Tutorial
How to Install and Configure VNC on Ubuntu 18.04
Not using Ubuntu 18.04?Choose a different version or distribution.
Introduction
Virtual Network Computing, or VNC, is a connection system that allows you to use your keyboard and mouse to interact with a graphical desktop environment on a remote server. It makes managing files, software, and settings on a remote server easier for users who are not yet comfortable with the command line.
In this guide, you’ll set up a VNC server on an Ubuntu 18.04 server and connect to it securely through an SSH tunnel. You’ll use TightVNC, a fast and lightweight remote control package. This choice will ensure that our VNC connection will be smooth and stable even on slower internet connections.
Prerequisites
To complete this tutorial, you’ll need:
- One Ubuntu 18.04 server set up by following the Ubuntu 18.04 initial server setup guide, including a sudo non-root user and a firewall.
- A local computer with a VNC client installed that supports VNC connections over SSH tunnels.
Step 1 — Installing the Desktop Environment and VNC Server
By default, an Ubuntu 18.04 server does not come with a graphical desktop environment or a VNC server installed, so we’ll begin by installing those. Specifically, we will install packages for the latest Xfce desktop environment and the TightVNC package available in the official Ubuntu repository.
On your server, update your list of packages:
Now install the Xfce desktop environment on your server:
Once that installation completes, install the TightVNC server:
To complete the VNC server’s initial configuration after installation, use the vncserver command to set up a secure password and create the initial configuration files:
You’ll be prompted to enter and verify a password to access your machine remotely:
OutputYou will require a password to access your desktops.
Password:
Verify:
The password must be between six and eight characters long. Passwords more than 8 characters will be truncated automatically.
Once you verify the password, you’ll have the option to create a a view-only password. Users who log in with the view-only password will not be able to control the VNC instance with their mouse or keyboard. This is a helpful option if you want to demonstrate something to other people using your VNC server, but this isn’t required.
The process then creates the necessary default configuration files and connection information for the server:
OutputWould you like to enter a view-only password (y/n)? n
xauth: file /home/sammy/.Xauthority does not exist
New 'X' desktop is your_hostname:1
Creating default startup script /home/sammy/.vnc/xstartup
Starting applications specified in /home/sammy/.vnc/xstartup
Log file is /home/sammy/.vnc/your_hostname:1.log
Now let’s configure the VNC server.
Step 2 — Configuring the VNC Server
The VNC server needs to know which commands to execute when it starts up. Specifically, VNC needs to know which graphical desktop it should connect to.
These commands are located in a configuration file called xstartup in the .vnc folder under your home directory. The startup script was created when you ran the vncserver in the previous step, but we’ll create our own to launch the Xfce desktop.
When VNC is first set up, it launches a default server instance on port 5901. This port is called a display port, and is referred to by VNC as :1. VNC can launch multiple instances on other display ports, like :2, :3, and so on.
Because we are going to be changing how the VNC server is configured, first stop the VNC server instance that is running on port 5901 with the following command:
The output should look like this, although you’ll see a different PID:
OutputKilling Xtightvnc process ID 17648
Before you modify the xstartup file, back up the original:
Now create a new xstartup file and open it in your text editor:
Commands in this file are executed automatically whenever you start or restart the VNC server. We need VNC to start our desktop environment if it’s not already started. Add these commands to the file:
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &
The first command in the file, xrdb $HOME/.Xresources, tells VNC’s GUI framework to read the server user’s .Xresources file. .Xresources is where a user can make changes to certain settings of the graphical desktop, like terminal colors, cursor themes, and font rendering. The second command tells the server to launch Xfce, which is where you will find all of the graphical software that you need to comfortably manage your server.
Save and close the file.
To ensure that the VNC server will be able to use this new startup file properly, we’ll need to make it executable.
Now, restart the VNC server.
You’ll see output similar to this:
OutputNew 'X' desktop is your_hostname:1
Starting applications specified in /home/sammy/.vnc/xstartup
Log file is /home/sammy/.vnc/your_hostname:1.log
With the configuration in place, let’s connect to the server from our local machine.
Step 3 — Connecting the VNC Desktop Securely
VNC itself doesn’t use secure protocols when connecting. We’ll use an SSH tunnel to connect securely to our server, and then tell our VNC client to use that tunnel rather than making a direct connection.
