VNC on Linux Server bring virtual desktop to Windows RDS Clients
Virtual Network Computing – This tutorial describes how to deploy vncserver on Fedora, CentOS and RHEL. VNC or Virtual Network Computing is a graphical desktop that allows to control a host computer (Terminalserver) remotely from a client computer. A VNC server redirects the keyboard and mouse entry from the client computer (VNC viewer) to the host computer, like known from Windows Remote Desktop Protocol RDP also known as Remote Desktop Services RDS.
This guide explain on how to set up a VNC server on CentOS 7 prepare with minimal installation and running as virtual machine. The server installation are based on Linux Mate workspace, however setup and configure VNC server using TigerVNC.
- System Prepare
- Install Mate Desktop and TigerVNC
- Initial VNC Configuration
- Configure TigerVNC
- Run TigerVNC as a Service
- Connect VNC Server Through SSH Tunnel
- Download and using VNC clients
- Appendix & Troubleshooting
- CentOS 7 or Fedora 29
- Root access privileges
1. System Prepare
Before deploing the VNC server, update your CentOS using the Yellowdog Updater Modified – yum:
yum update -y
The VNC desktop will be available for a non-root user, thus we create a new user and add it to the wheel group for root access.
Add a new user using the following command. Belong we choose the username vncuser he will get this job:
useradd -m -s /bin/bash vncuser passwd vncuser
Enter a new password for vncuser.
Now add the user to wheel group able to gain root access.
usermod -a -G wheel vncuser
After all done, login as vncuser and then run sudo su:
su - vncuser sudo su
Enter the password for vncuser and make sure you elevated root:
2 . Install Mate Desktop and TigerVNC
Linux provide several desktop environments such as Gnome, KDE, LXDE, XFCE and many more. In this guide, we will be using the Mate desktop as VNC desktop workspace. Mate desktop is a lightweight and a continuation of Gnome desktop that is well suited for a server environment.
Note. you can have more than just one desktop environment on your system.
Before installing the Mate desktop, add the EPEL repository. Now we are ready to deploy the Mate desktop workspace and TigerVNC server by running yum below:
yum -y install epel-release yum groupinstall "Mate Desktop" -y yum -y install tigervnc-server tigervnc-server-minimal
That takes a while, wait until the installation is complete.
The Mate desktop workspace with TigerVNC has been deployed.
3. Initial VNC Configuration
This step will generate the vnc configuration for the vncuser. Login as the vncuser:
su - vncuser
Now initiate the vnc configuration for vncuser using the following command:
You’ll be asked for the vnc server password – enter your password, this can by the same or any other.
You will require a password to access your desktops. Password: Verify: Would you like to enter a view-only password (y/n)? n New 'vm068.local:1 (vncuser)' desktop is vm068.ae.local:1 Creating default startup script /home/vncuser/.vnc/xstartup Creating default config /home/vncuser/.vnc/config Starting applications specified in /home/vncuser/.vnc/xstartup Log file is /home/vncuser/.vnc/vm068.local:1.log
For view-only password, you can enable or disable it do hit y or n. The user who logs in to the server using a view-only password will not be able to control the mouse and keyboard.
The first time we run the vncserver, it will automatically create a new configuration directory .vnc during the first vnc startup.
ls -Al ~/.vnc vncserver -list
Now you’ll get the first vnc session waked up as shown below:
$ ls -Al ~/.vnc total 68 -rw-r--r--. 1 vncuser vncuser 332 20. Apr 07:10 config -rw-------. 1 vncuser vncuser 8 20. Apr 07:18 passwd -rw-r--r-- 1 vncuser vncuser 49162 20. Apr 07:21 vm068.local:1.log -rw-r--r-- 1 vncuser vncuser 5 20. Apr 07:20 vm068.local:1.pid -rwxr-xr-x 1 vncuser vncuser 360 20. Apr 07:02 xstartup $ vncserver -list TigerVNC server sessions: X DISPLAY # PROCESS ID :1 1988
4. Configure TigerVNC
In here we will configure the VNC server for using the Mate desktop, modify the VNC configuration file xstartup under the .vnc directory.
