How to Install VNCSERVER, VNC on Linux Server bring virtual desktop to Windows RDS Clients
Virtual Network Computing – This tutorial describes how to deploy vncserver on Fedora, CentOS and RHEL. VNC or Virtual Network Computing is a graphical desktop that allows to control a host computer (Terminalserver) remotely from a client computer. A VNC server redirects the keyboard and mouse entry from the client computer (VNC viewer) to the host computer, like known from Windows Remote Desktop Protocol RDP also known as Remote Desktop Services RDS.
This guide explain on how to set up a VNC server on CentOS 7 prepare with minimal installation and running as virtual machine. The server installation are based on Linux Mate workspace, however setup and configure VNC server using TigerVNC.
Contents
- System Prepare
- Install Mate Desktop and TigerVNC
- Initial VNC Configuration
- Configure TigerVNC
- Run TigerVNC as a Service
- Connect VNC Server Through SSH Tunnel
- Download and using VNC clients
- Appendix & Troubleshooting
Prerequisites
- CentOS 7 or Fedora 29
- Root access privileges
1. System Prepare
Before deploing the VNC server, update your CentOS using the Yellowdog Updater Modified – yum:
yum update -y
The VNC desktop will be available for a non-root user, thus we create a new user and add it to the wheel group for root access.
Add a new user using the following command. Belong we choose the username vncuser he will get this job:
useradd -m -s /bin/bash vncuser
passwd vncuser
Enter a new password for vncuser.
Now add the user to wheel group able to gain root access.
usermod -a -G wheel vncuser
After all done, login as vncuser and then run sudo su:
su - vncuser
sudo su
Enter the password for vncuser and make sure you elevated root:
2 . Install Mate Desktop and TigerVNC
Linux provide several desktop environments such as Gnome, KDE, LXDE, XFCE and many more. In this guide, we will be using the Mate desktop as VNC desktop workspace. Mate desktop is a lightweight and a continuation of Gnome desktop that is well suited for a server environment.
Note. you can have more than just one desktop environment on your system.
Before installing the Mate desktop, add the EPEL repository. Now we are ready to deploy the Mate desktop workspace and TigerVNC server by running yum below:
yum -y install epel-release
yum groupinstall "Mate Desktop" -y
yum -y install tigervnc-server tigervnc-server-minimal
That takes a while, wait until the installation is complete.
The Mate desktop workspace with TigerVNC has been deployed.
3. Initial VNC Configuration
This step will generate the vnc configuration for the vncuser. Login as the vncuser:
su - vncuser
Now initiate the vnc configuration for vncuser using the following command:
vncserver
You’ll be asked for the vnc server password – enter your password, this can by the same or any other.
You will require a password to access your desktops.
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
New 'vm068.local:1 (vncuser)' desktop is vm068.ae.local:1
Creating default startup script /home/vncuser/.vnc/xstartup
Creating default config /home/vncuser/.vnc/config
Starting applications specified in /home/vncuser/.vnc/xstartup
Log file is /home/vncuser/.vnc/vm068.local:1.log
For view-only password, you can enable or disable it do hit y or n. The user who logs in to the server using a view-only password will not be able to control the mouse and keyboard.
The first time we run the vncserver, it will automatically create a new configuration directory .vnc during the first vnc startup.
ls -Al ~/.vnc
vncserver -list
Now you’ll get the first vnc session waked up as shown below:
$ ls -Al ~/.vnc
total 68
-rw-r--r--. 1 vncuser vncuser 332 20. Apr 07:10 config
-rw-------. 1 vncuser vncuser 8 20. Apr 07:18 passwd
-rw-r--r-- 1 vncuser vncuser 49162 20. Apr 07:21 vm068.local:1.log
-rw-r--r-- 1 vncuser vncuser 5 20. Apr 07:20 vm068.local:1.pid
-rwxr-xr-x 1 vncuser vncuser 360 20. Apr 07:02 xstartup
$ vncserver -list
TigerVNC server sessions:
X DISPLAY # PROCESS ID
:1 1988
4. Configure TigerVNC
In here we will configure the VNC server for using the Mate desktop, modify the VNC configuration file xstartup under the .vnc directory.