Create an SSH connection on your local computer that securely forwards to the localhost connection for VNC. You can do this via the terminal on Linux or macOS with the following command:
The -L switch specifies the port bindings. In this case we’re binding port 5901 of the remote connection to port 5901 on your local machine. The -C switch enables compression, while the -N switch tells ssh that we don’t want to execute a remote command. The -l switch specifies the remote login name.
Remember to replace sammy and your_server_ip with the sudo non-root username and IP address of your server.
If you are using a graphical SSH client, like PuTTY, use your_server_ip as the connection IP, and set localhost:5901 as a new forwarded port in the program’s SSH tunnel settings.
Once the tunnel is running, use a VNC client to connect to localhost:5901. You’ll be prompted to authenticate using the password you set in Step 1.
Once you are connected, you’ll see the default Xfce desktop. It should look something like this:
You can access files in your home directory with the file manager or from the command line, as seen here:
Press CTRL+C in your terminal to stop the SSH tunnel and return to your prompt. This will disconnect your VNC session as well.
Next let’s set up our VNC server as a service.
Step 4 — Running VNC as a System Service
Next, we’ll set up the VNC server as a systemd service so we can start, stop, and restart it as needed, like any other service. This will also ensure that VNC starts up when your server reboots.
First, create a new unit file called /etc/systemd/system/vncserver@.service using your favorite text editor:
The @ symbol at the end of the name will let us pass in an argument we can use in the service configuration. We’ll use this to specify the VNC display port we want to use when we manage the service.
Add the following lines to the file. Be sure to change the value of User, Group, WorkingDirectory, and the username in the value of PIDFILE to match your username:
[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target
[Service]
Type=forking
User=sammy
Group=sammy
WorkingDirectory=/home/sammy
PIDFile=/home/sammy/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :%i
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.target
The ExecStartPre command stops VNC if it’s already running. The ExecStart command starts VNC and sets the color depth to 24-bit color with a resolution of 1280x800. You can modify these startup options as well to meet your needs.
Save and close the file.
Next, make the system aware of the new unit file.
Enable the unit file.
The 1 following the @ sign signifies which display number the service should appear over, in this case the default :1 as was discussed in Step 2…
Stop the current instance of the VNC server if it’s still running.
Then start it as you would start any other systemd service.
You can verify that it started with this command:
If it started correctly, the output should look like this:
Output● vncserver@1.service - Start TightVNC server at startup
Loaded: loaded (/etc/systemd/system/vncserver@.service; indirect; vendor preset: enabled)
Active: active (running) since Mon 2018-07-09 18:13:53 UTC; 2min 14s ago
Process: 22322 ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :1 (code=exited, status=0/SUCCESS)
Process: 22316 ExecStartPre=/usr/bin/vncserver -kill :1 > /dev/null 2>&1 (code=exited, status=0/SUCCESS)
Main PID: 22330 (Xtightvnc)
...
Your VNC server will now be available when you reboot the machine.
Start your SSH tunnel again:
Then make a new connection using your VNC client software to localhost:5901 to connect to your machine.
Conclusion
You now have a secured VNC server up and running on your Ubuntu 18.04 server. Now you’ll be able to manage your files, software, and settings with an easy-to-use and familiar graphical interface, and you’ll be able to run graphical software like web browsers remotely.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
About the author(s)
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
Get our newsletter
Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.
New accounts only. By submitting your email you agree to our Privacy Policy
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
I follow the similar configuration in ubuntu 16.04 and was working fine. This time i am trying in ubuntu 18.04 and follow the steps as mentioned. Here is the error from bootup log. Would you pls if i missed any steps?
sghorai@sghorai-linux:~$ sudo systemctl status vncserver@1 [sudo] password for sghorai: ● vncserver@1.service - Start TightVNC server at startup Loaded: loaded (/etc/systemd/system/vncserver@.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Sat 2018-08-11 10:50:35 PDT; 21s ago Process: 1059 ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :1 (code=exited, status=98) Process: 1044 ExecStartPre=/usr/bin/vncserver -kill :1 > /dev/null 2>&1 (code=exited, status=0/SUCCESS)
Aug 11 10:50:35 sghorai-linux systemd[1]: Starting Start TightVNC server at startup… Aug 11 10:50:35 sghorai-linux vncserver[1044]: Killing Xtightvnc process ID 852 Aug 11 10:50:35 sghorai-linux systemd[1]: vncserver@1.service: Control process exited, code=exited status=98 Aug 11 10:50:35 sghorai-linux systemd[1]: vncserver@1.service: Failed with result ‘exit-code’. Aug 11 10:50:35 sghorai-linux systemd[1]: Failed to start Start TightVNC server at startup.
