// Tutorial //

How to Install and Configure VNC on Debian 9

Published on September 5, 2018
Default avatar
English
How to Install and Configure VNC on Debian 9
Not using Debian 9?Choose a different version or distribution.
Debian 9

Introduction

Virtual Network Computing, or VNC, is a connection system that allows you to use your keyboard and mouse to interact with a graphical desktop environment on a remote server. It makes managing files, software, and settings on a remote server easier for users who are not yet comfortable with the command line.

In this guide, you’ll set up a VNC server on a Debian 9 server and connect to it securely through an SSH tunnel. You’ll use TightVNC, a fast and lightweight remote control package. This choice will ensure that our VNC connection will be smooth and stable even on slower internet connections.

##Prerequisites

To complete this tutorial, you’ll need:

Step 1 — Installing the Desktop Environment and VNC Server

By default, a Debian 9 server does not come with a graphical desktop environment or a VNC server installed, so we’ll begin by installing those. Specifically, we will install packages for the latest Xfce desktop environment and the TightVNC package available in the official Debian repository.

On your server, update your list of packages:

  1. sudo apt update

Now install the Xfce desktop environment on your server:

  1. sudo apt install xfce4 xfce4-goodies

During the installation, you’ll be prompted to select your keyboard layout from a list of possible options. Choose the one that’s appropriate for your language and press Enter. The installation will continue.

Once that installation completes, install the TightVNC server:

  1. sudo apt install tightvncserver

To complete the VNC server’s initial configuration after installation, use the vncserver command to set up a secure password and create the initial configuration files:

  1. vncserver

You’ll be prompted to enter and verify a password to access your machine remotely:

Output
You will require a password to access your desktops. Password: Verify:

The password must be between six and eight characters long. Passwords more than 8 characters will be truncated automatically.

Once you verify the password, you’ll have the option to create a a view-only password. Users who log in with the view-only password will not be able to control the VNC instance with their mouse or keyboard. This is a helpful option if you want to demonstrate something to other people using your VNC server, but this isn’t required.

The process then creates the necessary default configuration files and connection information for the server:

Output
Would you like to enter a view-only password (y/n)? n xauth: file /home/sammy/.Xauthority does not exist New 'X' desktop is your_hostname:1 Creating default startup script /home/sammy/.vnc/xstartup Starting applications specified in /home/sammy/.vnc/xstartup Log file is /home/sammy/.vnc/your_hostname:1.log

Now let’s configure the VNC server.

##Step 2 — Configuring the VNC Server

The VNC server needs to know which commands to execute when it starts up. Specifically, VNC needs to know which graphical desktop it should connect to.

These commands are located in a configuration file called xstartup in the .vnc folder under your home directory. The startup script was created when you ran the vncserver in the previous step, but we’ll create our own to launch the Xfce desktop.

When VNC is first set up, it launches a default server instance on port 5901. This port is called a display port, and is referred to by VNC as :1. VNC can launch multiple instances on other display ports, like :2, :3, and so on.

Because we are going to be changing how the VNC server is configured, first stop the VNC server instance that is running on port 5901 with the following command:

  1. vncserver -kill :1

The output should look like this, although you’ll see a different PID:

Output
Killing Xtightvnc process ID 17648

Before you modify the xstartup file, back up the original:

  1. mv ~/.vnc/xstartup ~/.vnc/xstartup.bak

Now create a new xstartup file and open it in your text editor:

  1. nano ~/.vnc/xstartup

Commands in this file are executed automatically whenever you start or restart the VNC server. We need VNC to start our desktop environment if it’s not already started. Add these commands to the file:

~/.vnc/xstartup
#!/bin/bash xrdb $HOME/.Xresources startxfce4 &

The first command in the file, xrdb $HOME/.Xresources, tells VNC’s GUI framework to read the server user’s .Xresources file. .Xresources is where a user can make changes to certain settings of the graphical desktop, like terminal colors, cursor themes, and font rendering. The second command tells the server to launch Xfce, which is where you will find all of the graphical software that you need to comfortably manage your server.

To ensure that the VNC server will be able to use this new startup file properly, we’ll need to make it executable.

  1. sudo chmod +x ~/.vnc/xstartup

Now, restart the VNC server.

  1. vncserver

You’ll see output similar to this:

Output
New 'X' desktop is your_hostname:1 Starting applications specified in /home/sammy/.vnc/xstartup Log file is /home/sammy/.vnc/your_hostname:1.log

With the configuration in place, let’s connect to the server from our local machine.

Step 3 — Connecting the VNC Desktop Securely

VNC itself doesn’t use secure protocols when connecting. We’ll use an SSH tunnel to connect securely to our server, and then tell our VNC client to use that tunnel rather than making a direct connection.

Create an SSH connection on your local computer that securely forwards to the localhost connection for VNC. You can do this via the terminal on Linux or macOS with the following command:

  1. ssh -L 5901:127.0.0.1:5901 -C -N -l sammy your_server_ip

The -L switch specifies the port bindings. In this case we’re binding port 5901 of the remote connection to port 5901 on your local machine. The -C switch enables compression, while the -N switch tells ssh that we don’t want to execute a remote command. The -l switch specifies the remote login name.

