How to Install VNCSERVER

()

How to Install VNCSERVER, VNC on Linux Server bring virtual desktop to Windows RDS Clients

Virtual Network Computing – This tutorial describes how to deploy vncserver on Fedora, CentOS and RHEL. VNC or Virtual Network Computing is a graphical desktop that allows to control a host computer (Terminalserver) remotely from a client computer. A VNC server redirects the keyboard and mouse entry from the client computer (VNC viewer) to the host computer, like known from Windows Remote Desktop Protocol RDP also known as Remote Desktop Services RDS.

This guide explain on how to set up a VNC server on CentOS 7 prepare with minimal installation and running as virtual machine. The server installation are based on Linux Mate workspace, however setup and configure VNC server using TigerVNC.

Contents

  1. System Prepare
  2. Install Mate Desktop and TigerVNC
  3. Initial VNC Configuration
  4. Configure TigerVNC
  5. Run TigerVNC as a Service
  6. Connect VNC Server Through SSH Tunnel
  7. Download and using VNC clients
  8. Appendix & Troubleshooting

Prerequisites

  • CentOS 7 or Fedora 29
  • Root access privileges

1. System Prepare

Before deploing the VNC server, update your CentOS using the Yellowdog Updater Modified – yum:

yum update -y

The VNC desktop will be available for a non-root user, thus we create a new user and add it to the wheel group for root access.

Add a new user using the following command. Belong we choose the username vncuser he will get this job:

useradd -m -s /bin/bash vncuser
passwd vncuser

Enter a new password for vncuser.

Now add the user to wheel group able to gain root access.

usermod -a -G wheel vncuser

After all done, login as vncuser and then run sudo su:

su - vncuser
sudo su

Enter the password for vncuser and make sure you elevated root:

2 . Install Mate Desktop and TigerVNC

Linux provide several desktop environments such as Gnome, KDE, LXDE, XFCE and many more. In this guide, we will be using the Mate desktop as VNC desktop workspace. Mate desktop is a lightweight and a continuation of Gnome desktop that is well suited for a server environment.

 Note. you can have more than just one desktop environment on your system.

Before installing the Mate desktop, add the EPEL repository. Now we are ready to deploy the Mate desktop workspace and TigerVNC server by running yum below:

yum -y install epel-release
yum groupinstall "Mate Desktop" -y
yum -y install tigervnc-server tigervnc-server-minimal

That takes a while, wait until the installation is complete.
The Mate desktop workspace with TigerVNC has been deployed.

3. Initial VNC Configuration

This step will generate the vnc configuration for the vncuser. Login as the vncuser:

su - vncuser

Now initiate the vnc configuration for vncuser using the following command:

vncserver

You’ll be asked for the vnc server password – enter your password, this can by the same or any other.

You will require a password to access your desktops.

Password:
Verify:
Would you like to enter a view-only password (y/n)? n

New 'vm068.local:1 (vncuser)' desktop is vm068.ae.local:1

Creating default startup script /home/vncuser/.vnc/xstartup
Creating default config /home/vncuser/.vnc/config
Starting applications specified in /home/vncuser/.vnc/xstartup
Log file is /home/vncuser/.vnc/vm068.local:1.log

 For view-only password, you can enable or disable it do hit y or n. The user who logs in to the server using a view-only password will not be able to control the mouse and keyboard.

The first time we run the vncserver, it will automatically create a new configuration directory .vnc during the first vnc startup.

ls -Al ~/.vnc
vncserver -list

Now you’ll get the first vnc session waked up as shown below:

$ ls -Al ~/.vnc
total 68
-rw-r--r--. 1 vncuser vncuser   332 20. Apr 07:10 config
-rw-------. 1 vncuser vncuser     8 20. Apr 07:18 passwd
-rw-r--r--  1 vncuser vncuser 49162 20. Apr 07:21 vm068.local:1.log
-rw-r--r--  1 vncuser vncuser     5 20. Apr 07:20 vm068.local:1.pid
-rwxr-xr-x  1 vncuser vncuser   360 20. Apr 07:02 xstartup
$ vncserver -list

TigerVNC server sessions:

X DISPLAY #	PROCESS ID
:1		1988

4. Configure TigerVNC

In here we will configure the VNC server for using the Mate desktop, modify the VNC configuration file xstartup under the .vnc directory.

Before editing the vnc configuration file, stop the first vnc session by run with kill option:

vncserver -kill :1

Now backup the default configuration and create a new one by using the editor vim or nano.

mv ~/.vnc/xstartup ~/.vnc/xstartup.bak
vi ~/.vnc/xstartup

Paste the content bolow into the configuration file xstartup:

#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
exec /usr/bin/mate-session &
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &

Make the xstartup script executable and run the vncserver command again:

chmod +x ~/.vnc/xstartup
vncserver
vncserver -list

Next, copy the default Xresources configuration to the vncuser‘s home directory:

cp /etc/X11/Xresources ~/.Xresources

5. Running TigerVNC as a Service

In this tutorial, we will run the VNC server as a service, for this purpose we need to create a new service file.

