How to install and configure VNC on Ubuntu 20.04

How to install and configure VNC on Ubuntu 20.04

Introduction

Virtual Network Computing, or VNC, is a connection system that allows you to use your keyboard and mouse to interact with a graphical desktop environment on a remote server. It makes it easier for users who are not yet comfortable with the command line to manage files, software, and settings on the remote server.

In this guide, you will set up a VNC server with TightVNC on an Ubuntu 20.04 server and connect to it via an SSH tunnel. Then, you will use a VNC client program on your local machine to interact with your server through a graphical desktop environment.

Prerequisites

To complete this tutorial, you will need:

1. An Ubuntu 20.04 server with a non-root administrative user and a firewall configured with UFW.
2. A local computer with a VNC client installed. The VNC client you use must support connections over SSH tunnels:

• On Windows, you can use TightVNC, RealVNC, or UltraVNC.
• On macOS, you can use the built-in Screen Sharing app, or you can use a cross-platform app like RealVNC.
• In Linux, you can choose from many options, including: vinegar, krdcChoose RealVNC or TightVNC.

Step 1 – Install Desktop Environment and VNC Server

By default, Ubuntu 20.04 Server does not come installed with a graphical desktop environment or VNC server, so you start by installing those.

When it comes to choosing a VNC server and desktop environment, you have a lot of options. In this tutorial, you will install packages for the latest Xfce desktop environment and the TightVNC package available in the official Ubuntu repository. Both Xfce and TightVNC are known for being lightweight and fast, which helps ensure that your VNC connection will be smooth and stable even on slower internet connections.

After connecting to your server with SSH, update your package list:

Now package Xfce with xfce4-goodies Install which includes several improvements to the desktop environment:

During installation, you may be asked to choose a default display manager for Xfce. A display manager is a program that allows you to select and log in to a desktop environment through a graphical interface. You will only use Xfce when you connect with a VNC client, and in these Xfce sessions you will already be logged in as a non-root Ubuntu user. So for the purposes of this tutorial, choosing your display manager is not relevant. Choose one and ENTER Press .

Once the installation is complete, install TightVNC server:

Next, the commandvncserver Run to set the VNC password, create initial configuration files, and start a VNC server instance:

You will be asked to enter and confirm a password to remotely access your device:

The password must be between six and eight characters long. Passwords longer than 8 characters are automatically truncated.

Once you confirm the password, you will have the option to create a view-only password. Users who log in with a view-only password will not be able to control the VNC instance with their mouse or keyboard. This is a useful option if you want to show something to other people using your VNC server, but it is not required.

This process then creates the necessary default configuration files and connection information for the server. In addition, it creates a default server instance on port 5901 This port is called a display port and is used by VNC as:1 VNC can run multiple instances on other display ports, with :2 To the port5902, 3: Pointing to 5903 etc.:

Note that if you ever want to change your password or add a view-only password, you can do so with the command vncpasswd Do:

At this point, the VNC server is installed and running. Now let's configure it to launch Xfce and give us access to the server through a graphical interface.

##Step 2 – Configuring the VNC Server

The VNC server needs to know what commands to run when it starts up. Specifically, VNC needs to know which graphical desktop environment to connect to.

The commands that the VNC server runs when it starts are in a configuration file called xstartup In the folder
.vnc Below is your main directory. The startup script was created when you ran the command in the previous step. vncserver You ran it, but you will create your own script to launch the Xfce desktop.

Since you are going to change how the VNC server is configured, first remove the VNC server instance that is running on port 5901 It is running. Stop it with the following command:

The output will look like this, although you will see a different PID:

Before the file xstartup Change, back up the original:

Now a file xstartup Create a new one and open it in a text editor like nano Open:

Then add the following lines to the file:

The first line is a shebang. In plain text files executable on *nix platforms, a shebang It tells the system which interpreter to send that file to for execution. In this case, you are sending the file to the Bash interpreter. This allows each successive line to be executed as a command in order.

The first command in the file, xrdb $HOME/.Xresources, the VNC GUI framework calls the file .Xresources The user reads the server. .Xresources This is where the user can make changes to certain settings of the graphical desktop, such as terminal colors, cursor themes, and font rendering. The second command tells the server to start Xfce. These commands are automatically executed whenever you start or restart the VNC server.

