Tutorial
How to Install and Configure VNC on Ubuntu 16.04
Not using Ubuntu 16.04?Choose a different version or distribution.
###Introduction
VNC, or “Virtual Network Computing”, is a connection system that allows you to use your keyboard and mouse to interact with a graphical desktop environment on a remote server. It makes managing files, software, and settings on a remote server easier for users who are not yet comfortable with the command line.
In this guide, we will be setting up VNC on an Ubuntu 16.04 server and connecting to it securely through an SSH tunnel. The VNC server we will be using is TightVNC, a fast and lightweight remote control package. This choice will ensure that our VNC connection will be smooth and stable even on slower internet connections.
##Prerequisites
To complete this tutorial, you’ll need:
-
An Ubuntu 16.04 Droplet set up via the Ubuntu 16.04 initial server setup tutorial, which includes having a sudo non-root user. Note that this tutorial can be completed using any size Droplet, but a VNC built on a smaller droplet may have more limits on functionality than a larger one.
-
A local computer with a VNC client installed that supports VNC connections over SSH tunnels. If you are using Windows, you could use TightVNC, RealVNC, or UltraVNC. Mac OS X users can use the built-in Screen Sharing program, or can use a cross-platform app like RealVNC. Linux users can choose from many options:
vinagre,krdc, RealVNC, TightVNC, and more.
##Step 1 — Installing the Desktop Environment and VNC Server
By default, an Ubuntu 16.04 Droplet does not come with a graphical desktop environment or a VNC server installed, so we’ll begin by installing those. Specifically, we will install packages for the latest Xfce desktop environment and the TightVNC package available in the official Ubuntu repository.
On your server, install the Xfce and TightVNC packages.
To complete the VNC server’s initial configuration after installation, use the vncserver command to set up a secure password.
You’ll be prompted to enter and verify a password, and also a view-only password. Users who log in with the view-only password will not be able to control the VNC instance with their mouse or keyboard. This is a helpful option if you want to demonstrate something to other people using your VNC server, but isn’t necessary.
Running vncserver completes the installation of VNC by creating default configuration files and connection information for our server to use. With these packages installed, you are now ready to configure your VNC server.
##Step 2 — Configuring the VNC Server
First, we need to tell our VNC server what commands to perform when it starts up. These commands are located in a configuration file called xstartup in the .vnc folder under your home directory. The startup script was created when you ran the vncserver in the previous step, but we need modify some of the commands for the Xfce desktop.
When VNC is first set up, it launches a default server instance on port 5901. This port is called a display port, and is referred to by VNC as :1. VNC can launch multiple instances on other display ports, like :2, :3, etc. When working with VNC servers, remember that :X is a display port that refers to 5900+X.
Because we are going to be changing how the VNC server is configured, we’ll need to first stop the VNC server instance that is running on port 5901.
The output should look like this, with a different PID:
OutputKilling Xtightvnc process ID 17648
Before we begin configuring the new xstartup file, let’s back up the original.
Now create a new xstartup file with nano or your favorite text editor.
Paste these commands into the file so that they are performed automatically whenever you start or restart the VNC server, then save and close the file.
~/.vnc/xstartup#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &
The first command in the file, xrdb $HOME/.Xresources, tells VNC’s GUI framework to read the server user’s .Xresources file. .Xresources is where a user can make changes to certain settings of the graphical desktop, like terminal colors, cursor themes, and font rendering. The second command simply tells the server to launch Xfce, which is where you will find all of the graphical software that you need to comfortably manage your server.
To ensure that the VNC server will be able to use this new startup file properly, we’ll need to grant executable privileges to it.
Now, restart the VNC server.
The server should be started with an output similar to this:
OutputNew 'X' desktop is your_server_name.com:1
Starting applications specified in /home/sammy/.vnc/xstartup
Log file is /home/sammy/.vnc/liniverse.com:1.log
##Step 3 — Testing the VNC Desktop
In this step, we’ll test the connectivity of your VNC server.
First, we need to create an SSH connection on your local computer that securely forwards to the localhost connection for VNC. You can do this via the terminal on Linux or OS X with following command. Remember to replace user and server_ip_address with the sudo non-root username and IP address of your server.
If you are using a graphical SSH client, like PuTTY, use server_ip_address as the connection IP, and set localhost:5901 as a new forwarded port in the program’s SSH tunnel settings.
Next, you may now use a VNC client to attempt a connection to the VNC server at localhost:5901. You’ll be prompted to authenticate. The correct password to use is the one you set in Step 1.
Once you are connected, you should see the default Xfce desktop. It should look something like this:
You can access files in your home directory with the file manager or from the command line, as seen here:
##Step 4 — Creating a VNC Service File
Next, we’ll set up the VNC server as a systemd service. This will make it possible to start, stop, and restart it as needed, like any other systemd service.
First, create a new unit file called /etc/systemd/system/vncserver@.service using your favorite text editor:
Copy and paste the following into it. Be sure to change the value of User and the username in the value of PIDFILE to match your username.
/etc/systemd/system/vncserver@.service[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target
[Service]
Type=forking
User=sammy
PAMName=login
PIDFile=/home/sammy/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :%i
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.target
Save and close the file.
Next, make the system aware of the new unit file.
Enable the unit file.
The 1 following the @ sign signifies which display number the service should appear over, in this case the default :1 as was discussed above.
Stop the current instance of the VNC server if it’s still running.
Then start it as you would start any other systemd service.
