Confifuring VNC featured image

Installing and Configuring Virtual Network Computing (VNC) on Ubuntu 20.04

Virtual Network Computing (VNC) is a screen-sharing system used to access graphical user interfaces remotely. It uses the remote frame buffer protocol allowing one server (user side) to connect with another side (client). VNC is safe, secure, and works on all operating systems.

RealVNC, UltraVNC, Xfce, TightVNC, to name a few, are the most popular VNC clients used today. Among the list of alternatives available, you are free to choose any VNC at your convenience. In this tutorial, we will walk you through the steps of installing and configuring VNC on Ubuntu 20.04. We’re going to install Xfce because of its speed, lightweightness, and excellent performance.

We’ll start with setting up a VNC server on an Ubuntu server and establishing a secure connection through the SSH tunnel. Finally, we will use a VNC client program on our local machine to interact with the server through a graphical desktop environment.

Prerequisites

To follow this tutorial, you will need:

Step 1— Install the Desktop Environment and the VNC Server

Unlike previous Ubuntu versions, Ubuntu 20.04 does not come with a pre-installed VNC. As a first step, we will install the necessary packages from the official Ubuntu repository. Before heading forward, let’s update the existing packages:

Now we’ll install Xfce and the xfce4-goodies package using the command:

As your package is installing, you’ll see a screen prompting you to choose a default display manager for Xfce. Ignore the message or set it as default, and then press ENTER.

A display manager is a program that allows users to log in to a desktop environment through a graphical interface. In this tutorial, we’ll use Xfce when connecting with a VNC client where we’re logged in as a non-root Ubuntu user. Therefore, the choice of display manager will not have any impact on our installation.

After the Xfce installation, we will install the TightVNC server:

In the next step, use the vncserver command to set up a VNC access password and create the initial configuration files. Type the following to start the VNC server instance:

After that, set up a password between 6-8 characters long and hit ENTER. You will see a prompt message:

After you verify the password, you’ll get an option to create a view-only password. Users who log in using the view-only password get restricted to control the VNC with the mouse or keyboard. Again, this is just recommended and you can enable it if you need it, else you can skip it.

In the future, if you wish to change your password or add a view-only password, use the command:

By now, you’ll have all the default configurations created for the server, and a display port 5901 launched as :1. VNC can launch multiple instances on other display ports like :2, :3, and :4 referring to port 5902, 5903, and 5904 respectively:

Your VNC server is now installed and running successfully. In the next step, let’s configure the server to launch Xfce to get access through the graphical interface.

Step 2— Configure the VNC Server

Under the home directory, you will find the .vnc folder which contains all the configuration files called startup. Initially, you will find the startup file running which was automatically created when we ran the command vncserver in Step-1. The startup script was created when you ran the vncserver command in the previous step. However, you will now create your own to launch the Xfce desktop. We will also have to create our own server to launch the Xfce desktop because the VNC configuration will change.

Before proceeding further, we have to stop the VNC server instance running on port 5901:

You will see the output:

Instead of 17648, you may get a different number and that’s okay. Next, we’ll modify the xstartup file. Before making any file modifications, let’s back up the original file:

Next, create a new xstartup file and open it in any text editor. In this tutorial, we’re using nano:

Once done, add the following lines to the file:

Whenever you’re starting or restarting the VNC server, these commands get executed automatically. The first line is Shebang that informs the system about the information of the interpreter to pass the ~/.vnc/xstartup file for execution. The next line xrdb $HOME/. Xresources, informs the VNC’s GUI framework to read the server user’s Xresources file. Finally, the last line asks the server to launch the Xfce. After adding these lines, save and close the file.

We need to make the file executable so that the VNC server can use the new startup file:

Next, restart the VNC server:

Now you’ll have the -localhost option added here. The localhost binds the VNC server to your server’s loopback interface, allowing connections from installed servers only. Next, we’ll establish an SSH tunnel between our local machine and server. The aim is to add an extra layer of security around VNC. Why? It is because the users who will have access will be the ones that already have SSH access to the server.