After adding these lines, save and close the file. If you Nano You use it, do this by pressing CTRL + X, Y And then ENTER Do it.

To ensure that the VNC server can use this new setup file properly, you need to make it executable:

Then restart the VNC server:

Note that this time the command includes the option -localhost This connects the VNC server to your server's Loopback interface. This will cause VNC to only allow connections from the server it is installed on.

Next, you create an SSH tunnel between your local machine and your server, essentially tricking VNC into thinking that the connection from your local machine originated from your server. This strategy adds an extra layer of security around VNC, as the only users who can access it are those who already have SSH access to your server.

You will see output similar to this:

With the configuration in place, you are ready to connect to the VNC server from your local machine.

Step 3 – Securely connect to the VNC desktop

VNC itself does not use secure protocols when connecting. To connect securely to your server, you create an SSH tunnel and then tell your VNC client to connect using that tunnel instead of communicating directly.

Create an SSH connection on your local computer that securely connects to Host local connection VNC transfer. You can do this via the terminal on Linux or macOS with the commandssh Do the following:

Here is the meaning of the options of this command ssh It is stated:

• -L 59000:localhost:5901: Switch -L Specifies that the given port is on the local computer (59,000(must be sent to the given host and port on the destination server)localhost:5901, meaning port 5901 On the destination server., as your_server_ip (Note that the local port you specify is somewhat arbitrary. As long as the port is not already connected to another service, you can use it as the forwarding port for your tunnel.).
• -C: This flag enables compression, which can help reduce resource consumption and speed up tasks.
• -N: This option isssh It says you don't want to run any remote commands. This setting is useful when you just want to forward ports.
• l sammy your_server_ip-: Switch -l Allows you to specify the user you want to log in as when connecting to the server. Make sure Sammy and your_server_ip Replace with the name of your non-root user and the IP address of your server.

If you are using PuTTY to connect to your server, you can create an SSH tunnel by right-clicking on the top bar of the terminal window and then clicking the option …Change Settings Click:

Branch Connection Find the branch in the tree menu on the left side of the PuTTY Reconfiguration window. SSH Open and tap Tunnels Click. In Port Forwarding Page Controller Options</59000 strong> SSH, as the source port and localhost:5901 Enter as the destination, like this:

Then click the button. Add Click and then the button Apply Click to implement the tunnel.

After the tunnel is running, use a VNC client to connect to localhost:59000 You will be asked to authenticate using the password you set in step 1.

Once connected, you will see the default Xfce desktop. It should look something like this:

As you can see here, you can access the files in your home directory with the file manager or from the command line:

CTRL+C Press in your local terminal to stop the SSH tunnel and return to your application. This will also disconnect your VNC session.

You can now configure your VNC server to run as a systemd service.

Step 4 – Run VNC as a system service
By setting up the VNC server to run as a systemd service, you can start, stop, and restart it as needed, just like any other service. You can also use systemd management commands to ensure that VNC starts when your server boots.

First, create a new unit file called /etc/systemd/system/[email protected] Create:

Symbol @ At the end of the name it allows us to pass an argument that you can use in the service configuration. You will use this to specify the VNC display port that you want to use when managing the service.

Add the following lines to the file. Be sure to include the value User, Group, Working Directory and the username in the value PIDFILE Change to match your username:

Order ExecStartPre If VNC is already running, it will stop. Command ExecStart Starts VNC and sets the color depth to 24-bit color at a resolution of 1280×800. You can also change these startup options to meet your needs. Also note that the commandExecStart Again
Includes option -localhost It is.

Save and close the file.

Next, notify the system of the new unit file:

Enable the unit file:

1 Under the sign@ Indicates which display number the service should appear on, in this case the default :1 As discussed in step 2.

Stop the current instance of the VNC server if it is still running:

Then start it like any other systemd service:

You can verify that it has started with this command:

If it starts correctly, the output should look like this:

Your VNC server is now ready to use whenever your server starts, and you can start it like any other systemd service with the commandssystemctl Manage.

However, there will be no difference on the client side. To reconnect, restart your SSH tunnel:

Then make a new connection using your VNC client software to localhost:59000 Create a connection to your server.

Result

You now have a secure VNC server running on your Ubuntu 20.04 server. You can now manage your files, software, and settings with a user-friendly graphical interface, and you can run graphical software like web browsers remotely.