Before editing the vnc configuration file, stop the first vnc session by run with kill option:
vncserver -kill :1
Now backup the default configuration and create a new one by using the editor vim or nano.
mv ~/.vnc/xstartup ~/.vnc/xstartup.bak vi ~/.vnc/xstartup
Paste the content bolow into the configuration file xstartup:
#!/bin/sh unset SESSION_MANAGER unset DBUS_SESSION_BUS_ADDRESS exec /usr/bin/mate-session & [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic &
Make the xstartup script executable and run the vncserver command again:
chmod +x ~/.vnc/xstartup vncserver vncserver -list
Next, copy the default Xresources configuration to the vncuser‘s home directory:
cp /etc/X11/Xresources ~/.Xresources
5. Running TigerVNC as a Service
In this tutorial, we will run the VNC server as a service, for this purpose we need to create a new service file.
SELinux is preventing tigervnc-server from starting, as we notice on fedora, selinux denial prevents daemon from starting, so we run setenforce 0.
sudo setenforce 0
Create new service file vncserver@.service to the /etc/systemd/system directory:
sudo vi /etc/systemd/system/vncserver@.service
Paste the lines into configuration file vncserver@.service below:
[Unit] Description=Remote desktop service (VNC) After=syslog.target network.target [Service] Type=forking User=vncuser PIDFile=/home/vncuser/.vnc/%H:%i.pid ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1 ExecStart=/usr/bin/vncserver -depth 32 -geometry 1360x768 :%i ExecStop=/usr/bin/vncserver -kill :%i [Install] WantedBy=multi-user.target
Now reload systemd and start the VNC server. Finally we make the VNC service permanently available.
systemctl daemon-reload systemctl start email@example.com systemctl enable firstname.lastname@example.org
Check using the vncserver command as shown next:
su - vncuser vncserver -list
Permit access through the firewall, enter the policy below:
firewall-cmd --add-service=vnc-server --permanent firewall-cmd --reload
VNC Server installation and deploying has been completed.
6. Connect VNC Server Through SSH
Finally, we want to encrypt the connection to the VNC server, terminated by an SSH tunnel between both ends.
Note. this option for encrypted connection, we all love privacy.
Open a terminal by hit ALT + F2 and type in mate-terminal, use the following ssh command as shown next:
ssh -L 5901:127.0.0.1:5901 -N -f -l vncuser 192.168.69.68
The command open up a tunnel between your localhost and the VNC server. The port 5901 on localhost will be forwarded to the VNC server 192.168.69.68 on port 5901.
Now open vnc viewer application and start a new connection, type the VNC server address with the 127.0.0.1 localhost IP and port 5901 as shown below. Please remember, the password is what we have previously entered with vncpasswd
7. Download and using VNC clients
VNC viewer are available even as several free pakages for Linux, Windows and macOS clients.
Using vncviewer on Linux Gnome Desktop, the following command open a VNC session.
Congratulations you made your first VNC session.
VNC clients are collected here and can be visited and downloaded via the links below:
8. Appendix & Troubleshooting
Check the vncserver is up and running, use the command below:
sudo systemctl status email@example.com
In the output you should see Active: active (running)
To detect possible errors or warnings, the X11 server log can be consulted at:
tail -f ~/.vnc/$HOSTNAME:1.log
The following ports should be listening on, determine which ports active listening are with this:
For CentOS 7.x and Fedora the command show below:
ss -tun | grep 5901
The output should looks like similary this.
tcp ESTAB 0 0 192.168.69.68:5901 192.168.69.67:61609
Check the firewall it permit incoming VNC connections:
sudo iptables -vnL | grep 590 firewall-cmd --list-all | grep vnc-server
The output show similary below:
$ sudo iptables -vnL | grep 590 [sudo] Passwort for vncuser: 9915 516K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5900:5903 ctstate NEW,UNTRACKED $ firewall-cmd --list-all | grep vnc-server services: dhcpv6-client samba-client ssh vnc-server
If appears a black screen after successful connect from vncviewer, this cause often at the X11 cache, solve this by shutdown all vncserver instances and reset the X11 server cache, like use the command below:
$ sudo rm -rf /tmp/X11-unix $ sudo rm -rf /tmp/.XIM-unix $ sudo rm -f /tmp/.X?-lock $ sudo rm -f /tmp/.X1024-lock
If the vncserver couldn’t start in case of failed state, cause can be if SELinux is set to enforced, but SELinux blocks the access to such systemd pid file. Modify SELinux to permissive that prints warnings instead of enforcing.
$ vi /etc/selinux/config SELINUX=permissive