How to Install and Configure VNC on Ubuntu 20.04 [Quickstart]
How to Install and Configure VNC on Ubuntu 20.04 [Quickstart]

Tutorial

How to Install and Configure VNC on Ubuntu 20.04 [Quickstart]

UbuntuMiscellaneousApplicationsQuickstartUbuntu 20.04

Introduction

Virtual Network Computing, or VNC, is a connection system that allows you to use your keyboard and mouse to interact with a graphical desktop environment on a remote server. It makes managing files, software, and settings on a remote server easier for users who are not yet comfortable with the command line.

In this quickstart guide, you’ll set up a VNC server with TightVNC on an Ubuntu 20.04 server and connect to it securely through an SSH tunnel. Then, you’ll use a VNC client program on your local machine to interact with your server through a graphical desktop environment.

Prerequisites

To complete this tutorial, you’ll need:

  • One Ubuntu 20.04 server with a non-root administrative user and a firewall configured with UFW. To set this up, follow our initial server setup guide for Ubuntu 20.04.
  • A local computer with a VNC client installed. The VNC client you use must support connections over SSH tunnels:

Step 1 — Installing the Desktop Environment and VNC Server

After connecting to your server with SSH, update your list of packages:

  • sudo apt update

Then install Xfce along with the xfce4-goodies package, which contains a few enhancements for the desktop environment:

  • sudo apt install xfce4 xfce4-goodies

Once that installation completes, install the TightVNC server:

  • sudo apt install tightvncserver

Next, run the vncpasswd command to set a VNC access password and create the initial configuration files:

  • vncpasswd

You’ll be prompted to enter and verify a password to access your machine remotely:

Output
You will require a password to access your desktops. Password: Verify:

The password must be between six and eight characters long; passwords more than 8 characters will be truncated automatically. Once you verify the password you’ll have the option to create a view-only password, but this isn’t required.

If you ever want to change your password or add a view-only password, re-run the vncpasswd command.

Step 2 — Configuring the VNC Server

The commands that the VNC server runs at startup are located in a configuration file called xstartup in the .vnc folder under your home directory. In this step, we’ll create a custom xstartup script which will tell the VNC server to connect to the Xfce desktop.

Create a new xstartup file and open it in a text editor, such as nano:

  • nano ~/.vnc/xstartup

Add the following lines to the new file:

~/.vnc/xstartup
#!/bin/bash
xrdb $HOME/.Xresources
startxfce4 &

Following the shebang, the first command in the file, xrdb $HOME/.Xresources, tells VNC’s GUI framework to read the server user’s .Xresources file. The second command tells the server to launch Xfce.

Save and close the file after adding these lines. If you used nano, do so by pressing CTRL + X, Y, then ENTER.

Then make the file executable:

  • chmod +x ~/.vnc/xstartup

And start the VNC server with the vncserver command:

  • vncserver -localhost

This command includes the -localhost option, which binds the VNC server to your server’s loopback interface. This will cause VNC to only allow connections that originate from the server on which it’s installed.

You’ll see output similar to this:

Output
New 'X' desktop is your_hostname:1 Starting applications specified in /home/sammy/.vnc/xstartup Log file is /home/sammy/.vnc/your_hostname:1.log

Here, you can see that the command launches a default server instance on port 5901. This port is called a display port, and is referred to by VNC as :1:

Step 3 — Connecting to the VNC Desktop Securely

To securely connect to your server, you’ll establish an SSH tunnel and then tell your VNC client to connect using that tunnel rather than making a direct connection.

Create an SSH connection on your local computer that securely forwards to the localhost connection for VNC. You can do this via the terminal on Linux or macOS with the following ssh command:

  • ssh -L 59000:localhost:5901 -C -N -l sammy your_server_ip

The local port can be any port that isn’t already blocked by another program or process, though we use 59000 in this example. Also, make sure to change sammy to your Ubuntu user’s username and your_server_ip to reflect your server’s IP address.

If you are using PuTTY to connect to your server, you can create an SSH tunnel by right-clicking on the top bar of the terminal window, and then clicking the Change Settings… option:

Right-click on top bar to reveal Change Settings option

Find the Connection branch in the tree menu on the left-hand side of the PuTTY Reconfiguration window. Expand the SSH branch and click on Tunnels. On the Options controlling SSH port forwarding screen, enter 59000 as the Source Port and localhost:5901 as the Destination, like this:

Example PuTTY SSH tunnel configuration

Then click the Add button, and then the Apply button to implement the tunnel.

Once the tunnel is running, use a VNC client to connect to localhost:59000. You’ll be prompted to authenticate using the password you set in Step 1.

Once you are connected, you’ll see the default Xfce desktop. It should look something like this:

VNC connection to Ubuntu 20.04 server with the Xfce desktop environment

You can access files in your home directory with the file manager or from the command line, as seen here:

File Manager via VNC connection to Ubuntu 20.04

Press CTRL+C in your local terminal to stop the SSH tunnel and return to your prompt. This will disconnect your VNC session as well.

Step 4 — Running VNC as a System Service

By setting up the VNC server to run as a systemd service you can use systemd’s management commands start, stop, and restart the server, as well as enable it to start running whenever the server boots up.

First, create a new systemd unit file called /etc/systemd/system/vncserver@.service:

  • sudo nano /etc/systemd/system/vncserver@.service

The @ symbol at the end of the name will let us pass in an argument you can use in the service configuration. You’ll use this to specify the VNC display port you want to use when you manage the service.

Add the following lines to the file, making sure to change the value of User, Group, WorkingDirectory, and the username in the value of PIDFILE to match your username:

/etc/systemd/system/vncserver@.service
[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target

[Service]
Type=forking
User=sammy
Group=sammy
WorkingDirectory=/home/sammy

PIDFile=/home/sammy/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 -localhost :%i
ExecStop=/usr/bin/vncserver -kill :%i

[Install]
WantedBy=multi-user.target

Save and close the file.

Next, make the system aware of the new unit file:

  • sudo systemctl daemon-reload

Enable the unit file:

  • sudo systemctl enable vncserver@1.service

The 1 following the @ sign signifies which display number the service should appear over, in this case the default :1 as was discussed in Step 2.

Stop the current instance of the VNC server if it’s still running:

  • vncserver -kill :1

Then start it as you would start any other systemd service:

  • sudo systemctl start vncserver@1

You can verify that it started with this command:

  • sudo systemctl status vncserver@1

See our tutorial on How To Use Systemctl to Manage Systemd Services and Units for more information on systemctl.

To reconnect, start your SSH tunnel again:

  • ssh -L 59000:127.0.0.1:5901 -C -N -l sammy your_server_ip

Then make a new connection using your VNC client software to localhost:59000 to connect to your server.

Conclusion

You now have a secured VNC server up and running on your Ubuntu 20.04 server. Now you’ll be able to manage your files, software, and settings with a user-friendly graphical interface, and you’ll be able to run graphical software like web browsers remotely.

Creative Commons License