I’m getting this same issue on a play box I’m configuring to learn Laravel on. In my case, looking in syslog, it’s clear that vncserver is looking for the PID file to exist before it’ll run. If I manually create it, I can then systemctl start no problem. Just going to try making the ExecStartPre touch the PID file on my behalf.
I have a workable solution to the missing PID file now.
I also faced same situation, I have made few modifications here
The tutorial worked fine, but after connecting I’m not able to share the clipboard between my local Windows 10 Machine and the remote environment. Am I missing something? I tried both TightVNC and RealVNC Viewer. RealVNC said that VNC Server does not support file transfer. Is there an option that’s missing on the remote server to allow file transfers? Thanks.
I did some research and was able to add clipboard sharing capabilities. You first have to install autocutsel:
apt-get install autocutsel
Then you have to add to the ~/.vnc/xstartup file the following line at the end:
autocutsel -fork
Be sure to kill the vncserver and restart it after making the change to the file as explained in this tutorial.
I got error on step
Error is Permission denied (publickey). How to solve this?
Same, I get connection refused… Bad thing is I see plenty of comments but I don’t see where anyone ever answers the comments here.
You get this error because the guide forgot to mention a crucial step: the firewall needs to allow the connection on port 5901.
Note: remember to pay attention to the output of the
vncservercommand, the port number you need to configure depends on which display the X server is running on. For example, 5901 for :1, 5902 for :2, 5903 for :3, and so on…On your remote machine (i.e. guest) run this command:
On your local machine (i.e. host), an easier way to connect to your remote VNC server is to use a program called
gvncviewerrather than thessh -Lcommand as recommended by this guide.Done correctly, you will now see your Xfce4 desktop environment.
Got message: module.c failed to load. Please help to fix
arthur@universe:~$ sudo systemctl status vncserver@1 ● vncserver@1.service - Start TightVNC server at startup Loaded: loaded (/etc/systemd/system/vncserver@.service; bad; vendor preset: e Active: active (running) since Sun 2018-09-16 21:47:57 HKT; 4s ago Process: 9336 ExecStop=/usr/bin/vncserver -kill :1 (code=exited, status=2) Process: 9385 ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :1 (co Process: 9381 ExecStartPre=/usr/bin/vncserver -kill :1 > /dev/null 2>&1 (code= Main PID: 9393 (Xtightvnc) Tasks: 114 (limit: 4915) CGroup: /system.slice/system-vncserver.slice/vncserver@1.service ├─9393 Xtightvnc :1 -desktop X -auth /home/arthur/.Xauthority -geomet ├─9400 /bin/sh /etc/xdg/xfce4/xinitrc – /etc/X11/xinit/xserverrc ├─9410 xfce4-session ├─9413 /usr/bin/dbus-launch --sh-syntax --exit-with-session xfce4-ses ├─9414 /usr/bin/dbus-daemon --syslog --fork --print-pid 6 --print-add ├─9418 /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd ├─9422 /usr/bin/ssh-agent -s ├─9426 xfwm4 ├─9430 xfce4-panel ├─9432 Thunar --daemon ├─9434 xfdesktop ├─9435 xfsettingsd ├─9436 xscreensaver -no-splash ├─9437 /usr/bin/python3 /usr/share/system-config-printer/applet.py ├─9438 nm-applet ├─9446 /usr/lib/deja-dup/deja-dup-monitor ├─9447 xfce4-power-manager ├─9454 /usr/lib/at-spi2-core/at-spi-bus-launcher ├─9457 update-notifier ├─9466 /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2 ├─9467 /usr/bin/pulseaudio --start --log-target=syslog ├─9475 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session ├─9481 /usr/lib/gvfs/gvfsd ├─9495 /usr/lib/gvfs/gvfsd-fuse /home/arthur/.gvfs -f -o big_writes ├─9505 /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd ├─9509 /usr/lib/gvfs/gvfs-udisks2-volume-monitor ├─9519 /usr/lib/gvfs/gvfs-mtp-volume-monitor ├─9526 /usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd ├─9536 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor ├─9542 /usr/lib/gvfs/gvfs-afc-volume-monitor ├─9548 /usr/lib/gvfs/gvfs-goa-volume-monitor ├─9553 /usr/lib/gnome-online-accounts/goa-daemon ├─9566 /usr/lib/gnome-online-accounts/goa-identity-service ├─9572 /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0 /usr/lib/x86 ├─9575 /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0 /usr/lib/x86 ├─9577 /usr/lib/gvfs/gvfsd-trash --spawner :1.14 /org/gtk/gvfs/exec_s └─9583 /usr/lib/gvfs/gvfsd-metadata