You can verify that it started with this command:
If it started correctly, the output should look like this:
vncserver@1.service - TightVNC server on Ubuntu 16.04
Loaded: loaded (/etc/systemd/system/vncserver@.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2016-04-25 03:21:34 EDT; 6s ago
Process: 2924 ExecStop=/usr/bin/vncserver -kill :%i (code=exited, status=0/SUCCESS)
...
systemd[1]: Starting TightVNC server on Ubuntu 16.04...
systemd[2938]: pam_unix(login:session): session opened for user finid by (uid=0)
systemd[2949]: pam_unix(login:session): session opened for user finid by (uid=0)
systemd[1]: Started TightVNC server on Ubuntu 16.04.
##Conclusion
You should now have a secured VNC server up and running on your Ubuntu 16.04 server. Now you’ll be able to manage your files, software, and settings with an easy-to-use and familiar graphical interface.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
About the author(s)
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
Get our newsletter
Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.
New accounts only. By submitting your email you agree to our Privacy Policy
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Awesome, worked like a charm. I would like to note, though, that I did not need step 3 (tunneling via PuTTY) – I was able to connect directly to my droplet ( IP:port ) using VNC Viewer. Thank you!
You are missing the key point here: accessing your server over an unencrypted connection is Not A Good Idea™.
This comment has been deleted
I agree with gunbert , not only that the other key point is the use of resources in VNC: bandwidth, + CPU + RAM.
not works
um, the whole point of tunneling is a secure connection, not a need to do so.
Thank you for the great article. I especially like how you always provide a little more information than essentially necessary to accomplish the goal.
This way you enable us to see the context - I really enjoyed it.
How do I enable clipboard-sharing after following these instructions?
Hey @pikadudeno1 so what I discovered was I had to put the following lines in either my ~/.vnc/xstartup or a .bashrc file:
autocutsel -fork
Hope this helps.
sudo systemctl enable vncserver@1.serviceshould be?
sudo systemctl enable vncserver@.serviceor not, @1 means its a parameter “1” that is passed to the service, so to start a service on display 1? Can I use
sudo systemctl enable vncserver@1.servicesudo systemctl enable vncserver@2.servicesudo systemctl enable vncserver@3.serviceTo have 3 vnc displays running?
Excellent Tutorial!! I got “connection refused” on ssh command in Step 3. It may be due to I tried to set up xRDP before.
me too
sudo systemctl daemon-reload
sudo: systemctl: command not found
So … now ?
Based on that information you are not running systemd.
Side note: It’s good to see Ubuntu finally decided to go with systemd.
If I were you I would verify that you are running Ubuntu 16.04 (or some other similar systemd variant).
It is incredibly important to think logically about this sort of thing when it happens. I guarantee you that this is not going to be the last time that something like this will happen. My usual troubleshooting steps are:
This is really what separates the the Linux Admins from the rage clicking Windows Users. If you implement this into your methodology people we be more likely to help you when you have an issue.
Hope that this helps you out.
Best Regards, Robert J.
and now? vinagre? how?
Can you offer more details about the SSH tunnel settings? I can’t get this working with PuttY
EDIT: Found a better description here: http://www.liquidweb.com/kb/how-to-configure-a-vnc-server-to-use-an-ssh-tunnel-on-ubuntu-14-04-lts/
To Connect via PuTTy
Under Connection -> SSH -> Tunnels add:
Source port: 5901 Destination: localhost:5901
And connect to your server at its IP address and port 22 via PuTTY.
And then connect to localhost:5901 via a VNC viewer such as TightVNC.
I got stuck at this point to, i have tried the above but I’m getting “Remote machine actively refused connection” (paraphrasing).
I can connect if I open VNC viewer and connect to my_server_ip:5901 but I can get it to work with localhost.
I followed these instructions:
http://www.mit.edu/~avp/lqcd/ssh-vnc.html
call vncserver using: vncserver :7 -geometry 1364x766 -localhost
the -localhost argument makes it so the tightvnc server only accepts connections from itself (127.0.0.1)-- now people can’t try to brute force their way in by accessing (server IP):1 or whatever.
In puTTy, I used: Source port: 5902 Destination: 127.0.0.1:5907
In tightVNC, I used: localhost:2
guys I have same issue, it won’t connect. Anyone can help? :(
or in a command prompt (Great for batch files)
putty -i C:\path\to\privatekey.ppk -L 5901:127.0.0.1:5901 root@droplet1IP
If you have multiple droplets you can change the first port number to something else:
putty -i C:\path\to\privatekey.ppk -L 5902:127.0.0.1:5901 root@droplet2IP
You can now access droplet1 on localhost:5901 and droplet2 on localhost:5902
Dead simple. The GUI of PuTTY for this stuff is less than intuitive
Hmm when I login with the tunneling, it just throws me into a normal SSH session. Is it because I’m using ssl keys login ? Does this effect what happens?
Heya,
Would you clarify that the
sshtunnel command simply logs you into a normal ssh session?Once the tunnel is created you can use a VNC client to access the server.
I have 3 problems
I have an error
I update with sudo apt-get update but problem persist
Error Log
how can i login into VNC changing user from root to normal user in ubuntu 16,04?
Some UI XFCE4 elements are missed - why happens? sudo apt install xfce4 xfce4-goodies tightvncserver command is uncomplete?
I solve with this plus command
me too, how fix 1)?
You can examine the journal logs to get additional information about the issue.
journalctl -xe | grep vncserver@1Regards
Heya
To get more information about the error, you should check the service status and journal logs using the following commands:
This will provide more details about the error and help you diagnose the issue.