the built-in Screen Sharing package or use cross-platform applications (such as RealVNC). Linux users can choose vinagre, krdc, RealVNC, TightVNC, etc.

1: Install Desktop Environment and VNC Server

By default, Ubuntu 18.04 servers come without a pre-installed graphical desktop environment and VNC server. Therefore, you first need to install these components. This tutorial uses the Xfce and TightVNC packages available in the official Ubuntu repository.

To install the specified packages on the server, update the index and enter the command:

sudo apt update
sudo apt install xfce4 xfce4-goodies

Now install TightVNC:

sudo apt install tightvncserver

To complete the initial setup of the VNC server after it is installed and select a strong password, use the vncserver command.

The command will prompt you to select and confirm a password:

You will require a password to access your desktops.
Password:
Verify:

The password must be between six and eight characters long. Longer passwords will be automatically shortened to 8 characters.

Once you confirm your password, you will have the option to create a view-only password. Users accessing VNC using a browsing password will not be able to control VNC via mouse or keyboard. This password allows you to demonstrate VNC to other users if necessary.

The process will then complete the initial VNC setup and create configuration files.

Would you like to enter a view-only password (y/n)? n
xauth: file /home/8host/.Xauthority does not exist
New "X" desktop is your_hostname:1
Creating default startup script /home/8host/.vnc/xstartup

2: Setting up a VNC server

First you need to define the commands that the VNC server will execute when starting. These commands should be in the xstartup file in the .vnc directory, which is stored in the current user's home directory. The startup script was created by the vncserver team, but it needs to be modified to work with Xfce.

When VNC first starts, it uses port 5901. VNC calls this port:1. VNC can run other instances on other ports, which will be called :2, :3, etc.

To change the VNC server settings, you need to stop the instance using port 5901.

vncserver -kill:1

The command will return the following message (PID will be different):

Killing Xtightvnc process ID 17648

Create a backup of the xstartup file:

mv ~/.vnc/xstartup ~/.vnc/xstartup.bak

Then create a new xstartup file:

nano ~/.vnc/xstartup

Paste the following commands into it, which will be executed automatically when the VNC server starts. Save and close the file.

~/.vnc/xstartup
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4&

With the first command, xrdb $HOME/.Xresources, the VNC server GUI reads the .Xresources file. In the .Xresources file, the user can make changes to some settings of the graphical desktop (customize terminal colors, cursor themes, fonts). The second command simply launches Xfce, which stores all the graphics software needed to manage the server.

Now you need to make the file executable:

sudo chmod +x ~/.vnc/xstartup

Restart VNC:

During startup the server will return:

New "X" desktop is your_hostname:1
Starting applications specified in /home/8host/.vnc/xstartup
Log file is /home/8host/.vnc/your_hostname:1.log

3: Secure connection to VNC

VNC does not use secure protocols when connecting. Create an SSH tunnel to securely connect to the server, and then configure a VNC client to support the tunnel instead of a direct connection.

Create an SSH connection on your local computer, which will go to the localhost connection for VNC. You can do this on Linux or macOS via the terminal using the following command:

The -L flag specifies port bindings. In this case we bind port 5901 remote connection to port 5901 on the local computer. The -C flag enables compression and the -N tells ssh what to do remote command no need. The -l option specifies the remote login name.

Don't forget to replace 8host and your_server_ip with your data.

If you are running through a graphical SSH client such as PuTTY, use your_server_ip as the IP connection in your SSH tunnel settings and set localhost:5901 as the new port.

Once the tunnel is up and running, use your VNC client to connect to localhost:5901. This will ask you for the password you chose in section 1.

After this you will see standard screen Xfce.

You can access files in your home directory using a file manager or from the command line.

Press CTRL + C in the terminal to close the SSH tunnel and return to command line. This will also end your VNC session.

4: Create a VNC service file

Now you need to configure the VNC server as a system service.

Create a new unit file /etc/systemd/system/ [email protected]:

sudo nano /etc/systemd/system/ [email protected]

The @ symbol at the end of the file name will allow you to pass an argument that can be used in the service configuration. Using it, you can specify the VNC port that should be used when managing the service.

Add the following lines to the file. Be sure to change the User, Group, WorkingDirectory and username in the PIDFILE value.

/etc/systemd/system/ [email protected]
Description=Start TightVNC server at startup
After=syslog.target network.target
Type=forking
User=8host
Group=8host
WorkingDirectory=/home/8host
PIDFile=/home/8host/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill:%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800:%i
ExecStop=/usr/bin/vncserver -kill:%i
WantedBy=multi-user.target

The ExecStartPre command stops VNC if the service is already running. The ExecStart command starts VNC and sets the color depth to 24-bit color with a resolution of 1280x800. You can also change these settings depending on your needs.

Save and close the file.

Then let the system know about the new unit file.

sudo systemctl daemon-reload

Enable it:

sudo systemctl enable [email protected]

The number 1 following the @ determines which display number should be shown in the service, in this case it is the default value.

Stop the current VNC server instance if it is still running.

vncserver -kill:1

Now try running it like any other systemd service:

sudo systemctl start vncserver@1

To make sure the server is running, check its status:

sudo systemctl status vncserver@1

[email protected]— Start TightVNC server at startup

Loaded: loaded (/etc/systemd/system/ [email protected]; indirect; vendor preset: enabled)
Active: active (running) since Mon 2018-07-09 18:13:53 UTC; 2min 14s ago
Process: 22322 ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800:1 (code=exited, status=0/SUCCESS)
Process: 22316 ExecStartPre=/usr/bin/vncserver -kill:1 > /dev/null 2>&1 (code=exited, status=0/SUCCESS)
Main PID: 22330 (Xtightvnc)
...

The VNC service has now been added to startup.

Start the SSH tunnel again:

ssh -L 5901:127.0.0.1:5901 -C -N -l 8host your_server_ip

Create a new connection from the VNC client to localhost:5901 to test the setup.

Conclusion

Now VNC server is installed on Ubuntu 18.04 server. With it, you can manage files, programs and settings of a remote server (for example, launch a web browser remotely).

Tags: ,