Before editing the vnc configuration file, stop the first vnc session by run with kill option:
vncserver -kill :1
Now backup the default configuration and create a new one by using the editor vim or nano.
mv ~/.vnc/xstartup ~/.vnc/xstartup.bak
vi ~/.vnc/xstartup
Paste the content bolow into the configuration file xstartup:
#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
exec /usr/bin/mate-session &
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
Make the xstartup script executable and run the vncserver command again:
chmod +x ~/.vnc/xstartup
vncserver
vncserver -list
Next, copy the default Xresources configuration to the vncuser’s home directory:
cp /etc/X11/Xresources ~/.Xresources
5. Running TigerVNC as a Service
In this tutorial, we will run the VNC server as a service, for this purpose we need to create a new service file.
SELinux is preventing tigervnc-server from starting, as we notice on fedora, selinux denial prevents daemon from starting, so we run setenforce 0.
sudo setenforce 0
Create new service file vncserver@.service to the /etc/systemd/system directory:
sudo vi /etc/systemd/system/vncserver@.service
Paste the lines into configuration file vncserver@.service below:
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=forking
User=vncuser
PIDFile=/home/vncuser/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 32 -geometry 1360x768 :%i
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.target
Now reload systemd and start the VNC server. Finally we make the VNC service permanently available.
systemctl daemon-reload
systemctl start vncserver@1.service
systemctl enable vncserver@1.service
Check using the vncserver command as shown next:
su - vncuser
vncserver -list
Permit access through the firewall, enter the policy below:
firewall-cmd --add-service=vnc-server --permanent
firewall-cmd --reload
Done!
VNC Server installation and deploying has been completed.
6. Connect VNC Server Through SSH
Finally, we want to encrypt the connection to the VNC server, terminated by an SSH tunnel between both ends.
Note. this option for encrypted connection, we all love privacy.
Open a terminal by hit ALT + F2 and type in mate-terminal, use the following ssh command as shown next:
ssh -L 5901:127.0.0.1:5901 -N -f -l vncuser 192.168.69.68
The command open up a tunnel between your localhost and the VNC server. The port 5901 on localhost will be forwarded to the VNC server 192.168.69.68 on port 5901.
Now open vnc viewer application and start a new connection, type the VNC server address with the 127.0.0.1 localhost IP and port 5901 as shown below. Please remember, the password is what we have previously entered with vncpasswd
7. Download and using VNC clients
VNC viewer are available even as several free pakages for Linux, Windows and macOS clients.
Using vncviewer on Linux Gnome Desktop, the following command open a VNC session.
gvncviewer 192.168.69.68:1
Congratulations you made your first VNC session.
VNC clients are collected here and can be visited and downloaded via the links below:
TigerVNC: https://tigervnc.org/
UltraVNC: http://www.uvnc.com/
TightVNC: https://www.tightvnc.com/
RealVNC: https://www.realvnc.com/
8. Appendix & Troubleshooting
Check the vncserver is up and running, use the command below:
sudo systemctl status vncserver@1.service
In the output you should see Active: active (running)
To detect possible errors or warnings, the X11 server log can be consulted at:
tail -f ~/.vnc/$HOSTNAME:1.log
The following ports should be listening on, determine which ports active listening are with this:
netstat -tulpn
For CentOS 7.x and Fedora the command show below:
ss -tun | grep 5901
The output should looks like similary this.
tcp ESTAB 0 0 192.168.69.68:5901 192.168.69.67:61609
Check the firewall it permit incoming VNC connections:
sudo iptables -vnL | grep 590
firewall-cmd --list-all | grep vnc-server
The output show similary below:
$ sudo iptables -vnL | grep 590
[sudo] Passwort for vncuser:
9915 516K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5900:5903 ctstate NEW,UNTRACKED
$ firewall-cmd --list-all | grep vnc-server
services: dhcpv6-client samba-client ssh vnc-server
If appears a black screen after successful connect from vncviewer, this cause often at the X11 cache, solve this by shutdown all vncserver instances and reset the X11 server cache, like use the command below:
$ sudo rm -rf /tmp/X11-unix
$ sudo rm -rf /tmp/.XIM-unix
$ sudo rm -f /tmp/.X?-lock
$ sudo rm -f /tmp/.X1024-lock
If the vncserver couldn’t start in case of failed state, cause can be if SELinux is set to enforced, but SELinux blocks the access to such systemd pid file. Modify SELinux to permissive that prints warnings instead of enforcing.
$ vi /etc/selinux/config
SELINUX=permissive
Regarding SELinux, on Centos this fixed the SELinux problems *without* setting enforce=0 (which is not an option for some due to security concerns):
/sbin/restorecon -Rv /home/steinhh/.vnc
This sets ~/.vnc to type xdm_home_t, which works for me.