Remember to replace sammy and your_server_ip with the sudo non-root username and IP address of your server.

If you are using a graphical SSH client, like PuTTY, use your_server_ip as the connection IP, and set localhost:5901 as a new forwarded port in the program’s SSH tunnel settings.

Once the tunnel is running, use a VNC client to connect to localhost:5901. You’ll be prompted to authenticate using the password you set in Step 1.

Once you are connected, you’ll see the default Xfce desktop.

VNC connection to Debian 9 serverSelect Use default config to configure your desktop quickly.

You can access files in your home directory with the file manager or from the command line, as seen here:

Files via VNC connection to Debian 9

On your local machine, press CTRL+C in your terminal to stop the SSH tunnel and return to your prompt. This will disconnect your VNC session as well.

Next let’s set up the VNC server as a service.

Step 4 — Running VNC as a System Service

Next, we’ll set up the VNC server as a systemd service so we can start, stop, and restart it as needed, like any other service. This will also ensure that VNC starts up when your server reboots.

First, create a new unit file called /etc/systemd/system/vncserver@.service using your favorite text editor:

  1. sudo nano /etc/systemd/system/vncserver@.service

The @ symbol at the end of the name will let us pass in an argument we can use in the service configuration. We’ll use this to specify the VNC display port we want to use when we manage the service.

Add the following lines to the file. Be sure to change the value of User, Group, WorkingDirectory, and the username in the value of PIDFILE to match your username:

/etc/systemd/system/vncserver@.service
[Unit] Description=Start TightVNC server at startup After=syslog.target network.target [Service] Type=forking User=sammy Group=sammy WorkingDirectory=/home/sammy PIDFile=/home/sammy/.vnc/%H:%i.pid ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1 ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :%i ExecStop=/usr/bin/vncserver -kill :%i [Install] WantedBy=multi-user.target

The ExecStartPre command stops VNC if it’s already running. The ExecStart command starts VNC and sets the color depth to 24-bit color with a resolution of 1280x800. You can modify these startup options as well to meet your needs.

Save and close the file.

Next, make the system aware of the new unit file.

  1. sudo systemctl daemon-reload

Enable the unit file.

  1. sudo systemctl enable vncserver@1.service

The 1 following the @ sign signifies which display number the service should appear over, in this case the default :1 as was discussed in Step 2…

Stop the current instance of the VNC server if it’s still running.

  1. vncserver -kill :1

Then start it as you would start any other systemd service.

  1. sudo systemctl start vncserver@1

You can verify that it started with this command:

  1. sudo systemctl status vncserver@1

If it started correctly, the output should look like this:

Output
● vncserver@1.service - Start TightVNC server at startup Loaded: loaded (/etc/systemd/system/vncserver@.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2018-09-05 16:47:40 UTC; 3s ago Process: 4977 ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :1 (code=exited, status=0/SUCCESS) Process: 4971 ExecStartPre=/usr/bin/vncserver -kill :1 > /dev/null 2>&1 (code=exited, status=0/SUCCESS) Main PID: 4987 (Xtightvnc) ...

Your VNC server will now be available when you reboot the machine.

Start your SSH tunnel again:

  1. ssh -L 5901:127.0.0.1:5901 -C -N -l sammy your_server_ip

Then make a new connection using your VNC client software to localhost:5901 to connect to your machine.

Conclusion

You now have a secured VNC server up and running on your Debian 9 server. Now you’ll be able to manage your files, software, and settings with an easy-to-use and familiar graphical interface, and you’ll be able to run graphical software like web browsers remotely.


Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in our Questions & Answers section, find tutorials and tools that will help you grow as a developer and scale your project or business, and subscribe to topics of interest.

Sign up
About the authors
Default avatar
Developer and author at DigitalOcean.

Default avatar
finid

author

Developer and author at DigitalOcean.

Still looking for an answer?

Was this helpful?

When connecting via the VNC viewer on another device, enter the password and it goes to a grey screen.

Desktop Environment: GNOME (As per default desktop environment of system) (startgnome instead of startxfce4).

How do I configure ~/.vnc/xstartup if I’m not using xfce4? Can someone please list options for other desktop environments.

Thanks Brian! I’m using TigerVNC (a fork of TightVNC) as my viewer. I found that I could simplify the connection process by letting TigerVNC create the SSH tunnel for me. To do this, I skipped the ssh -L ... step, and instead ran this from the command line:

$ vncviewer 127.0.0.1::5901 -via <serverIP>

IMO the “via” syntax is backwards, but it works!

how to start vncserver in display :0 ?

Thanks for the guide. Everything works except for “sudo systemctl enable vncserver@1.service” i get “chris@debian:~$ sudo systemctl enable vncserver@1.service Failed to enable unit: File vncserver@1.service: Invalid argument”