You’ll see the following output:

After the configuration is set up, we’re ready to connect to the VNC server from our local machine.

Step 3— Connect Securely to the VNC Desktop

When connecting with the server, VNC does not use secure protocols. Therefore, we need to establish an SSH tunnel and ask the VNC client to make a connection using the tunnel instead of allowing it to make a direct connection on its own.

We’ll create an SSH connection on our local computer using the ssh command that forwards to the localhost connection. Use the command on the terminal to create an SSH connection:

Let’s decipher the above code:

  • -L 59000:localhost:5901: The -L switch specifies that the given port on the local computer ( 59000) will go to the given host and port on the destination server ( localhost:5901). That means port 5901 on the destination server will be defined as your_server_ip). The local port you specify is arbitrary. As long as the port isn’t already bound to another service, you’re free to use it as the forwarding port for your tunnel.

  • -C: Enables compression which further helps in minimizing resource consumption and accelerating performance.

  • -N: Useful for forwarding ports. This informs ssh to not execute any remote commands.

  • -l cloudsigma your_server_ip: The -l switch allows you to specify the user you want to log in as after you connect to the server.

The above command is a more secure way of establishing a secure connection than merely opening up your server’s firewall to allow connections to port 5901 from anywhere. Once you make the connection, the SHH tunnel forwards the contents from port 5901 on your VNC to port 59000 on your local machine through the default SSH port; port 22.

You can also use PuTTY to connect your server. Open PuTTY, go to the left side of the PuTTY terminal and find the Connection branch to connect. Then, expand the SSH branch and click on Tunnels. On the Options controlling SSH port forwarding screen, enter 59000 as the Source Port and localhost:5901 as the Destination:

VNC image 1

Keep all the options unchanged, click on Add, and then Apply to implement the tunnel. Once the tunnel starts, use a VNC client to connect to localhost: 59000. By default, you’ll be prompted to authenticate using the password we’ve created in Step-1. Once you connect, you’ll see the default Xfce desktop:

VNC 2

You can access and manage files in the home directory. Also, configure your VNC server to run as a systemd service.

Step 4— Run VNC as a Systemd Service

Setting up the VNC server to run as a systemd service allows server management. You are able to start, stop, restart or terminate, as per your convenience and needs. Every time the server boots up, you can use systemd management commands to verify whether the server is ON or OFF.

First, we’ll create a new unit file to specify the VNC display port we want to use when managing the services. Define a unit file:

You will find the @ symbol at the end of the file name, which allows you to pass an argument for using the service configuration.

Next, add the set of lines to the unit file. Rename the User, Group, WorkingDirectory, and the username in the value of PIDFILE:

If the VNC is already running, the ExecStartPre command will stop it. The ExecStart command starts VNC and sets the color depth to 24-bit color with a resolution of 1280×800. You can edit these startup options based on your requirement. Also, note that the ExecStart command again includes the -localhost option. Once done, save and close the unit file.

Next, introduce the new unit file with your system:

Turn ON the unit file:

The 1 following the @ sign signifies which display number the service should appear over. In our case, it is the default :1 as was discussed in Step-2. If the VNC is still running, you can stop the current instance of the VNC server using the kill command:

Then, start it as you would start any other systemd service:

You can verify that it started with this command:

You’ll see the output:

Your VNC server is now ready to use whenever your server boots up, and you can manage it with systemctl commands like any other systemd service. However, you’ll not see any difference on the client-side. To reconnect, start your SSH tunnel using:

You can once again make connections using your VNC client to localhost:59000 with your server.

Conclusion

Initially, setting up a VNC server may seem challenging, especially when you’re trying to connect with a new computer. Once you make a reliable connection, working with a remote computer will be fun and exciting. With a secured VNC server up and running on your Ubuntu 20.04 server, you can easily manage your resources, files, software, and settings with a user-friendly graphical interface. The use of excessive bandwidth is perhaps one downside of using VNC. You can overcome it by using low-resolution and greyscale screens for a speedier transfer.

Happy Computing!