Sep 16 21:47:57 universe goa-daemon[9553]: goa-daemon version 3.28.0 starting Sep 16 21:47:57 universe dbus-daemon[9414]: [session uid=1000 pid=9412] Activati Sep 16 21:47:57 universe dbus-daemon[9414]: [session uid=1000 pid=9412] Successf Sep 16 21:47:57 universe dbus-daemon[9414]: [session uid=1000 pid=9412] Successf Sep 16 21:47:57 universe dbus-daemon[9414]: [session uid=1000 pid=9412] Successf Sep 16 21:47:57 universe dbus-daemon[9414]: [session uid=1000 pid=9412] Successf Sep 16 21:47:57 universe dbus-daemon[9414]: [session uid=1000 pid=9412] Activati Sep 16 21:47:57 universe dbus-daemon[9414]: [session uid=1000 pid=9412] Successf Sep 16 21:47:57 universe pulseaudio[9467]: [pulseaudio] module-x11-bell.c: XkbQu Sep 16 21:47:57 universe pulseaudio[9467]: [pulseaudio] module.c: Failed to load
How do you set up a VNC connection where both sides can see the remotely conjured window. I’m thinking of a situation where you’d like to show someone how to do something on their machine, or show where something is and how something is done, or troubleshoot a problem, while they watch.
Hey @BrianHogan
Thanks for the great guide, it helped me.
I wanted to connect from all IP’s. If anyone wants to do so, the only modification is to use “vncserver -localhost no” instead of just vncserver.
This comment has been deleted
the item 3, its just for linux and mac, and Im using win10, I tried in this point and I cant connect. using realvnc
On Windows you can use plink.exe from PuTTY. I launch my VNC from a batch file thusly:
I’m stuck at item 3 on windows 10 as well. i create a vnc.bat file and copy and paste the above and edit start C:\Program Files\TightVNC\vncviewer.exe
when I run the batch file prompt Windows cannot find ‘C:\Program’, Make sure you typed the name correctly, and then try again.
then it skip the the second command try to login to droplet. after input the password, nothing happen. Hope you could share which part did I miss out… probably I don’t really understand “:: make sure Putty and plink.exe are on your PATH:” in your earlier comment. hope you could guide a little more.
I suspect you need to use:
start “C:\Program Files\TightVNC\vncviewer.exe”
with quotes
I try to do this tutorial but not found… :c Can you do help me, pls?
● vncserver@1.service - Start TightVNC server at startup Loaded: loaded (/etc/systemd/system/vncserver@.service; indirect; vendor preset: enabled) Active: active (running) since Thu 2018-10-11 17:17:52 UTC; 3s ago Process: 4407 ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :1 (code=exited, status=0/SUCCESS) Process: 4403 ExecStartPre=/usr/bin/vncserver -kill :1 > /dev/null 2>&1 (code=exited, status=2) Main PID: 4415 (Xtightvnc) Tasks: 62 (limit: 2307) CGroup: /system.slice/system-vncserver.slice/vncserver@1.service ├─4415 Xtightvnc :1 -desktop X -auth /home/natalia/.Xauthority -geometry 1280x800 -depth 24 -rfbwait 120000 -rfbauth /home/natalia/.vnc/passwd -rfbport 5901 -fp /usr/share/fonts/X11/misc/,/usr/share/fonts/X11/Type1/,/usr/share/fonts/X11/75dpi/,/usr/share/fonts/X11/100dpi/ -co /etc/X11/rgb ├─4419 /bin/sh /home/natalia/.vnc/xstartup ├─4422 /bin/sh /etc/xdg/xfce4/xinitrc – /etc/X11/xinit/xserverrc ├─4434 dbus-launch --autolaunch 527ae868784042189c6eea4e9099605f --binary-syntax --close-stderr ├─4435 /usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session ├─4454 /usr/bin/dbus-launch --exit-with-session --sh-syntax ├─4455 /usr/bin/dbus-daemon --syslog --fork --print-pid 5 --print-address 7 --session ├─4463 /usr/bin/ssh-agent x-session-manager ├─4473 xfce4-session ├─4477 /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd ├─4483 xfwm4 ├─4487 xfce4-panel ├─4489 Thunar --daemon ├─4491 xfdesktop ├─4495 xscreensaver -no-splash ├─4505 /usr/lib/x86_64-linux-gnu/xfce4/panel/migrate ├─4513 /usr/bin/pulseaudio --start --log-target=syslog ├─4516 xfce4-power-manager ├─4519 /usr/lib/at-spi2-core/at-spi-bus-launcher ├─4521 /usr/lib/gvfs/gvfsd ├─4529 /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3 ├─4535 /usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd ├─4539 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session ├─4542 /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd ├─4553 /usr/lib/gvfs/gvfs-udisks2-volume-monitor ├─4560 /usr/lib/gvfs/gvfsd-trash --spawner :1.15 /org/gtk/gvfs/exec_spaw/0 └─4571 /usr/lib/gvfs/gvfsd-metadata
oct 11 17:17:54 acer-svr org.a11y.Bus[4455]: SpiRegistry daemon is running with well-known name - org.a11y.atspi.Registry oct 11 17:17:54 acer-svr dbus-daemon[4455]: [session uid=1000 pid=4453] Successfully activated service ‘org.freedesktop.Notifications’ oct 11 17:17:55 acer-svr org.freedesktop.thumbnails.Thumbnailer1[4455]: Registered thumbailer /usr/bin/gdk-pixbuf-thumbnailer -s %s %u %o oct 11 17:17:55 acer-svr org.freedesktop.thumbnails.Thumbnailer1[4455]: Registered thumbailer /usr/bin/gdk-pixbuf-thumbnailer -s %s %u %o oct 11 17:17:55 acer-svr dbus-daemon[4455]: [session uid=1000 pid=4453] Activating service name=‘org.gtk.vfs.UDisks2VolumeMonitor’ requested by ‘:1.21’ (uid=1000 pid=4535 comm="/usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd " label=“unconfined”) oct 11 17:17:55 acer-svr dbus-daemon[4455]: [session uid=1000 pid=4453] Successfully activated service ‘org.gtk.vfs.UDisks2VolumeMonitor’ oct 11 17:17:55 acer-svr dbus-daemon[4455]: [session uid=1000 pid=4453] Successfully activated service ‘org.freedesktop.thumbnails.Thumbnailer1’ oct 11 17:17:55 acer-svr dbus-daemon[4455]: [session uid=1000 pid=4453] Activating service name=‘org.gtk.vfs.Metadata’ requested by ‘:1.8’ (uid=1000 pid=4491 comm="xfdesktop " label=“unconfined”) oct 11 17:17:55 acer-svr pkexec[4566]: natalia: Error executing command as another user: Not authorized [USER=root] [TTY=unknown] [CWD=/] [COMMAND=/usr/sbin/xfpm-power-backlight-helper --set-brightness-switch 0] oct 11 17:17:55 acer-svr dbus-daemon[4455]: [session uid=1000 pid=4453] Successfully activated service ‘org.gtk.vfs.Metadata’
I have an Odroid HC2 server running headless Ubuntu 18.04 LTS server using realVNC. I used this tutorial to add the script file to system to start the server at startup. This works fine with the exception of admin privileges in certain areas. For example, if I use putty and start the VNC server with the ‘vncserver’ command, then I use realvnc client and log into the server, click on my home Gnome folder on the desktop I can right click in the window and open as the administrator. This opens a new window that has root privileges and I can edit or delete what ever file I need. If I enable the script in putty and start the service using the command ‘sudo systemctl start vncserver@1’ I can open the server with my client, but when I try to open the gnome home folder and right click and try to select to run as administrator it does nothing. I have tried changing the group from my user name to sudo out of curiosity and it had no effect. Do you have any ideas as to why I cannot open the window as administrator?
I had a real need to be able to perform admin actions, so I went down the Ubuntu rabbit hole and discovered that polkit-gnome-authentication-agent-1 (the process that asks you for your admin password for privileged actions) does not launch when TightVNC is started as a service using the systemd file offered here. If you start it from the command line, no problem.
Here’s what worked for me as my vncserver@.service file. By executing the vncserver command wrapped in runuser, the polkit process does launch and admin actions can be performed:
I know “RemainAfterExit=yes” is frowned upon and you’re suppose to use “Type=forked”, but it’s the only thing that worked for me.