SELinux is preventing tigervnc-server from starting, as we notice on fedora, selinux denial prevents daemon from starting, so we run setenforce 0.

sudo setenforce 0

Create new service file vncserver@.service to the /etc/systemd/system directory:

sudo vi /etc/systemd/system/vncserver@.service

Paste the lines into configuration file vncserver@.service below:

[Unit]
 Description=Remote desktop service (VNC)
 After=syslog.target network.target

 [Service]
 Type=forking
 User=vncuser
 PIDFile=/home/vncuser/.vnc/%H:%i.pid
 ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
 ExecStart=/usr/bin/vncserver -depth 32 -geometry 1360x768 :%i
 ExecStop=/usr/bin/vncserver -kill :%i

 [Install]
 WantedBy=multi-user.target

Now reload systemd and start the VNC server. Finally we make the VNC service permanently available.

systemctl daemon-reload
systemctl start vncserver@1.service
systemctl enable vncserver@1.service

Check using the vncserver command as shown next:

su - vncuser
vncserver -list

Permit access through the firewall, enter the policy below:

firewall-cmd --add-service=vnc-server --permanent
firewall-cmd --reload

Done!
VNC Server installation and deploying has been completed.

6. Connect VNC Server Through SSH

Finally, we want to encrypt the connection to the VNC server, terminated by an SSH tunnel between both ends.

  Note. this option for encrypted connection, we all love privacy.

Open a terminal by hit ALT + F2 and type in mate-terminal, use the following ssh command as shown next:

ssh -L 5901:127.0.0.1:5901 -N -f -l vncuser 192.168.69.68

The command open up a tunnel between your localhost and the VNC server. The port 5901 on localhost will be forwarded to the VNC server 192.168.69.68 on port 5901.

Now open vnc viewer application and start a new connection, type the VNC server address with the 127.0.0.1 localhost IP and port 5901 as shown below. Please remember, the password is what we have previously entered with vncpasswd

7. Download and using VNC clients

VNC viewer are available even as several free pakages for Linux, Windows and macOS clients.

How to Install VNCSERVER

Using vncviewer on Linux Gnome Desktop, the following command open a VNC session.

 gvncviewer 192.168.69.68:1

Congratulations you made your first VNC session.

How to Install VNCSERVER
Mate desktop on VNC session

VNC clients are collected here and can be visited and downloaded via the links below:

TigerVNC: https://tigervnc.org/
UltraVNC: http://www.uvnc.com/
TightVNC: https://www.tightvnc.com/
RealVNC: https://www.realvnc.com/

How to Install VNCSERVER

8. Appendix & Troubleshooting

Check the vncserver is up and running, use the command below:

sudo systemctl status vncserver@1.service

In the output you should see Active: active (running)

To detect possible errors or warnings, the X11 server log can be consulted at:

tail -f ~/.vnc/$HOSTNAME:1.log

The following ports should be listening on, determine which ports active listening are with this:

netstat -tulpn

For CentOS 7.x and Fedora the command show below:

ss -tun | grep 5901

The output should looks like similary this.

tcp     ESTAB   0        0           192.168.69.68:5901      192.168.69.67:61609

Check the firewall it permit incoming VNC connections:

sudo iptables -vnL | grep 590
firewall-cmd --list-all | grep vnc-server

The output show similary below:

$ sudo iptables -vnL | grep 590
[sudo] Passwort for vncuser:
 9915  516K ACCEPT     tcp  --  *      *     0.0.0.0/0            0.0.0.0/0       tcp dpts:5900:5903 ctstate NEW,UNTRACKED
$ firewall-cmd --list-all | grep vnc-server
  services: dhcpv6-client samba-client ssh vnc-server

If appears a black screen after successful connect from vncviewer, this cause often at the X11 cache, solve this by shutdown all vncserver instances and reset the X11 server cache, like use the command below:

$ sudo rm -rf /tmp/X11-unix
$ sudo rm -rf /tmp/.XIM-unix
$ sudo rm -f /tmp/.X?-lock
$ sudo rm -f /tmp/.X1024-lock

If the vncserver couldn’t start in case of failed state, cause can be if SELinux is set to enforced, but SELinux blocks the access to such systemd pid file. Modify SELinux to permissive that prints warnings instead of enforcing.

$ vi /etc/selinux/config

SELINUX=permissive

  

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

One thought on “How to Install VNCSERVER”

  1. Regarding SELinux, on Centos this fixed the SELinux problems *without* setting enforce=0 (which is not an option for some due to security concerns):

    /sbin/restorecon -Rv /home/steinhh/.vnc

    This sets ~/.vnc to type xdm_home_t, which works for me.

Leave a Reply

Your email address will not be published. Required fields are marked *