Virtual Network Computing (VNC) is a graphical desktop sharing system that allows you to use your keyboard and mouse to remotely control another computer. It is an open source alternative to Microsoft Remote Desktop Protocol (RDP).
This article explains how to install and configure a VNC server on Ubuntu 20.04. We will also show you how to securely connect to the VNC server via an SSH tunnel.
Install desktop environment
Ubuntu servers are managed from the command line and do not have a desktop environment installed by default. If you’re running the desktop version of Ubuntu, skip this step.
Various desktop environments are available in Ubuntu repositories. One way is to install Gnome, the standard desktop environment in Ubuntu 20.04. Another option is installation Xfce
. It’s a fast, stable, and lightweight desktop environment that makes it ideal for use on a remote server.
In this tutorial we install Xfce. Enter the following commands as a user with sudo rights:
sudo apt update
sudo apt install xfce4 xfce4-goodies
Depending on your system, downloading and installing Xfce packages may take some time.
Install VNC server
There are several different VNC servers available in Ubuntu repositories such as: TightVNC
, and x11vnc
. Each VNC server has different strengths and weaknesses in terms of speed and security.
We will install TigerVNC. It is an actively maintained high-performance VNC server. Enter the following command to install the package:
sudo apt install tigervnc-standalone-server
Configure VNC access
Once the VNC server is installed, the next step is to create the initial user configuration and set up the password.
Set the user password with the
vncpasswd Command. Don’t use sudo when running the following command:
You will be prompted for and confirm the password and whether to set it as a read-only password. If you set a read-only password, the user will not be able to use the mouse and keyboard to interact with the VNC instance.
Password: Verify: Would you like to enter a view-only password (y/n)? n
The password file is saved in
~/.vnc Directory that is created if it does not exist.
Next we need to configure TigerVNC to use Xfce. To do this, create the following file:
#!/bin/sh unset SESSION_MANAGER unset DBUS_SESSION_BUS_ADDRESS exec startxfce4
Save and close the file. The above commands are automatically executed when you start or restart the TigerVNC server.
~/.vnc/xstartup The file must also have execute permissions. Use the
Command to set file permissions:
chmod u+x ~/.vnc/xstartup
If you have to pass Additional options
to the VNC server, create a file called
config and add one option per line. Here is an example:
You can now access the VNC server via the
New 'server2.linuxize.com:1 (linuxize)' desktop at :1 on machine server2.linuxize.com Starting applications specified in /home/linuxize/.vnc/xstartup Log file is /home/linuxize/.vnc/server2.linuxize.com:1.log Use xtigervncviewer -SecurityTypes VncAuth -passwd /home/linuxize/.vnc/passwd :1 to connect to the VNC server.
:1 after the host name in the output above. This indicates the number of the display port that the vnc server is running on. In this example the server is running on the TCP port
5901 (5900 + 1). If you create a second instance with
vncserver it is executed on the next free port, ie
:2which means that the server is running on port
5902 (5900 + 2).
It’s important to remember that when working with VNC servers
:X is a display port that focuses on. relates
You can get a list of all the VNC sessions currently running by typing:
TigerVNC server sessions: X DISPLAY # RFB PORT # PROCESS ID :1 5901 5710
Before proceeding to the next step, stop the VNC instance with the
vncserver Command with a
-kill Option and the server number as an argument. In this example the server is running on port 5901 (
:1) so we end it with:
vncserver -kill :1
Killing Xtigervnc process ID 5710... success!
Create a systemd unit file
Instead of starting the VNC session manually, we’re going to create a systemd unit file so that you can start, stop, and restart the VNC service as needed.
Open your text editor and copy and paste the following configuration. Make sure to change the username on line 7 to match your username.
sudo nano /etc/systemd/system/[email protected]
[Unit] Description=Remote desktop service (VNC) After=syslog.target network.target [Service] Type=simple User=linuxize PAMName=login PIDFile=/home/%u/.vnc/%H%i.pid ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill :%i > /dev/null 2>&1 || :' ExecStart=/usr/bin/vncserver :%i -geometry 1440x900 -alwaysshared -fg ExecStop=/usr/bin/vncserver -kill :%i [Install] WantedBy=multi-user.target
Save and close the file.
Notify systemd that a new unit file will be created:
sudo systemctl daemon-reload
Enable the service to start at boot:
sudo systemctl enable [email protected]
1 after this
@ sign defines the display port on which the VNC service is executed. This means that the VNC server is listening on port
5901as we discussed in the previous section.
Start the VNC service by running:
sudo systemctl start [email protected]
Check if the service started successfully with:
sudo systemctl status [email protected]
● [email protected] - Remote desktop service (VNC) Loaded: loaded (/etc/systemd/system/[email protected]; enabled; vendor preset: enabled) Active: active (running) since Fri 2021-03-26 20:00:59 UTC; 3s ago ...
Establish a connection to the VNC server
VNC is not an encrypted protocol and can be subject to packet sniffing. The recommended approach is to create an SSH tunnel and securely forward traffic from your local computer on port 5901 to the server on the same port.
Set up SSH tunneling on Linux and macOS
If you’re running Linux, macOS, or any other Unix-based operating system on your computer, you can easily create an SSH tunnel with the following command:
ssh -L 5901:127.0.0.1:5901 -N -f -l vagrant 192.168.33.10
You will be asked to enter the user password.
Make sure you replace
server_ip_address with your username and the IP address of your server.
Set up SSH tunneling under Windows
If you’re running Windows, you can use the PuTTY SSH client
Open Putty and put your server IP address in the
Host name or IP address Area.
Connection Menu, box, expand
SSH, and choose
Tunnels. Enter the VNC server port (
5901) by doing
Source Port Field and enter
server_ip_address:5901 by doing
Destination Field and click on the
Add Button as shown in the picture below:
Go back to the
Session Page to save the settings so that you don’t have to re-enter them every time. To the remote server, select the saved session and click the
Connect with Vncviewer
After the SSH tunnel has been created, it is time to open your Vncviewer and connect to the VNC server
You can use any VNC viewer like TigerVNC, TightVNC, RealVNC, UltraVNC, Vinagre and VNC viewer for Google Chrome.
We will be using TigerVNC. Open the viewer, enter
localhost:5901, and click the
Enter your user password when prompted and you should see the default Xfce desktop. It will look something like this:
You can interact with the remote XFCE desktop from your local computer using your keyboard and mouse.
We showed you how to install and configure a VNC server on Ubuntu 20.04.
To configure your VNC server so that it starts a display for more than one user, create the initial configuration and set up the password with the
vncpasswd Command. You will also need to create a new service file with a different port.
Feel free to leave a comment if you have any questions.